← Space Field

Legal

Policies, agreements, and the things you should know.

Heads-up: DRAFT — starter template. Awaiting UAE-licensed counsel review before formal effect. Provided in good faith; not legal advice.

Effective May 13, 2026

Privacy Policy

This Privacy Policy explains how Space Field ("we") collects and uses personal data when you use our Service. It is written to be compatible with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) and the EU General Data Protection Regulation (GDPR).

1. Data controller

Spacefield is the data controller for your account data. Contact privacy@spacefield.co for any privacy enquiry.

2. What we collect

  • Account data: name, email, hashed password, sign-in method, profile preferences.
  • Usage data: pages viewed, features used, AI tool interactions, share-link activity.
  • Content data: documents, contacts, listings, and any other content you submit to the Service.
  • Device data: IP address, browser, OS, locale, and rough geolocation (city level).
  • Billing data: handled by Paddle.com (our merchant-of-record); we receive only invoice metadata, not full card numbers.

3. Why we use it (legal basis)

  • Contract: to provide the Service you signed up for.
  • Legitimate interests: security, fraud prevention, product improvement, internal analytics.
  • Consent: marketing emails, analytics cookies, optional features (you can withdraw consent at any time).
  • Legal obligation: tax records, lawful disclosure requests.

4. Who we share it with

We use a small set of third-party subprocessors to operate the Service. The full current list is on the Subprocessors page. We do not sell your personal data to anyone.

5. AI providers

When you use AI features, the content you submit is transmitted to our AI providers (Anthropic, OpenAI). We instruct providers not to train their models on your content where this is supported. Provider retention windows are summarised on the Subprocessors page.

6. Where we store data

Your data is stored on Supabase infrastructure in the European Union (eu-west / eu-central regions) with daily backups. Edge functions and CDN caches are global. If you require data residency in a specific jurisdiction (UAE, KSA), contact us — we can discuss enterprise arrangements.

7. How long we keep it

Account data is retained while your account is active. After deletion, we hard-delete content within 30 days and retain only the minimum required for legal, tax, and audit purposes (typically 6 years).

8. Your rights

Under the GDPR and UAE PDPL you have the right to access, correct, delete, restrict, port, or object to processing of your personal data. Self-service tools for export and deletion are available from your account settings; for anything else, email privacy@spacefield.co. We respond within 30 days.

9. Security

We encrypt data at rest and in transit, enforce row-level security on multi-tenant tables, and log administrative actions. Our practices evolve continuously; the latest summary lives on the Trust & security page.

10. Children

The Service is not directed to children under 13. Do not register a child for the Service.

11. Changes

Material changes are notified at least 14 days before they take effect.

12. Contact

privacy@spacefield.co