Privacy Policy

Last updated: March 30, 2026

1. Introduction

SPOT369 LLC ("SPOT369", "we", "us") operates spot369.com and its products including LiThoughts (lithoughts.com). This policy explains what data we collect, how we use it, and your rights.

By using our website or products, you agree to this policy.

2. Information We Collect

2a. Website (spot369.com)

  • Contact form submissions: name, email, subject, and message
  • Basic analytics data: pages visited, browser type, device information

We do not currently use cookies for tracking purposes. No third-party analytics tools are in use at this time.

2b. LiThoughts Product

When you connect your LinkedIn account via OAuth 2.0, we access the following:

  • Profile information: name, headline, profile picture, LinkedIn member ID
  • Email address (via OAuth scope)
  • Publishing: ability to create posts on your behalf (text, images, documents/carousels)
  • Engagement: reactions and comments on your own published posts
  • Comments and reactions: ability to post comments, replies, and reactions on your behalf

We do NOT access:

  • Your connections list
  • Your private messages
  • Other people's posts or profiles
  • LinkedIn analytics (pending separate approval)

All LinkedIn data is accessed exclusively through LinkedIn's official REST API (api.linkedin.com) using OAuth 2.0 authentication. We do not use scraping, browser extensions, or any third-party tools to access LinkedIn data.

Approved OAuth scopes: openid, profile, email, w_member_social

2c. Resume Data

LiThoughts allows users to upload resumes (PDF or DOCX format) to enhance their voice profile. When a resume is uploaded:

  • The resume content is processed locally in the browser to extract professional information such as job titles, skills, and experience.
  • Extracted data is sent to Google Gemini for structured analysis and is used to supplement the user's voice profile.
  • The original resume file is not stored on our servers. Only the extracted professional information is saved to the user's voice profile.
  • Resume data is additive only and does not replace any information the user has manually entered in their voice profile.
  • Resume-derived data is deleted when the user deletes their account.

3. How We Store Your Data

  • LinkedIn OAuth access tokens, LinkedIn person ID, headline, and profile picture URL are stored securely
  • Published post URNs and engagement data (reaction counts, comment text, author names) are stored
  • All data is stored in Supabase PostgreSQL with Row-Level Security (RLS) enabled
  • Access tokens are never exposed client-side or in application logs
  • Data is retained while your account is active

4. AI Processing

LiThoughts uses Anthropic Claude and Google Gemini to generate and refine post content. Post content (your text input and drafts) is sent to these AI providers for processing.

Your LinkedIn profile data (name, headline, profile picture, member ID) is NOT sent to AI services. These AI providers process content according to their respective data usage policies.

5. Data Sharing

  • We do NOT sell your data to anyone
  • We do NOT share your data with advertisers
  • We do NOT share your data with any third parties for their own purposes
  • Data only flows between LiThoughts servers and LinkedIn's official API
  • Supabase (our database provider) hosts the data under a Data Processing Agreement (DPA)
  • Google Gemini receives post content for AI generation only - not your LinkedIn profile data

6. Data Retention and Deletion

  • Your data is retained while your LiThoughts account is active
  • When you disconnect your LinkedIn account: OAuth tokens are deleted immediately
  • When you delete your LiThoughts account: all associated data is permanently deleted within 30 days via automated process
  • Contact form submissions on spot369.com are retained for business correspondence purposes

7. Data Security

  • Row-Level Security (RLS) on all database tables
  • OAuth tokens stored server-side only, never exposed to client
  • Encrypted connections (HTTPS) for all data transfer
  • Regular security review of data access patterns

8. Your Rights

  • You can disconnect your LinkedIn account at any time from within LiThoughts
  • You can request deletion of all your data by contacting legal@spot369.com
  • You can request a copy of the data we hold about you
  • Account deletion triggers complete data removal within 30 days

9. Children's Privacy

Our services are not directed to anyone under 18. We do not knowingly collect data from minors.

10. Payment and Billing Data

When you subscribe to a paid plan for any SPOT369 product, we collect and process payment-related information through our third-party payment processor. We do not store your full credit card number, CVV, or other sensitive payment details on our servers.

What We Collect

  • Billing name and email address
  • Subscription plan and billing cycle (monthly or annual)
  • Transaction history: dates, amounts, and status of payments
  • Subscription status: active, canceled, expired, or past due
  • Payment processor reference IDs (for support and reconciliation)

Payment Processor

Payments are processed by 2Checkout (Verifone), a PCI DSS Level 1 certified payment processor. When you make a payment, you interact directly with 2Checkout's secure checkout environment. 2Checkout's handling of your payment data is governed by their own privacy policy, available at 2checkout.com/legal/privacy.

How We Use Billing Data

  • To process your subscription payments and manage your plan
  • To send billing-related communications (receipts, renewal notices, payment failures)
  • To enforce service tier limits based on your subscription status
  • To handle refund requests and billing disputes

Billing Data Retention

We retain billing and transaction records for as long as your account is active and for a minimum of 7 years after account closure for tax, legal, and regulatory compliance purposes. Subscription status data is deleted within 30 days of account deletion, but anonymized transaction records may be retained for financial reporting.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You may request details about the personal information we collect, use, and disclose.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out: We do not sell your personal information. If this changes, we will provide an opt-out mechanism.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, contact us at legal@spot369.com. We will respond within 45 days.

12. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of our services constitutes acceptance of changes.

13. Contact

Company: SPOT369 LLC

Business Address: 30 N Gould St Ste R, Sheridan, WY 82801

Phone: +1 (307) 292-2987

Email: legal@spot369.com

Website: spot369.com