Is Spellbook safe with your data?

Spellbook

Rally Legal, Inc.

49/100

Weak disclosure · high confidence

Spellbook earns a D (49/100) because it leaves much about its data practices unstated.

#121

of 142 apps ranked

score · Legal avg 54

-5

vs category average

Grade scaleA · 85–100B · 70–84C · 55–69D · 40–54F · 0–39

Spellbook's privacy policy says plainly that it never sells personal information, and it moves customer document data into separate customer agreements. That earns full credit on the ad-sale indicator. The policy says nothing about AI training opt-outs, data portability, general deletion, or concrete retention periods, and it names no specific safeguard for international transfers. Those gaps put it in the D band, well below assistants that disclose a training opt-out plus a defined deletion window.

What Spellbook's privacy policy says about your data

Never sells data

The policy states that "We never sell your Personal Information, and we do not share it with others for any purposes unless it is necessary to provide you with services you requested." This earns full credit on the ad-sale indicator.

Vague retention

General retention is undefined. The only concrete language ties to the Google integration, where data is kept "only for as long as you maintain the corresponding Spellbook library." There is no day-count for personal information overall.

Certifications and EU representation

The footer carries SOC 2 Type II, HIPAA, GDPR, and EU AI Act badges, and the policy names an EU Representative at The DPO Centre in Dublin and a UK Representative in London.

Thin rights and bases

Section 4 covers account access and a marketing opt-out but says nothing about portability or general deletion. Purposes are listed without being mapped to specific legal bases beyond a general GDPR reference.

What the policy is silent or vague on

Not stated: a way to opt out of training
Not stated: whether training use differs by plan
Not stated: your ownership of generated outputs
Not stated: data portability

Spellbook privacy rating

Training-data use0 of 4 disclosed

Keeps user inputs out of model training, or makes training opt-inPartial

Names a way to opt out of or into trainingSilent

Says whether training use differs by plan or tierSilent

Lets the user keep ownership of generated outputsSilent

Data-subject rights1 of 5 disclosed

Grants a right to access your dataDisclosed

Grants a right to delete your dataPartial

Offers data portability in a usable formatSilent

Grants a right to correct your dataPartial

Grants a way to object to or opt out of processingPartial

Retention and deletion0 of 4 disclosed

States a retention period for your dataPartial

States a deletion timeline after closure or requestPartial

Sets a shorter retention for AI conversation logsSilent

Commits to collecting only the data it needsPartial

Third-party sharing2 of 5 disclosed

Lists the categories of third parties it shares withDisclosed

References a sub-processor list or data processing agreementPartial

Does not sell or share data for advertising, or offers opt-outDisclosed

Names a safeguard for international data transfersPartial

States a standard for government and law-enforcement accessPartial

Transparency3 of 4 disclosed

Discloses that you are interacting with AIDisclosed

Marks AI-generated or synthetic outputNot applicable

Enumerates the categories of data it collectsDisclosed

Maps processing purposes to legal basesPartial

Is versioned and dated, with change noticeDisclosed

Sensitive data and children1 of 2 disclosed

Discloses automated decisions and a human-review pathNot applicable

Limits the use of special-category dataSilent

Governs biometric data specificallyNot applicable

States protections for children's dataDisclosed

Security and accountability1 of 3 disclosed

Describes its security safeguardsPartial

Commits to breach notificationPartial

Names a certification or a privacy contactDisclosed

DisclosedPartialSilentAdverseNot applicable

Details

Category: Legal
Modalities: text
Processes biometrics: No
Policy last updated: 2026-06-04
Region scored: Global / US-default
Assessed: 2026-06-20

Read Spellbook's privacy policy

Other legal apps

Each grade reflects our analysis of what an app states in its public privacy policy and terms as of the assessment date. It measures the transparency of those documents, not the company's actual data practices, security, or compliance. Grades are our opinion, offered for general information. Full disclaimer.