SpamPluck – Privacy Policy

Last updated: 13 July 2025

Preface

This page explains how Bluengo Initiatives S.L. (“we”, “our”, “us”) collects, uses and discloses your personal data when you use the SpamPluck call-antispam service (“Service”), available through https://www.spampluck.com and all of its sub-domains.

By “Service” we mean any of the following:

  • creating or using a SpamPluck account via our website or mobile/desktop clients;
  • installing and running the SpamPluck mobile application or browser extension;
  • consulting SpamPluck’s online check-API from third-party software.

We handle personal data in accordance with the EU General Data Protection Regulation (“GDPR”) and other applicable data-protection laws.

Data Controller
Bluengo Initiatives S.L.
E-mail: hello@spampluck.com
Website: https://www.spampluck.com
Court jurisdiction: Barcelona, Spain

1. Definition of Personal Data

“Personal Data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier or one or more factors specific to that natural person’s physical, physiological, genetic, mental, economic, cultural or social identity.

2. What Personal Data We Process

We process Personal Data obtained in the course of providing our Service, including:

  • account data (e-mail address, hashed password, API key);
  • caller and callee telephone numbers checked through SpamPluck;
  • metadata supplied with the query (e.g. call time, fraud score requested, user’s SpamPluck API usage statistics);
  • billing and payment information for customers on paid plans;
  • support and communication history when you contact us.

These data are provided directly by you or—where lawful—generated automatically through your interaction with the Service.

3. Purposes and Legal Bases of Processing

Purpose Legal Basis (Art. 6 GDPR)
Provision and operation of the SpamPluck service, including API requests, fraud-score look-ups and dashboard analytics Art. 6 (1)(b)
Account management, customer support and incident investigation Art. 6 (1)(b)
Billing, accounting and compliance with legal retention duties Art. 6 (1)(c)
Security monitoring and abuse prevention Art. 6 (1)(f)
Direct marketing of SpamPluck products and features (only with prior consent) Art. 6 (1)(a)

Providing the requested Personal Data is voluntary; however, failure to supply data necessary for the Service may prevent us from fulfilling your request.

4. Data-Retention Period

We retain Personal Data only as long as required by the purposes stated above or by law (e.g. tax retention periods) and while potential legal claims are not yet time-barred.

5. Recipients of Your Personal Data

We disclose Personal Data only when necessary and lawful:

  • public authorities or courts when legally required;
  • payment processors for handling transactions;
  • auditors and tax advisers;
  • cloud-infrastructure and e-mail service providers;
  • security vendors for abuse detection.

All recipients are contractually bound to process your data only for the stated purposes.

6. Your Rights

You have the following rights under the GDPR (subject to statutory conditions):

  • Access – to know whether we process your Personal Data and to obtain a copy;
  • Rectification – to correct inaccurate or incomplete data;
  • Erasure – to delete data processed unlawfully or no longer needed;
  • Restriction – to limit processing to specific purposes;
  • Data portability – to receive the data you provided in a structured, machine-readable format;
  • Objection – to object to processing based on legitimate interests or direct marketing;
  • Complaint – to lodge a complaint with a supervisory authority in the EU.

To exercise any of these rights, contact us at hello@spampluck.com.

7. Service Usage Data

SpamPluck processes the following data each time your software queries our API or otherwise uses our Service:

  • source IP address (for rate-limiting and security);
  • API key and request timestamp;
  • caller and callee numbers supplied for spam check;
  • resulting fraud/spam score and query outcome;
  • user-agent string (for client compatibility statistics).

Logs are stored in encrypted form and rotated after 90 days, unless longer retention is necessary to investigate abuse or comply with legal obligations.

8. Cookies on spampluck.com

Our website uses cookies—small text files stored on your device—to enhance user experience. Cookies may store, for example, your login session, language preference or anonymised site analytics (e.g. pages viewed). You can accept or refuse cookies in your browser settings; refusing may limit certain website functions.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the revised version and—where legally required—seek your consent to material changes. The “Last updated” date at the top indicates when the latest revisions took effect.

10. Contact

For any questions regarding this Privacy Policy or our data-protection practices, please e-mail hello@spampluck.com.