Privacy Policy

How SpamBlock collects, processes, and protects personal data.

Last updated: 31 October 2025

1. Who we are

SpamBlock (“SpamBlock”, “we”, “our”) helps product teams keep customer-facing forms free of automated spam. SpamBlock, Krossener Str 20, 10245 Berlin, Germany is the data controller for processing activities described in this policy. You can reach our privacy team at [email protected].

2. Personal data we process

We process information that you provide directly to us, as well as limited data that is generated when you interact with our website and pixel.

2.1 Website visitors

  • Contact details, such as your name and email address, when you request a demo or subscribe to updates.
  • Form submission content you voluntarily provide on spamblock.io.
  • Support communications and feedback.

2.2 Pixel customers and end-users

  • Form metadata (field names, values, submission time, client IP, user agent) submitted through forms protected by the SpamBlock pixel.
  • Spam scoring signals (e.g. disposable domain matches, profanity score) generated by our detection logic.

We instruct our customers to avoid sending special categories of personal data through our pixel. If you believe sensitive data has been submitted, please contact us so we can investigate and delete it.

2.3 Automatically collected data

  • Usage data such as device type, browser, and approximate location (city level) derived from IP for security and abuse prevention.
  • Aggregated telemetry about pixel performance (latency, allow/deny rates) stored without direct identifiers.

3. Why we use personal data

Purpose Legal basis
Provide, secure, and improve the SpamBlock service Art. 6(1)(b) GDPR (performance of a contract)
Detect and prevent fraudulent or abusive activity Art. 6(1)(f) GDPR (legitimate interest)
Respond to enquiries and support requests Art. 6(1)(f) GDPR
Send service-related messages and product updates Art. 6(1)(f) GDPR; consent for certain marketing
Comply with legal obligations (tax, accounting) Art. 6(1)(c) GDPR

4. Retention

We retain form submission metadata for 90 days in order to troubleshoot spam scoring decisions. Aggregated statistics may be retained longer in anonymised form. Contact requests and support tickets are kept for up to two years unless we are legally required to retain them longer.

5. Sharing and sub-processors

We rely on carefully selected sub-processors to provide the SpamBlock service. The list of current sub-processors, including hosting and analytics providers, is available in our Data Processing Agreement.

We do not sell personal data. We may disclose data when required to comply with law, defend legal claims, or protect SpamBlock and its users from abuse.

6. International transfers

SpamBlock stores production data in the European Union. When we transfer personal data outside the EU/EEA we rely on an adequacy decision or the current EU Standard Contractual Clauses.

7. Security

We implement technical and organisational measures to protect form submissions, including encryption in transit, strict access controls, and continuous spam signal monitoring. Our engineering team follows secure development practices and reviews access logs on a regular cadence.

8. Your rights

Depending on your location, you may have the right to:

  • Request access to, or a copy of, the personal data we hold about you.
  • Request correction or deletion of your data.
  • Object to or restrict certain processing activities.
  • Port personal data to another service provider.
  • Withdraw consent at any time when we rely on consent.

To exercise your rights, contact us at [email protected]. We will respond within 30 days.

If you believe we have not handled your data properly, you can lodge a complaint with your local supervisory authority. In Germany, this is the Berlin Commissioner for Data Protection and Freedom of Information.

9. Business customers acting as controllers

When you implement the SpamBlock pixel on your website, you act as the controller of the data submitted through your forms. Our responsibilities as your processor are set out in the Data Processing Agreement. You are responsible for configuring the pixel, informing your users, and managing deletion requests.

10. Updates to this policy

We may update this Privacy Policy to reflect product changes or new legal requirements. We will post the updated version here and revise the “Last updated” date. Significant changes will be communicated via email or an in-product notification.

11. Contact

SpamBlock
Krossener Str 20 10245 Berlin
Germany
[email protected]