PRIVACY POLICY
Spikenow Ltd.
Last Modified: December 2025
Spikenow Ltd., ("Spikenow", "we" or "us") presents this privacy policy, as may be amended from time to time ("Privacy Policy") to explain how we collect, use, disclose, and protect Personal Data (as defined below) when using our Services (as defined in our Terms of Use).
This Privacy Policy governs Spikenow Ltd.’s iGPT platform (the "Platform"), APIs, and enterprise deployments, and does not govern consumer Spike app.
This Privacy Policy applies to:
- Developers and enterprise customers who register to the Platform and use the Services.
- Personal Data of end users (e.g., employees) processed through customer-defined AI engines hosted on our infrastructure.
This Privacy Policy does not cover how our customers (e.g., developers, enterprises) use end-user’s Personal Data. Customers are responsible for establishing their own privacy practices and legal compliance with applicable data protection laws.
Please note that a separate privacy policy applies to our consumers available here.
Who We Are And How To Contact Us
Spikenow Ltd. provides the Platform to allow enterprise developers and their end-users ("you" or "your") to build, deploy, and manage custom AI engines which interact with information sources (such as end-users’ emails, documents, and internal systems.)
We act as data controller for the processing of Personal Data in relation to developer accounts, billing, authentication logs, and security logs of the Platform as described in Section 2 below, and we are therefore responsible for the processing of your Personal Data as described in this Privacy Policy.
We act as data processor for the processing of end user’s Personal Data on behalf of our customers, as described in Section 2 below. We process this data on behalf of our customer who is the data controller, strictly in accordance with the customer’s instructions and as further stipulated in our data processing addendum (DPA) published on our website [to add link].
If you have any questions about this Privacy Policy, please contact us by email: support@spikenow.com or by mail: Spikenow Ltd - 6 Hemda Street, Herzliya, Israel
Types of Personal Data We Collect
Definition. “Personal Data” means any information relating to an identified or identifiable natural person and includes the information listed in this Section.
Collection of Personal Data – General Provisions. We hereby inform you, and you hereby acknowledge that you have no legal obligation to provide us with any Personal Data when you use the Services, and the provision of it is solely based on your free will. However, without receipt of data it may not be possible to operate the Services.
Personal Data developer users voluntarily provide to us (our direct customers) and that we process as data controller:
- Account Data: Full name, email address, username, company name, password, authentication credentials.
- Billing Information: Company billing address and payment method.
- Authentication and Security Logs
Personal Data end-users voluntarily provide to us on the Platform and that we process as data processor on behalf of our customer and as part of the provision of the Services (including but not limited to):
- User Content: Email content, files, internal documents (e.g., user communications, reports, attachments), conversation history, and all contextual data.
- Derived Data, including embeddings, structured outputs, and extracted metadata.
Personal Data that we collect automatically and that we process both as data processor and data controller. When you interact or use the Services, we may collect and process the following types of Personal Data (collectively, “Technical Data”):
- Metadata: Information about file types, timestamps, and access logs.
- Inference inputs and outputs
- Usage Data: Information that browser or device automatically send when using our Services, including IP address, date and time of the request or access, types of content viewed or engaged with, clicks, as well as time zone, country.
- Device Data: Information about the device used, such as the name of the device, operating system, device identifiers, and browser – depending on the type of device used and settings.
- Location: We may determine the general area from which your device accesses our Services based on information such as IP address.
- Cookies and Tracking Technologies: We use cookies and tracking technologies to collect some of the Personal Data described above. For details about our use of cookies, please read our Cookie Policy. [to add link]
The customers are responsible for ensuring that any data provided or uploaded, whether end-users or of third parties, is lawfully obtained and that they have the necessary authorization to do so, if required under applicable law.
Purposes and EU Legal Basis
We process the Personal Data described in section 2 above for the following purposes:
| Purposes | Legal Basis (for EEA Users only) |
| To authenticate and manage developer accounts, e.g., creating, updating and deleting the account. | Necessary for the performance of a contract to which you are a party (i.e., Terms of Use). |
| To provide and maintain the Services, e.g., processing user’s prompts to provide a response and facilitate interactions with your Personal Data. | We process Personal Data for this purpose as data processor on behalf of our customers. Therefore, as data controllers, customers are responsible for determining the appropriate legal basis. |
| To communicate with you, e.g., processing your request, assisting you with and resolving technical issues and sending you information about our Services. |
When we communicate for technical assistance, we process Personal Data for this purpose as data processor on behalf of our customers. Therefore, as data controllers, customers are responsible for determining the appropriate legal basis. Your consent when we ask for it to process your Personal Data for a specific purpose that we communicate to you, such as processing your contact information to send you marketing communications. |
| To improve and enhance the Services and user’s experience and conduct research, e.g., monitoring and analyzing your use of the Services, fixing bugs based on user interaction logs, and creating statistics. |
Our legitimate interests in developing and improving the Services and user’s experience. Please note that we do not use User Content nor Derived Data to train or fine-tune AI models. Any AI model improvement is performed using synthetic data or Spikenow-controlled datasets that do not include User Content. |
| To protect and enhance security of the Services, such as preventing and mitigating the risks of fraud any illegal or prohibited activity | Our legitimate interests in protecting our Services from abuse, fraud, or security risks, such as processing data from security partners to protect against fraud, abuse and security threats in our Services. |
| To defend rights, such as taking action against any identified security breach, manage any dispute or litigation. | Our legitimate interest in defending our rights and interests, including in protecting our users’ or third parties’ rights, safety, and property, such as analyzing log data to identify fraud and abuse in our Services. |
| To comply with legal and regulatory obligations, such as performing any reporting and notifications obligations we may be subject to, processing your requests to exercise your rights; and detecting, investigating, preventing, or taking action against illegal activities, fraud, or situations involving potential threats to the rights. | Legal obligations to which we are subject, such as retaining transaction information to comply with record-keeping obligations. |
We may also aggregate or de-identify Personal Data so that it no longer identifies you and use this information for the purposes described above, such as to analyze the way our Services are being used, to improve and add features to them, and to conduct research. We will maintain and use de-identified information in de-identified form and not attempt to reidentify the information, unless required by law.
Sharing of Personal Data
We may share your Personal Data with third parties as detailed below:
- Service Providers and Vendors, including data storage providers, data security services, cloud services, content delivery services, email communication software, web analytics services, insurers.
- Governmental, Administrative or Judiciary Authorities. We may disclose or provide access to Personal Data to governmental, administrative, or judicial authorities if we are legally required to do so, such as in response to a subpoena or court order or when required by law, or when we believe in good faith that disclosure is necessary to investigate or take action regarding suspected illegal activity or fraud, in compliance with applicable laws. Where legally permitted, we review such requests and may challenge those that are unlawful, overly broad, or inconsistent with applicable law.
- Corporate Transactions. We may share Personal Data in connection with any proposed or actual financing, reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
- Lawyers and Interested Parties. We will share Personal Data in case of the management of possible disputes and other legal matters where appropriate, including with respect to the Services; to establish, protect, or exercise our legal rights.
International Data Transfers
We may host, store and process the Personal Data outside your jurisdiction, as follows:
- EEA Transfers. When we transfer Personal Data from within the European Economic Area ("EEA") to countries or international organizations that are based outside the EEA, we rely on an adequacy decision by the European Commission, or in the absence of an adequacy decision, other legally permitted safeguards under the General Data Protection Regulation (GDPR), such as standard contractual clauses.
- Transfers From Other Jurisdictions. When we transfer Personal Data from other countries (such as Israel) to a third country, we rely on data transfer mechanisms as required by applicable law, such as country declared as offering equivalent level of protection or any other legal safeguards. Please be aware that in some cases we may transfer Personal Data to countries in which the level of data protection may be lower than your country and by using our Services you agree to such transfer.
Data Retention
Developer Data: We retain Personal Data as long as the account is active and for a reasonable period afterward for compliance with legal and regulatory requirements, if we reasonably believe there is a prospect of litigation, and support purposes.
End-User Data (processed on behalf of customers): We retain Personal Data in accordance with customer instructions under the agreement. By default, we apply data minimization and retention limits.
Data Security
We endeavor to maintain appropriate technical and organizational measures compliant with industry standards to protect Personal Data. However, although we make every effort to protect the Personal Data which you provide to us or we generate, we cannot completely ensure the security of any Personal Data you transmit to us over the internet or guarantee that this Personal Data will not be accessed, disclosed, altered, or destroyed.
If you have found a vulnerability or would like to report a security incident, you may send an email at support@spikenow.com.
Data Rights
General Provisions. You are entitled to specific rights regarding your Personal Data (subject to some exceptions) and in most cases free of charge. We may need to ask you to provide us with certain credentials to make sure that you are who you claim you are and to ask you questions to better understand the nature and scope of Personal Data that you request to access.
Please note that you can deliver your request by contacting us at support@spikenow.com.
Data Rights for Israeli Users. If you are based in Israel, you are entitled to request us to review and access your Personal Data, update, amendment, and deletion of Personal Data which is incomplete, incorrect, outdated or unclear.
EEA Users. If you are based in the EEA and subject to the GDPR, you are entitled to exercise all your rights regarding your Personal Data, including the right to access, as well as a copy of your Personal Data; rectify your Personal Data; restrict the processing during a limited period of time; withdraw your consent at any time when we rely on consent as the legal basis; request the transfer of your Personal Data to a third party (‘data portability); delete your Personal Data; not to be subject to a decision based solely on automated processing; and lodge a complaint with your national data protection authority.
If you have a complaint about how we use your Personal Data, we will always prefer you to contact us first. If you are unsure which data protection authority to contact, please contact us at support@spikenow.com.
Children
The Services is not intended for use by minors (which concerning the EEA is under the age of 18). If we nevertheless receive Personal Data from an individual who indicates that he or she is, or whom we otherwise have reason to believe is, under the age of 18 we will endeavor to delete such Personal Data from our systems. Users under 18 must have permission from their parent or guardian to use our Services.
Changes to This Privacy Policy
We may change this Privacy Policy from time to time. The updated policy will be posted on our Platform and will be effective as of the ‘Effective Date’ noted at the top of the policy. We encourage you to review this Privacy Policy periodically.