​Privacy Statement — United States (US) Focus
Effective date: 12/2025
Last updated: 12/17/2025
Contact: SpooksLab - Spookslab2025@gmail.com - spookslab.wixsite.com/spookslab
This Privacy Statement explains how SpooksLab (“we”, “us”, or “our”) collects, uses, discloses, and protects personal data when you use our website, applications, and services (collectively, the “Service”). It also explains your privacy rights under applicable United States laws and how to exercise them. Replace bracketed placeholders with your company-specific details before publishing.
Controller and Scope
Controller: SpooksLab; St. Cloud, MN; spookslab2025@gmail.com.
Scope: Applies to personal data collected through the Service and related customer support, marketing, and analytics activities. It does not apply to third-party services or websites we do not control.
Personal Data We Collect We collect the following categories of personal data:
Identity & Account Data: name, email address, username, profile picture, and account identifiers (e.g., user ID).
Authentication & Security Data: password hashes, multi-factor authentication data, login timestamps, and session tokens.
Payment & Billing Data: billing name, billing address, transaction records, subscription status, and payment method metadata (card brand, last four digits). We do not store full payment card numbers; payment processing is handled by our third-party payment processors.
Profile & Preferences: profile fields you provide, settings, and preferences.
Usage & Analytics Data: pages visited, features used, timestamps, device and browser information, IP addresses, and cookies or similar technologies.
Communications: support requests, feedback, and other correspondence.
Content & Files: files, messages, and data you upload, create, or store using the Service.
Technical & Diagnostic Data: logs, error reports, and performance metrics necessary to operate, secure, and improve the Service.
​
How We Collect Personal Data
Directly from you when you create an account, complete forms, contact support, or use interactive features.
Automatically through your use of the Service (e.g., cookies, web beacons, server logs).
From third parties, such as identity providers (OAuth), analytics providers, and payment processors.
From publicly available sources or other users who provide your contact information (for example, when you are invited to join an organization within our Service).
Purposes and Legal Bases for Processing We process personal data to:
Provide, operate, and maintain the Service.
Manage accounts, authenticate users, and secure the Service.
Process payments, subscriptions, refunds, and billing.
Provide customer support and respond to inquiries.
Send transactional communications (account notices, security alerts).
Send marketing communications where you consent or where permitted by law.
Analyze usage to improve the Service and produce aggregated insights.
Comply with legal obligations and protect our legal rights.
Sharing and Disclosure We may share personal data with:
Service providers and subprocessors (payment processors, cloud hosting, analytics, email providers) who act on our behalf under contractual safeguards.
Affiliates and subsidiaries where necessary to deliver the Service.
Law enforcement, regulators, or other third parties if required by law (e.g., subpoenas, court orders), or to protect safety, legal rights, or property.
Third parties with your consent or at your direction (integrations you enable).
In aggregated or anonymized form that does not reasonably identify individuals.
We do not sell personal information for monetary consideration. If our practices change, we will update this Statement.
US State Privacy Rights Depending on where you live in the United States, you may have additional rights under applicable state privacy laws (for example, California’s CCPA/CPRA, Virginia’s CDPA, Colorado Privacy Act, Connecticut Act, Utah Consumer Privacy Act, and others). Below are the most common state-specific rights and how to exercise them.
6.1 California (CCPA / CPRA) If you are a California resident, you may have the right to:
Know: Request disclosure of categories and specific pieces of personal information collected, sources, purposes, and recipients.
Delete: Request deletion of personal information we maintain about you, subject to exceptions.
Correct: Request correction of inaccurate personal information.
Opt-out of Sale or Sharing: Opt out of any sale or sharing of your personal information for cross-context behavioral advertising. We do not sell personal information for monetary consideration; if this changes, we will provide a method to opt out.
Limit Use of Sensitive Personal Information: Request limitations on our processing of your sensitive personal information.
Non-Discrimination: You have the right to non-discriminatory treatment for exercising your privacy rights.
To submit a request under California law, contact: spookslab2025@gmail.com or call [contact phone]. We will verify requests and respond within the timeframes required by law.
6.2 Other US States with Privacy Laws (e.g., Virginia, Colorado, Connecticut, Utah) If you are a resident of another US state with an applicable privacy law (e.g., Virginia’s CDPA, Colorado Privacy Act, Connecticut Act, Utah CPA), you may have rights to:
Access, correct, delete, or obtain a portable copy of your personal data.
Opt out of targeted advertising or certain profiling, where applicable.
Limit processing of sensitive personal data, where applicable.
To exercise these rights, contact: spookslab2025@gmail.com. We will verify requests and respond in accordance with applicable state law.
International Transfers If your data is transferred outside the United States, we will use appropriate safeguards. Where necessary, we implement contractual protections and other measures necessary to comply with applicable law.
Data Retention We retain personal data only as long as necessary to provide our Service, comply with legal obligations, resolve disputes, and enforce agreements. Example retention periods (customize to your operations and legal obligations):
Account and authentication data: retained while account is active and for [e.g., 2 years] after account deletion.
Billing and transactional records: retained for [e.g., 7 years] for tax and compliance purposes.
Logs and analytics: retained for [e.g., 1 year] for security and operational needs unless aggregated/anonymized sooner.
Security We use reasonable administrative, technical, and physical safeguards to protect personal data (encryption in transit and at rest, access controls, monitoring, and security assessments). Despite measures, no system is completely secure; notify us at spookslab2025@gmail.com if you suspect a breach.
Children The Service is not intended for children under 16 (or a different age where local law applies). We do not knowingly collect personal data from children under the applicable age. If we learn we have collected such data, we will take steps to delete it.
Cookies & Tracking We use cookies and similar technologies to operate the Service, analyze usage, and support features. You can manage cookie preferences through your browser or device settings. See our Cookie Policy [insert link] for details.
Your Choices and Opt-Outs
Marketing Communications: You may opt out of marketing emails by following the unsubscribe link in an email or contacting spookslab2025@gmail.com.
Analytics and Cookies: Use your browser controls or opt-out mechanisms provided by third-party analytics services.
California “Do Not Sell or Share”: If you are a California resident and wish to opt out of sale or sharing (if applicable), contact spookslab2025@gmail.com
Data Subject Rights & Requests To exercise your rights (access, deletion, correction, data portability, opt-out), contact us at: SpooksLab
Email: spookslab2025@gmail.com
Phone: -
We will verify requests to protect privacy and may require information to confirm identity. Certain requests may be denied or limited by law.
Response Times and Verification We will acknowledge and respond to verified requests as required by applicable law (for example, CCPA/CPRA and state laws). We may request additional information to verify identity and may limit requests that are excessive or legally restricted.
Legal Disclosures and Law Enforcement We may disclose personal data in response to lawful requests by public authorities, government agencies, or law enforcement, or to comply with legal obligations, governmental requests, court orders, or to protect our rights, privacy, safety, or property.
Third-Party Services & Links The Service may contain links to third-party websites and services. This Statement does not cover third-party practices. Review their privacy policies before sharing personal information.
Changes to This Privacy Statement We may update this Statement to reflect changes in our practices or legal requirements. We will post the updated Statement with a new effective date. Where required by law, we will notify affected users of material changes.
Contact & Agent for Service of Process (US-specific) For privacy inquiries, data requests, or to designate an agent for service of process, contact: SpooksLab
[Insert mailing address]
Email: spookslab2025@gmail.com
Phone: -
If required under specific state laws, provide a designated agent contact and mailing address here.
Additional US-Specific Notices (if applicable)
California Residents: Include any additional CCPA/CPRA disclosures (sale/sharing disclosures, categories of personal information collected/covered business purpose table, and methods to submit verifiable requests).
Nevada Residents: If selling covered data, provide an opt-out mechanism as required by Nevada law (NRS 603A.340) — indicate whether we sell covered information and provide opt-out instructions.
Other State-Specific Requirements: Add notices for states with unique obligations as necessary.
Acknowledgment By using the Service, you acknowledge you have read and understood this Privacy Statement and consent to the collection and use of your personal data as described herein, subject to applicable law.