Privacy Policy

Last updated: May 6, 2026

1. Introduction

SPOT369 LLC ("SPOT369", "we", "us") operates spot369.com and its products including LiThoughts (lithoughts.com). This policy explains what data we collect, how we use it, and your rights.

By using our website or products, you agree to this policy.

2. Information We Collect

2a. Website (spot369.com)

  • Contact form submissions: name, email, subject, and message
  • Basic analytics data: pages visited, browser type, device information
  • Cookies and tracking technologies: our website uses Google Tag Manager and Google Analytics to collect aggregated, anonymized usage statistics. These tools may set cookies on your browser to recognize returning visitors, measure traffic sources, and understand how the site is used. We do not use these cookies to identify you personally or to build advertising profiles.

You can disable cookies in your browser settings or use browser-level Do Not Track signals. Disabling cookies will not affect your ability to use the site.

2b. LiThoughts Product

When you connect your LinkedIn account via OAuth 2.0, we access the following:

  • Profile information: name, headline, profile picture, LinkedIn member ID
  • Email address (via OAuth scope)
  • Publishing: ability to create posts on your behalf (text, images, documents/carousels)
  • Engagement: reactions and comments on your own published posts
  • Comments and reactions: ability to post comments, replies, and reactions on your behalf

We do NOT access:

  • Your connections list
  • Your private messages
  • Other people's posts or profiles
  • LinkedIn analytics (pending separate approval)

All LinkedIn data is accessed exclusively through LinkedIn's official REST API (api.linkedin.com) using OAuth 2.0 authentication. We do not use scraping, browser extensions, or any third-party tools to access LinkedIn data.

Approved OAuth scopes: openid, profile, email, w_member_social

2c. Resume Data

LiThoughts allows users to upload resumes (PDF or DOCX format) to enhance their voice profile. When a resume is uploaded:

  • The resume content is processed locally in the browser to extract professional information such as job titles, skills, and experience.
  • Extracted data is sent to Google Gemini for structured analysis and is used to supplement the user's voice profile.
  • The original resume file is not stored on our servers. Only the extracted professional information is saved to the user's voice profile.
  • Resume data is additive only and does not replace any information the user has manually entered in their voice profile.
  • Resume-derived data is deleted when the user deletes their account.

3. How We Store Your Data

  • LinkedIn OAuth access tokens, LinkedIn person ID, headline, and profile picture URL are stored securely
  • Published post URNs and engagement data (reaction counts, comment text, author names) are stored
  • All data is stored in Supabase PostgreSQL with Row-Level Security (RLS) enabled
  • Access tokens are never exposed client-side or in application logs
  • Data is retained while your account is active

4. AI Processing

LiThoughts uses Anthropic Claude and Google Gemini to generate and refine post content. Post content (your text input and drafts) is sent to these AI providers for processing.

Your LinkedIn profile data (name, headline, profile picture, member ID) is NOT sent to AI services. These AI providers process content according to their respective data usage policies.

5. Data Sharing

  • We do NOT sell your data to anyone
  • We do NOT share your data with advertisers
  • We do NOT share your data with any third parties for their own purposes
  • Data only flows between LiThoughts servers and LinkedIn's official API
  • Supabase (our database provider) hosts the data under a Data Processing Agreement (DPA)
  • Google Gemini receives post content for AI generation only, not your LinkedIn profile data

6. Data Retention and Deletion

  • Your data is retained while your LiThoughts account is active
  • When you disconnect your LinkedIn account: OAuth tokens are deleted immediately
  • When you delete your LiThoughts account: all associated data is permanently deleted within 30 days via automated process
  • Contact form submissions on spot369.com are retained for business correspondence purposes

7. Data Security

  • Row-Level Security (RLS) on all database tables
  • OAuth tokens stored server-side only, never exposed to client
  • Encrypted connections (HTTPS) for all data transfer
  • Regular security review of data access patterns

8. Your Rights

  • You can disconnect your LinkedIn account at any time from within LiThoughts
  • You can request deletion of all your data by contacting legal@spot369.com
  • You can request a copy of the data we hold about you
  • Account deletion triggers complete data removal within 30 days

9. Children's Privacy

Our services are not directed to anyone under 18. We do not knowingly collect data from minors.

10. Payment and Billing Data

When you subscribe to a paid plan for any SPOT369 product, we collect and process payment-related information through our third-party payment processor. We do not store your full credit card number, CVV, or other sensitive payment details on our servers.

What We Collect

  • Billing name and email address
  • Subscription plan and billing cycle (monthly or annual)
  • Transaction history: dates, amounts, and status of payments
  • Subscription status: active, canceled, expired, or past due
  • Payment processor reference IDs (for support and reconciliation)

Payment Processor

Payments are processed by our third-party payment processor, which is PCI DSS certified. When you make a payment, you interact directly with the processor's secure checkout environment. The processor's handling of your payment data is governed by their own privacy policy. Specific processor details will be confirmed when paid plans launch and disclosed at checkout.

How We Use Billing Data

  • To process your subscription payments and manage your plan
  • To send billing-related communications (receipts, renewal notices, payment failures)
  • To enforce service tier limits based on your subscription status
  • To handle refund requests and billing disputes

Billing Data Retention

We retain billing and transaction records for as long as your account is active and for a minimum of 7 years after account closure for tax, legal, and regulatory compliance purposes. Subscription status data is deleted within 30 days of account deletion, but anonymized transaction records may be retained for financial reporting.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You may request details about the personal information we collect, use, and disclose.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out: We do not sell your personal information. If this changes, we will provide an opt-out mechanism.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, contact us at legal@spot369.com. We will respond within 45 days.

12. International Users and GDPR Rights

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with similar data protection laws, you have additional rights under the General Data Protection Regulation (GDPR) and equivalent regulations.

  • Right to Access: You may request confirmation of whether we process your personal data and request a copy of that data.
  • Right to Rectification: You may request correction of inaccurate or incomplete personal data.
  • Right to Erasure: You may request deletion of your personal data, subject to certain legal exceptions.
  • Right to Restriction: You may request that we limit the processing of your personal data in specific circumstances.
  • Right to Data Portability: You may request a copy of your personal data in a structured, commonly used, machine-readable format.
  • Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where we rely on your consent, you may withdraw it at any time without affecting prior lawful processing.
  • Right to Lodge a Complaint: You may file a complaint with your local data protection authority.

Legal Basis for Processing: We process your personal data based on (a) your consent, (b) the necessity of performing our contract with you, (c) compliance with legal obligations, or (d) our legitimate interests in operating and improving our services.

International Data Transfers: Your data may be processed in the United States, where our servers and primary service providers are located. We rely on standard contractual clauses and other approved transfer mechanisms to protect your data when transferred internationally.

To exercise any of these rights, contact us at legal@spot369.com. We will respond within 30 days.

13. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of our services constitutes acceptance of changes.

14. Contact

Company: SPOT369 LLC

Business Address: 30 N Gould St Ste R, Sheridan, WY 82801

Phone: +1 (307) 292-2987

Email: legal@spot369.com

Website: spot369.com