Spaario Back Home
GDPR

Privacy Policy

This Privacy Policy explains how Spaario handles personal data when people in the Netherlands visit our pre-launch landing page, join our waitlist, or contact us. At this stage, Spaario is not yet a live customer app, and this Policy is focused on collecting email addresses and related consent records for product updates under the GDPR.

Last updated: April 20, 2026 Launch market: Netherlands Law: GDPR / AVG

1. Who we are

This Privacy Policy applies to personal data processed by Manish Dubey, operating the pre-launch Spaario website in a personal capacity ("Spaario", "we", "us", or "our"), when you visit our pre-launch website, join our waitlist, or contact us.

At this stage, Spaario is not yet operated through a registered company. The current data controller for the pre-launch website and waitlist is the individual founder:

Data controller: Manish Dubey
Trading name: Spaario
Contact email: m.dubey.nl@gmail.com
Location: Netherlands

We have not currently appointed a Data Protection Officer for this pre-launch website. If that changes, or if Spaario later becomes operated by a registered company, we will update this Privacy Policy accordingly.

2. What personal data we collect

At this pre-launch stage, we collect only limited personal data, mainly data you provide directly to us, including:

  • Waitlist contact data: your email address and, if you choose to provide it, your name or other contact details.
  • Communication data: messages, feedback, or other information you send to us when contacting us.
  • Consent records: when and how you gave, changed, or withdrew consent.
  • Technical and usage data: IP address, browser type, device information, and security logs needed to operate, secure, and improve the landing page.

We do not intentionally ask you to provide special-category personal data, such as health data, religious beliefs, or biometric data, unless we clearly tell you so in advance and have a valid legal basis.

We do not currently provide customer accounts, order processing, or a live in-app service through this landing page.

3. How we collect your data

We normally collect personal data directly from you when you join the waitlist, ask to receive product updates, contact us, or otherwise submit information through the website. We may also collect limited technical data automatically through server logs and similar website technologies needed for security and performance.

4. Why we use your data and our legal bases

We process personal data only where the GDPR allows us to do so. The main purposes and legal bases are:

  • To add you to the Spaario waitlist and send you pre-launch updates, launch news, and progress-related emails that you asked to receive. Legal basis: Article 6(1)(a) GDPR (consent).
  • To keep records of your signup, preferences, and unsubscribe requests. Legal basis: Article 6(1)(f) GDPR (our legitimate interests in administering the waitlist and demonstrating compliance) and, where applicable, Article 6(1)(c) GDPR.
  • To answer questions or messages you send to us. Legal basis: Article 6(1)(f) GDPR and, where applicable, Article 6(1)(b) GDPR if your request is related to future use of our service.
  • To secure the landing page, prevent misuse, troubleshoot issues, and keep audit logs. Legal basis: Article 6(1)(f) GDPR (our legitimate interests in running a safe and reliable website).
  • To meet legal or regulatory obligations. Legal basis: Article 6(1)(c) GDPR.

We do not use your waitlist email for unrelated third-party marketing, and if our processing purposes materially change when the product launches, or if the website and waitlist are transferred to a newly formed company, we will update this Privacy Policy and inform you where required.

5. Consent and withdrawal

Where we rely on consent, that consent must be freely given, specific, informed, and unambiguous. You may withdraw your consent at any time by contacting us at m.dubey.nl@gmail.com or by using any unsubscribe or preference controls we provide.

Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

6. Who we share personal data with

We may share personal data only where necessary with:

  • Employees and contractors who need the data to perform their work and are bound by confidentiality obligations.
  • Service providers such as website hosting, cloud, email delivery, forms, CRM, and security vendors acting on our instructions under data processing agreements.
  • Professional advisers, regulators, courts, or authorities where required by law or necessary to protect our rights.

We do not sell your personal data.

7. International transfers

We aim to keep personal data within the European Economic Area. If we use a provider outside the EEA, we will only transfer personal data where the GDPR permits it, for example under an adequacy decision or by using the European Commission's Standard Contractual Clauses together with appropriate safeguards.

8. How long we keep personal data

We keep personal data only for as long as necessary for the purposes described in this Policy.

  • Waitlist email addresses and related contact details: until you withdraw consent, unsubscribe, or the pre-launch waitlist campaign ends, and in any event no later than 12 months after our last meaningful update to you unless another lawful basis applies and you are informed.
  • Consent and suppression records: for as long as reasonably necessary to demonstrate compliance and ensure we respect unsubscribe requests.
  • Enquiry or contact messages: for as long as reasonably necessary to answer your request and handle follow-up questions.
  • Security and technical logs: for short periods as reasonably necessary for website security, troubleshooting, and abuse prevention, unless they need to be retained longer for an incident or legal claim.

Where possible, we may anonymise data so it can no longer be linked to you.

9. Your GDPR rights

Subject to the GDPR and applicable Dutch law, you may have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete personal data.
  • Erase your personal data in certain cases.
  • Restrict the processing of your personal data.
  • Object to certain types of processing.
  • Receive your data in portable form where the right applies.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with the Dutch Data Protection Authority.

To exercise your rights, contact m.dubey.nl@gmail.com. We generally respond within one month, unless the GDPR allows a longer response period.

10. Children

Spaario is not intended for children under 16 in the Netherlands without parental or guardian consent. If we learn that we have collected personal data from a child under 16 without the required consent, we will delete that data as soon as reasonably possible.

11. Security

We use appropriate technical and organisational measures to protect personal data, including access controls, need-to-know restrictions, security monitoring, and encryption in transit where appropriate for the landing page and waitlist systems. No system can be guaranteed to be completely secure, but we work to reduce risk and respond appropriately to incidents.

12. Complaints and contact

If you have a privacy question or complaint, please contact us first at m.dubey.nl@gmail.com so that we can try to resolve the issue.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

13. Changes to this Policy

We may update this Privacy Policy from time to time. If we make a material change, we will post the updated version on this page and, where appropriate, notify waitlist subscribers by email. If Spaario moves from pre-launch to a live product, or if a company is incorporated and becomes the controller of the website and waitlist, we will update this Policy accordingly. The "Last updated" date at the top shows the latest version.