Spoolbook

Legal

Privacy Policy

Last Updated: 9 June 2026

1. Introduction

Welcome to Spoolbook.

Spoolbook ("Spoolbook", "we", "our", or "us") is a diary-first work operating system that helps users capture information, organise work, track actions, manage follow-ups, and generate insights from notes and records.

This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you access or use:

  • The Spoolbook website;
  • The Spoolbook web application;
  • Mobile applications (if applicable);
  • APIs and integrations;
  • Any related services (collectively, the "Services").

Please read this Privacy Policy carefully.

If you do not agree with this Privacy Policy, you should not use the Services.

2. Data Controller

For the purposes of applicable data protection laws, including the UK GDPR and EU GDPR, the data controller is:

Spoolbook

Email: hello@cloud7.uk

Where Spoolbook provides services to organisations, Spoolbook may act as either:

  • A Data Controller for account and service administration data; and/or
  • A Data Processor acting on behalf of a customer organisation for workspace content and business records.

3. Information We Collect

3.1 Information You Provide

We may collect:

Account Information

  • Name
  • Email address
  • Username
  • Password (stored only in hashed form)
  • Organisation name
  • Billing information

User Content

Information you create or upload, including:

  • Diary entries
  • Notes
  • Documents
  • Attachments
  • Comments
  • Tags
  • Tasks
  • Follow-ups
  • Meeting records
  • Messages
  • Workspace content

Communications

Information you provide when:

  • Contacting support
  • Participating in surveys
  • Providing feedback
  • Reporting issues

3.2 Automatically Collected Information

When you use the Services we may collect:

Device Information

  • Browser type
  • Operating system
  • Device identifiers
  • Screen resolution
  • Language settings

Usage Information

  • Login activity
  • Feature usage
  • Clickstream activity
  • Session duration
  • Pages visited
  • Search activity

Log Information

  • IP address
  • Access timestamps
  • Error logs
  • Security events
  • Diagnostic information

3.3 Cookies and Similar Technologies

We use cookies and similar technologies to:

  • Authenticate users
  • Maintain sessions
  • Remember preferences
  • Measure service performance
  • Improve user experience
  • Protect against fraud and abuse

Where required by law, we will obtain consent before placing non-essential cookies.

You can manage cookie preferences through your browser settings.

4. How We Use Information

We process personal information to:

Provide the Services

Including:

  • Creating accounts
  • Managing workspaces
  • Storing content
  • Synchronising data
  • Generating tasks and reminders

Operate AI Features

Where enabled, Spoolbook may analyse content using automated systems to:

  • Identify actions
  • Generate summaries
  • Detect follow-ups
  • Organise information
  • Improve workflow management

Security

To:

  • Detect abuse
  • Prevent fraud
  • Monitor misuse
  • Protect system integrity

Customer Support

To:

  • Respond to enquiries
  • Troubleshoot issues
  • Resolve service problems

Service Improvement

To:

  • Improve features
  • Analyse performance
  • Enhance reliability
  • Develop new functionality

Legal Compliance

To:

  • Comply with legal obligations
  • Respond to lawful requests
  • Enforce our agreements
  • Protect our rights

5. Legal Bases for Processing

Where GDPR applies, we process personal information under one or more of the following legal bases:

Contract

Processing necessary to provide the Services you request.

Legitimate Interests

Including:

  • Operating and improving the Services
  • Ensuring security
  • Preventing fraud
  • Supporting customers

Consent

Where required by law, including:

  • Certain cookies
  • Marketing communications

Legal Obligation

Where processing is necessary to comply with legal requirements.

6. AI Processing and Model Training

Spoolbook uses automated technologies, including artificial intelligence and machine learning, to provide certain features.

AI-Assisted Processing

Content may be analysed to:

  • Extract actions
  • Detect deadlines
  • Generate reminders
  • Produce summaries
  • Organise information

No Training on Customer Content

Spoolbook does not use customer content, diary entries, notes, documents, attachments, or workspace data to train public or third-party foundation AI models without explicit customer consent.

Where third-party AI providers are used, we will take reasonable steps to ensure customer content is processed solely for the purpose of delivering requested functionality.

7. Sharing Information

We do not sell personal information.

We may share information with:

Service Providers

Including providers of:

  • Cloud hosting
  • Authentication
  • Monitoring
  • Analytics
  • Customer support
  • Payment processing
  • Email delivery
  • Artificial intelligence services

All providers are required to process information under appropriate contractual protections.

Workspace Members

Information you choose to share within a workspace may be visible to authorised workspace members.

Workspace administrators may have access to content and activity within workspaces they manage.

Legal Requirements

We may disclose information where required to:

  • Comply with law
  • Respond to court orders
  • Protect rights
  • Investigate fraud
  • Prevent harm

Business Transactions

If Spoolbook is involved in a merger, acquisition, restructuring, financing, or sale of assets, information may be transferred as part of that transaction.

8. International Data Transfers

Your information may be processed in countries outside your country of residence.

Where required by law, we implement appropriate safeguards, including:

  • UK International Data Transfer Agreements;
  • EU Standard Contractual Clauses;
  • Adequacy decisions;
  • Equivalent legal mechanisms.

9. Data Retention

We retain information only as long as necessary for the purposes described in this Privacy Policy.

Retention periods may vary depending on:

  • Service requirements;
  • Customer instructions;
  • Legal obligations;
  • Security needs;
  • Dispute resolution requirements.

Deleted content may remain in backups for a limited period before permanent removal.

10. Security

We implement reasonable technical and organisational measures designed to protect information, including:

  • Encryption in transit
  • Encryption at rest where appropriate
  • Access controls
  • Authentication mechanisms
  • Security monitoring
  • Backup and recovery processes

No method of storage or transmission is completely secure, and we cannot guarantee absolute security.

11. Your Rights

Depending on your location, you may have rights to:

Access

Request a copy of personal information we hold about you.

Rectification

Request correction of inaccurate information.

Erasure

Request deletion of personal information.

Restriction

Request restriction of processing.

Objection

Object to certain processing activities.

Portability

Request transfer of information to another provider.

Withdraw Consent

Where processing is based on consent.

Complaint

Lodge a complaint with a supervisory authority.

For UK residents, complaints may be submitted to:

Information Commissioner's Office

12. Children's Privacy

The Services are not intended for children under sixteen (16) years of age.

We do not knowingly collect personal information from children under the applicable minimum age.

If we become aware that such information has been collected, we will take reasonable steps to delete it.

13. Marketing Communications

Where permitted by law, we may send service-related announcements and product updates.

You may unsubscribe from marketing communications at any time using the unsubscribe mechanism provided in those communications.

Certain operational communications cannot be opted out of because they are necessary for providing the Services.

14. Third-Party Services

The Services may contain links to third-party websites, applications, or services.

We are not responsible for the privacy practices of third parties.

We encourage you to review their privacy policies separately.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

Where changes are material, we will provide notice through the Services, by email, or by other appropriate means.

The "Last Updated" date at the top of this Privacy Policy indicates when changes were last made.

16. Contact Us

If you have questions regarding this Privacy Policy or wish to exercise your privacy rights, please contact:

Spoolbook

Email: hello@cloud7.uk

Privacy Requests: hello@cloud7.uk

Data Protection Enquiries: hello@cloud7.uk

Back to request access