1 Overview & Who We Are
Spoink ("we," "us," "our") operates a cloud-based event management and volunteer coordination platform for school parent organizations. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our website (spoink.com) and platform (collectively, the "Service").
By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.
For questions about this policy, contact us at privacy@spoink.com.
✓ We collect only what we need to provide the Service.
✓ We do not sell your personal data to anyone, ever.
✓ We do not collect or store student data of any kind.
✓ We use trusted third-party providers who are contractually bound to protect your data.
✓ You can request deletion of your data at any time.
2 Information We Collect
2.1 Information You Provide Directly
When you register, use the Service, or communicate with us, we collect:
| Category | Examples | Why We Collect It |
|---|---|---|
| Account Information | Name, email address, phone number, password (hashed) | To create and manage your account |
| School Information | School name, type, city, state, grade levels served, school website | To configure your workspace |
| Role Information | Your position (Parent Teacher Association Chair, Treasurer, etc.) | To personalize your experience |
| Event & Volunteer Data | Event names, dates, volunteer shift names, volunteer sign-up responses (adults only), budget entries, vendor contacts, expense records | To provide the core Service features |
| Payment Information | Billing name, last 4 digits of card (via Stripe — we never see or store full card numbers) | To process subscription payments |
| Communications | Emails or messages you send to our support team | To respond to your inquiries |
2.2 Information Collected Automatically
When you use the Service, we automatically collect certain technical information:
- Log Data: IP address, browser type, operating system, pages visited, time and date of access, referring URL
- Device Information: Device type, screen resolution, language settings
- Usage Data: Features used, actions taken within the platform, session duration
- Cookies and Similar Technologies: See Section 10 for details
This information is collected to operate the Service, ensure security, diagnose technical issues, and improve our product.
2.3 Information We Do Not Collect
✗ Student names, photos, IDs, or any other student personally identifiable information
✗ Student education records, grades, or attendance data
✗ Student health, behavioral, or disciplinary information
✗ Social Security numbers or government-issued ID numbers
✗ Financial account numbers (credit card processing handled entirely by Stripe)
✗ Biometric data of any kind
3 No Student Data — Our Core Commitment
Spoink is built exclusively for adult parent volunteers and school staff who manage events. The platform is not a student information system, a learning management system, or a school record system. We have designed our product specifically to avoid the collection of any information about students.
3.1 What This Means for FERPA
The Family Educational Rights and Privacy Act (FERPA) protects the privacy of student education records. Because Spoink does not receive, store, or process student education records of any kind, FERPA's requirements for "school officials" or "third-party operators" with access to student records do not apply to Spoink's operation.
3.2 Your Responsibility
You agree not to input any student personally identifiable information into the Service. Volunteer sign-up forms are intended for adult volunteers only. Event sign-up forms are intended for adult participants. If you inadvertently submit student data, please contact us immediately at privacy@spoink.com and we will delete it promptly.
3.3 SOC 2 & ISO 27001
Spoink is currently not SOC 2 Type II certified or ISO 27001 certified. We implement commercially reasonable security practices appropriate for the nature and sensitivity of the data we handle — which is limited to adult contact information and organizational event data, not sensitive student records or protected health information. We believe our current security posture is appropriate for our risk profile and the type of data we process.
If your school organization has specific vendor compliance requirements, please contact us at privacy@spoink.com before subscribing to ensure our Service meets your needs.
4 How We Use Your Information
We use the information we collect for the following purposes:
- Providing the Service: Operating, maintaining, and delivering all features of the platform
- Account Management: Creating and managing your account, authenticating logins, and managing your subscription
- Billing: Processing subscription payments, issuing receipts, and managing billing disputes
- Customer Support: Responding to your questions, troubleshooting issues, and providing technical assistance
- Communications: Sending service-related emails (account confirmations, password resets, billing notices, feature updates). We will only send marketing emails if you have opted in, and you may unsubscribe at any time.
- Safety & Security: Detecting and preventing fraud, abuse, or unauthorized access to the Service
- Legal Compliance: Meeting our legal obligations, enforcing our Terms of Service, and resolving disputes
- Product Improvement: Analyzing aggregated, anonymized usage patterns to improve the Service. We do not make individual-level decisions based on automated profiling.
We will not use your information for any purpose materially different from those listed above without first obtaining your consent or providing advance notice.
6 Third-Party Services We Use
We rely on the following categories of third-party providers to operate the Service. Each is bound by its own privacy policy and, where applicable, by a data processing agreement with us.
| Provider / Category | Purpose | Data Shared |
|---|---|---|
| Stripe (Payment Processing) | Securely processing subscription payments and managing billing | Name, email, billing address. Full card details go directly to Stripe — we never see or store them. |
| Cloud Hosting Provider | Hosting the platform and storing data | All platform data, stored on servers in the United States |
| Email Service Provider | Sending transactional and marketing emails | Name, email address |
| Analytics | Understanding how users interact with the Service to improve it | Anonymized/aggregated usage data only — no personally identifiable information |
| Customer Support Tools | Managing support tickets and communications | Name, email, support messages |
We do not use your data for advertising networks, data brokers, or behavioral targeting services.
7 Data Security
We take the security of your information seriously. We implement commercially reasonable administrative, technical, and physical safeguards, including:
- Encryption of data in transit using TLS (HTTPS)
- Encryption of data at rest
- Hashed (not stored in plain text) passwords
- Access controls limiting who within our team can access user data
- Regular review of our security practices
As noted in Section 3.3, Spoink is not SOC 2 or ISO 27001 certified. Our security practices are calibrated to the nature of the data we hold — adult contact information and organizational event data — and do not include the controls typically required for systems holding sensitive student records, financial account data, or protected health information.
In the event of a data breach that affects your personal information, we will notify affected users as required by applicable law.
8 Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service. When you close your account:
- We retain your data for 60 days following account closure, during which you may request a full export of your organization's data.
- After 60 days, your data is permanently deleted from our production systems.
- Backup copies may persist for up to 90 days before being overwritten.
- We may retain certain records (billing history, transaction logs) for up to 7 years as required by applicable tax and accounting laws.
- We may retain anonymized, aggregated data (which cannot identify you or your organization) indefinitely for product analytics.
To request early deletion of your data, contact privacy@spoink.com.
9 Your Rights & Choices
Depending on your location, you may have certain rights regarding your personal information. Regardless of where you are located, we honor the following rights for all users:
9.1 Access
You may request a copy of the personal information we hold about you by contacting privacy@spoink.com. We will respond within 30 days.
9.2 Correction
You may update most of your account information directly within your account settings. For other corrections, contact privacy@spoink.com.
9.3 Deletion
You may request deletion of your personal information by closing your account or contacting privacy@spoink.com. We will delete your data within 60 days of your request, subject to any legal retention obligations.
9.4 Data Portability
You may request an export of your organization's data in a machine-readable format (CSV) by contacting support@spoink.com. Exports are available for up to 60 days after account closure.
9.5 Marketing Communications
You may opt out of marketing emails at any time by clicking "Unsubscribe" in any marketing email or by contacting privacy@spoink.com. You cannot opt out of service-related communications (billing receipts, security alerts, etc.) while your account is active.
9.6 Do Not Sell / Do Not Share
We do not sell or share your personal information for cross-context behavioral advertising. There is nothing to opt out of on this point — we simply don't do it.
10 Cookies & Tracking
We use cookies and similar technologies to operate and improve the Service.
| Type | Purpose | Can You Opt Out? |
|---|---|---|
| Essential Cookies | Keeping you logged in, maintaining session state, security tokens | No — required for the Service to function |
| Functional Cookies | Remembering your preferences (e.g. selected school, UI state) | No — required for a good user experience |
| Analytics Cookies | Understanding how the Service is used to improve it (anonymized) | Yes — contact us or use your browser settings |
We do not use advertising or tracking cookies. We do not allow third-party advertising networks to place cookies on your device through our Service.
You can control cookies through your browser settings. Disabling essential cookies will prevent the Service from functioning correctly.
11 Children's Privacy (COPPA)
Spoink is directed exclusively at adults (18 years of age and older). We do not knowingly collect personal information from children under the age of 13, consistent with the requirements of the Children's Online Privacy Protection Act (COPPA).
Our platform is designed for parent volunteers and school staff. Volunteer and event sign-up forms facilitated through Spoink are intended for adults. Users are prohibited from inputting personally identifiable information of minors into the Service.
If we become aware that we have inadvertently collected personal information from a child under 13, we will take immediate steps to delete that information. If you believe we have received such information, please contact privacy@spoink.com immediately.
12 California Residents (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights regarding your personal information.
12.1 Categories of Personal Information Collected
In the past 12 months, we have collected the following categories of personal information (as defined by the CCPA): Identifiers (name, email, phone number, IP address); Commercial information (subscription and billing records); Internet or other electronic network activity information (log data, usage data). We do not collect sensitive personal information as defined under the CPRA (e.g., government IDs, financial account numbers, precise geolocation, race/ethnicity, health data).
12.2 Your California Rights
California residents have the right to: (a) know what personal information we collect, use, disclose, and sell; (b) delete personal information we hold about you; (c) correct inaccurate personal information; (d) opt out of the sale or sharing of personal information (we do not sell or share your personal information); (e) limit the use of sensitive personal information (we do not collect sensitive personal information); and (f) non-discrimination for exercising your rights.
12.3 How to Submit a Request
To submit a verifiable consumer request, contact us at privacy@spoink.com with the subject line "California Privacy Request." We will respond within 45 days as required by law.
13 Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page;
- Notify registered users by email at least 14 days before the changes take effect; and
- Where required by law, obtain your consent before applying changes that materially expand our use of your personal information.
We encourage you to review this Policy periodically. Your continued use of the Service after any changes take effect constitutes your acceptance of the updated Policy.
14 Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
We aim to respond to all privacy-related inquiries within 5 business days.