Privacy policy

GDPR compliant badge

Spike is operated by FatSync Software Private Limited (“Spike”, “we”, “us”, or “our”).

For privacy-related inquiries, please contact: [email protected]

1. Overview#

This Privacy Policy describes how we collect, use, process, and disclose personal information in connection with the Spike incident management and alerting platform (“Service”).

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1A. Role Under GDPR#

When providing the Service to business customers, Spike acts as a Data Processor. The customer organization acts as the Data Controller and determines the purpose and means of processing personal data within their Spike account.

Spike processes personal data on behalf of customers strictly in accordance with customer instructions and the applicable Data Processing Addendum.

For the following activities, Spike acts as a Data Controller:

  • Account registration and authentication
  • Billing and payment processing
  • Website analytics and performance monitoring
  • Marketing communications
  • Customer support interactions

2. Information We Collect#

We may collect the following types of personal information:

  • Name
  • Email address
  • Phone number
  • Organization name
  • User account credentials
  • Passwords are securely hashed and are never stored in plaintext.
  • Incident-related content submitted through the platform
  • System metadata and logs
  • Integration data received from connected third-party services

When you connect third-party services (such as Google services), we may collect user data required to provide and improve the Service in accordance with your configuration.

3. How We Use Information#

We use personal information to:

  • Provide and operate the Service
  • Deliver notifications (email, SMS, integrations)
  • Manage user accounts and authentication
  • Maintain logs and audit trails
  • Provide customer support
  • Improve platform performance and reliability

We do not sell personal information.

4. Data Hosting and International Transfers#

Spike is operated by FatSync Software Private Limited, incorporated in India.

Our infrastructure and databases are hosted in the United States. Personal data may be processed and stored in the United States.

For customers located in the European Economic Area (EEA) or United Kingdom, transfers of personal data outside the EEA/UK are governed by appropriate safeguards, including the European Commission’s Standard Contractual Clauses (2021), as incorporated into our Data Processing Addendum.

5. Data Sharing#

We do not sell, trade, or rent personal data.

We share personal data only with trusted service providers (“subprocessors”) necessary to operate the Service. These include infrastructure hosting, database hosting, email delivery, and SMS delivery providers.

A current list of subprocessors is available at our GDPR page

We may disclose personal data if required by law or to protect our legal rights.

6. Data Retention#

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with legal obligations, and enforce contractual rights.

Retention periods vary depending on the type of data:

  • Customer account data is retained for the duration of the customer relationship and deleted upon valid account closure request.
  • Incident data and platform logs are retained in accordance with operational requirements and log retention policies.
  • Backups are retained under automated backup retention schedules and are overwritten or deleted within a defined retention period (not exceeding 30 days).
  • Billing and invoice records are retained as required under applicable accounting and tax laws.
  • Website analytics data is retained according to Google Analytics configuration settings.

Customers may request deletion of their account data at any time by contacting [email protected]. Upon receiving a valid and verified request, personal data will be deleted within 30 days unless retention is legally required.

7. Data Subject Rights (GDPR)#

You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Restrict processing
  • Object to processing
  • Request data portability

To exercise these rights, contact [email protected]. If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority.

8. Log Data#

We may collect information sent by your browser or device when you access the Service. This may include IP address, browser type, browser version, pages visited, time and date of visit, and diagnostic data.

We use this information to improve system performance and reliability.

9. Cookies and Analytics#

Spike uses cookies and similar technologies to operate the website and analyze usage.

Where required by applicable law, non-essential cookies (including analytics cookies) are deployed only after user consent is obtained through our cookie consent mechanism.

Users may withdraw or modify their cookie preferences at any time through the consent management tool available on the website.

We use Google Analytics to understand website usage and improve performance. Analytics data is processed in accordance with Google’s privacy practices and our configuration settings.

10. Lawful Bases for Processing#

Where Spike acts as a Data Controller, we process personal data under one or more of the following lawful bases:

  • Contract – to provide and manage access to the Service, including account creation, billing, and support.
  • Legitimate Interest – to maintain platform security, prevent fraud, monitor system performance, and improve service reliability, provided such interests do not override individual rights.
  • Consent – where required, including for marketing communications and website analytics cookies.
  • Legal Obligation – where processing is necessary to comply with applicable laws or regulatory requirements.

11. Security#

We implement administrative, technical, and organizational safeguards designed to protect personal data, including encryption in transit, encryption at rest, access controls, and monitoring practices.

12. Changes to This Policy#

We may update this Privacy Policy from time to time. Changes become effective upon posting on this page. Continued use of the Service after changes are posted constitutes acceptance of the revised policy.

× Zoomed Image