Compliance & Governance

SpyderBot Inc. — A Delaware Corporation

At SpyderBot, compliance and governance are core to how we build, operate, and scale our platform. We are committed to maintaining high standards of data protection, security, transparency, and accountability—ensuring that customers can trust how their data is handled across all layers of our system.

1. Compliance Overview

SpyderBot aligns its practices with globally recognized standards and regulations, including:

  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA/CPRA)
  • SOC 2 Trust Services Criteria (alignment)
  • ISO/IEC 27001 principles (alignment)

We continuously evaluate and improve our compliance posture as our platform evolves.

2. Legal and Data Protection Framework

SpyderBot maintains a structured legal framework to support data protection and enterprise compliance.

Terms and Conditions

Defines the contractual relationship and acceptable use of the Services

Privacy Policy

Explains how personal data is collected, used, and protected

Data Processing Addendum (DPA)

Defines how we process data on behalf of customers, including GDPR obligations and SCCs

Security Program

Outlines technical and organizational safeguards protecting customer data

3. Data Governance Principles

Our approach to data governance is built on the following principles:

Data Minimization

We collect and process only the data necessary to provide our Services.

Purpose Limitation

Data is used solely for defined and legitimate purposes, including LLM analytics and GEO insights.

Transparency

We clearly communicate what data is processed, how it is used, and what controls customers have.

Accountability

We maintain internal controls and processes to ensure compliance with applicable laws and commitments.

4. Roles and Responsibilities

SpyderBot operates primarily as a data processor on behalf of its customers.

  • Customers (Controllers) define the purpose and scope of data processing
  • SpyderBot (Processor) processes data according to customer instructions

This model is defined in our Data Processing Addendum (DPA).

5. AI and LLM Data Governance

SpyderBot is designed for analyzing outputs from large language models (LLMs).

Key governance principles:

  • We do not control or generate LLM outputs
  • We do not guarantee accuracy of third-party AI data
  • We process LLM outputs strictly for analytical purposes
  • We do not use customer data to train external AI models

6. Customer Data Control and Integrations

SpyderBot supports optional integrations with analytics platforms (e.g., Google Analytics, GTM).

Governance approach:

  • All integrations are explicitly authorized by the customer
  • Customers control what data is shared
  • SpyderBot does not independently access third-party systems

This ensures clear separation of responsibility and data ownership.

7. Security and Risk Management

SpyderBot maintains a security program aligned with:

  • SOC 2 (Security, Availability, Confidentiality)
  • ISO/IEC 27001 principles

Key components include:

  • Access control and identity management
  • Encryption and data protection
  • Monitoring and incident response
  • Vendor risk management

For more details, see our Security page.

8. Subprocessors and Third Parties

We use trusted third-party providers to operate our Services.

  • All subprocessors are subject to due diligence and contractual safeguards
  • Data processing agreements are in place
  • A subprocessor list is available upon request or via our public page

9. International Data Transfers

SpyderBot operates globally and may transfer data across jurisdictions. We ensure compliance through:

  • Standard Contractual Clauses (SCCs)
  • Other lawful transfer mechanisms

10. Data Subject Rights

We support customer compliance with data subject rights, including:

  • Access
  • Correction
  • Deletion
  • Portability

Requests can be submitted via: [email protected]

11. Audits and Compliance Assurance

We support enterprise compliance requirements by:

  • Maintaining records of processing activities
  • Providing documentation upon request
  • Supporting security and compliance reviews

12. Continuous Improvement

Compliance is an ongoing process. SpyderBot continuously:

  • Improves internal controls
  • Enhances security and governance practices
  • Evaluates certification readiness (SOC 2, ISO 27001)

13. Contact

For compliance, privacy, or governance inquiries:

[email protected]

SpyderBot Inc. — A Delaware Corporation