Legal
Privacy Policy
Last updated: [DATE]
Spook ("Spook", "we", "us") helps you find winnable search queries and publish content for your website. This policy explains what data we collect, why, and how you can control it — including data from Google services.
Data we collect
Account data.When you sign up, we collect your email address and, if you use "Continue with Google", the basic profile information (name, email, avatar) Google provides for sign-in.
Site data you provide. Domain, business description, brand voice, competitor domains, sitemap URL, and publishing/CMS credentials for the sites you connect.
Google Search Console data. If you connect Google Search Console, we access, via OAuth, your search performance data (queries, clicks, impressions, and average position) for the properties you authorize, so we can recommend better content opportunities and avoid suggesting keywords you already rank for. With your authorization we may also submit your sitemap to Search Console after you publish an article, to speed up indexing.
Usage data. Basic product-usage information (pages visited, actions taken) to operate and improve the service.
How we use your data
- To operate your account and the sites you connect.
- To research keyword opportunities and generate article drafts for your review.
- To publish content to the destinations you configure (your CMS, a webhook you control, etc.).
- To read Search Console performance data and, if you enable it, resubmit your sitemap after a live publish.
- To maintain, secure, and improve the product.
We do not sell your data. We do not use your Google Search Console data for advertising, and we only use it to provide the features described above.
Google user data & limited use
Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Search Console data is used only to power the opportunity-finding and sitemap-submission features you explicitly enable — never for advertising, and never shared with third parties except the subprocessors listed below.
Who we share data with
We share data only with the service providers needed to run Spook, under contracts that require them to protect it:
- Our hosting and database provider (Convex).
- AI model providers, to research and draft article content on your behalf.
- Search-data providers, to evaluate keyword difficulty and competitor rankings.
- Any CMS or webhook endpoint you configure, solely to publish the content you approve.
- Google, via the APIs you explicitly authorize.
Data retention & deletion
We retain account and site data for as long as your account is active. You can disconnect Google Search Console at any time from your site's Content Performance page — this deletes your stored access token immediately. You can also revoke Spook's access directly from your Google Account permissions page. To delete your account and associated data, contact us at the email below.
Security
Access tokens and CMS credentials are stored server-side and are never exposed to the browser or to other users. We use industry-standard encryption in transit (TLS) for all API traffic, including Google's APIs.
Children's privacy
Spook is a business tool and is not directed at, or intended for use by, children under 16.
Changes to this policy
We may update this policy as the product changes. Material changes will be reflected by updating the "Last updated" date above.
Contact
Questions about this policy or your data? Email us at privacy@tryspook.com.