Privacy Policy
Last updated: April 27, 2026
1. Who We Are
SPOT Maintenance ("we", "us", "our") is a cloud-based equipment maintenance tracking service operated by Applied Autonetics Inc., a United States company.
References to "you" or "your" mean the individual user or the organisation that has subscribed to the service.
For the purposes of data protection law, Applied Autonetics Inc. is the data controller of personal information collected through the service. If you have questions about this policy or wish to exercise your rights, contact us at privacy@spotmaintenance.com.
2. What Data We Collect
Account and user data
- Name, email address, and password (stored as a secure hash using a strong one-way key derivation function — we never store plaintext passwords)
- Company name and address (provided during account setup)
- User role within your organisation (Admin, User, or Viewer)
- Mobile phone number (optional — only if you choose SMS-based verification)
- Date and time your account was created and when you accepted our Terms of Service
Usage and security data
- IP address and timestamp at each login
- Audit log of actions taken within the application (adding/editing/deleting equipment and service records)
- System messages and error logs generated by your account's activity
Equipment and maintenance data
- Equipment details you enter (names, serial numbers, photos, locations, service dates)
- Service records, documents, and notes you upload or create
- Service contracts, scheduled services, and maintenance programs you configure
Communication data
- Email addresses entered for service-due or contract-expiry notifications
- Log records of emails and SMS messages sent on your behalf (delivery status only — not message content beyond what you entered)
Payment data
Payment processing is handled entirely by Stripe. We do not store your credit card number, CVV, or full card details on our servers. We retain a Stripe customer ID, subscription status, and invoice history for billing management.
3. How We Use Your Data
- Providing the service — to operate your account, display your equipment and maintenance records, send notification emails, and generate reports
- Security — to verify your identity during sign-in (multi-factor authentication), detect unusual access, and protect your account
- Billing — to manage your subscription plan, process payments via Stripe, and send invoices
- Support — to respond to issue reports you submit through the application
- Legal compliance — to maintain records we are legally required to keep and respond to lawful requests from authorities
We do not sell, rent, or share your personal data with third parties for marketing purposes. We do not use your data for advertising.
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:
- Contract — processing necessary to deliver the service you have subscribed to
- Legitimate interests — security logging, fraud prevention, and service improvement
- Legal obligation — retaining records required by applicable law
- Consent — for optional features such as SMS notifications (you may withdraw consent at any time)
5. How Long We Keep Your Data
| Data type | Retention period |
|---|---|
| Account and user profile | For the duration of your subscription, plus 90 days after cancellation |
| Equipment and maintenance records | For the duration of your subscription, plus 90 days after cancellation |
| Audit logs and login history | 12 months rolling |
| Email and SMS send logs | 90 days rolling |
| Billing records (invoices) | 7 years (legal requirement) |
| Backups | Up to 30 days after account deletion |
After your account is permanently deleted, your personal data is removed from our systems in accordance with the retention periods above. Deletion processes are enforced through automated system routines. Anonymised or aggregated data (which cannot identify you) may be retained for service analytics.
6. Who We Share Your Data With
We share data only with service providers who help us operate the platform, and only to the extent necessary:
- Stripe — payment processing (privacy policy)
- SendGrid / Microsoft (Azure / Graph API) — transactional email delivery
- Twilio — SMS delivery for verification codes (only if you enable SMS verification)
- DigitalOcean — cloud infrastructure and file storage
All sub-processors are contractually bound to process data only as instructed and to maintain appropriate security standards.
7. International Data Transfers
Our servers are hosted in data centres within the United States. If you access the service from outside the US, your data is transferred to and processed in the US. Where required, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you
- Correction — request that inaccurate data be corrected
- Erasure — request deletion of your personal data ("right to be forgotten")
- Restriction — request that we limit processing of your data in certain circumstances
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interests
- Withdraw consent — where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, email privacy@spotmaintenance.com. We will respond within 30 days.
California residents (CCPA): You have the right to know what personal information is collected, to request deletion, and to opt out of the sale of personal information. We do not sell personal information.
9. Security
We implement industry-standard security measures including:
- All data in transit is encrypted using TLS (HTTPS)
- Passwords are stored using a strong one-way key derivation function (scrypt)
- Multi-factor authentication is required for all user accounts
- Session cookies are marked Secure, HttpOnly, and SameSite=Lax
- Access to production systems is restricted to authorised personnel
No method of transmission over the Internet is 100% secure. In the event of a data breach affecting your rights, we will notify you as required by applicable law.
10. Cookies
We use cookies solely to operate the service — there are no advertising or third-party tracking cookies. See our Cookie Policy for full details.
11. Children's Privacy
SPOT Maintenance is a business-to-business service not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by emailing the account administrator or displaying a notice in the application at least 14 days before the change takes effect. Continued use of the service after that date constitutes acceptance of the updated policy.
13. Contact Us
- Email: privacy@spotmaintenance.com