Privacy Policy

SpotBench, Inc. ("SpotBench," "we," "us," or "our") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

This policy applies to all users of spotbench.com and our mobile-accessible web application.

Information you provide directly:

• Account information: name, email address, mobile phone number, password.
• Profile information: bio, location (city, ZIP), hourly rate, years of experience, skills, languages, photos.
• Licensing and credentials: CSLB license numbers, driver license classes.
• Provider Attestation: your typed signature and attestation timestamp.
• Messages: content of messages you send to other users through our platform.
• Payment information: processed by Stripe; we do not store full card numbers.

Information collected automatically:

• Log data: IP address, browser type, pages visited, time and date of access, referring URL.
• Device information: device type, operating system.
• Usage data: search queries, filters applied, profiles viewed, features used.
• Cookies and similar technologies: session cookies required for authentication; analytics cookies (PostHog) for product improvement.

Information from third parties:

• CSLB license data: sourced from publicly available California Contractors State License Board records.
• Phone verification: Twilio Verify confirms your phone number is valid and active.

• To operate the platform: display your profile in search, facilitate messaging, process payments, and provide customer support.
• To prevent fraud and abuse: detect duplicate accounts, rate-limit registrations, and enforce our Terms of Service.
• To communicate with you: send transactional emails (account verification, password reset, billing receipts) via Resend.
• To improve the product: analyze usage patterns via PostHog to understand which features are used and where users encounter friction.
• To comply with law: respond to lawful requests from government authorities, enforce legal rights, and retain records as required.

We do not use your information to train AI models, sell to data brokers, or send unsolicited marketing without your consent.

We share your information only in the following circumstances:

• With other users: your public profile (name, city, skills, rate, photos, availability) is visible to all registered users. Your phone number is only revealed to users with an active subscription who explicitly request it.
• Service providers: Supabase (database hosting), Stripe (payments), Twilio (phone verification), Resend (email), PostHog (analytics), Sentry (error tracking), Vercel (hosting), Cloudflare (CDN/DDoS protection), Upstash (rate limiting). Each is contractually bound to protect your data.
• Legal requirements: we may disclose information if required by law, court order, or to protect the rights and safety of our users.
• Business transfers: in the event of a merger, acquisition, or asset sale, user information may be transferred. We will notify you via email before that occurs.

We do not sell your personal information to third parties.

• Active account data is retained for as long as your account exists.
• After account deletion, we retain minimal records for 30 days to handle disputes, then permanently delete personal data within 90 days, except where retention is required by law (e.g., billing records for 7 years per IRS requirements).
• Message content is deleted 90 days after account deletion.
• Provider Attestation records are retained for 7 years to demonstrate AB5 compliance.
• Log data (IP addresses, access logs) is retained for 90 days.

As a California resident, you have the following rights:

• Right to Know: request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: request deletion of your personal information, subject to certain exceptions.
• Right to Correct: request correction of inaccurate personal information.
• Right to Opt-Out of Sale: we do not sell personal information, so this right is not applicable. We will not sell your information in the future without explicit consent.
• Right to Limit Use of Sensitive Information: we collect sensitive information (phone numbers, precise location) only as necessary to operate the platform.
• Right to Non-Discrimination: we will not discriminate against you for exercising any of these rights.

To exercise these rights, contact us at privacy@spotbench.com or submit a request through your account Settings → Data & Privacy. We will respond within 45 days. Identity verification may be required.

We use the following cookies:

• Strictly necessary: session cookies for authentication (Supabase). Cannot be disabled without breaking the platform.
• Analytics: PostHog for product analytics. You may opt out by contacting us or using browser-level controls.

We do not use advertising or tracking cookies.

We use industry-standard measures to protect your data: TLS encryption in transit, AES-256 encryption at rest (Supabase), Row Level Security policies ensuring users can only access data they are authorized to see, and rate limiting on sensitive operations.

No method of transmission over the Internet is 100% secure. In the event of a data breach affecting your rights, we will notify you as required by California law within 72 hours of discovery.

SpotBench is not directed to individuals under 18. We do not knowingly collect personal information from minors. If we discover we have inadvertently collected such information, we will delete it promptly.

We may update this Privacy Policy. We will notify you of material changes via email or in-app notice at least 14 days before they take effect. The date at the top of this page reflects the most recent revision.

SpotBench, Inc.
Los Angeles, California
Privacy inquiries: privacy@spotbench.com
Legal: legal@getspotbench.com