Legal
Last updated: April 26, 2026
Spindlecode ("we", "our", "us") builds privacy-first software. We minimize the data we collect and, wherever possible, design our apps to work entirely on your device. This policy explains what data we do and do not collect, both on the spindlecode.com website and in each of our apps. Different apps handle data differently, so each is described below.
Spindlecode is a sole proprietorship located in the Commonwealth of Virginia, United States. For all data we do collect, Spindlecode is the controller. You can reach us at contact@spindlecode.com.
The marketing site at spindlecode.com is a static site served via AWS Amplify. We do not use analytics services, advertising cookies, or third-party tracking pixels. The site uses only essential cookies (if any) needed for basic operation. Standard server access logs (IP address, user agent, timestamp, requested URL) are generated by our hosting provider and retained for a limited period for security and abuse-prevention purposes.
If you submit your email address through a waitlist or "notify me" form on this site (for example, on the Lectis or Roster Rhythm pages), we collect that email address solely to send you the notification you requested and any closely related product launch updates. We do not sell, rent, or share waitlist emails with third parties for their own marketing. You can unsubscribe and request deletion at any time by emailing contact@spindlecode.com.
NetJolt is a network diagnostics and monitoring app for macOS and iOS. The following describes how NetJolt handles your data.
All of the following data is stored locally on your device and is never transmitted to Spindlecode or any third party:
NetJolt makes the following network requests as part of its core functionality:
NetJolt requests the following system permissions, each used solely for its stated purpose:
NetJolt does not include any analytics SDKs, crash reporting services, advertising frameworks, or tracking technologies. We do not collect usage data, device identifiers, or behavioral information of any kind.
NetJolt does not share data with third parties. The network requests described above are made directly from your device and contain no personal information beyond your IP address (which is inherent to any network request).
Lectis is a long-form reading app for iOS, Android, and the web. The app is currently in development; this section describes how Lectis is designed to handle your data.
The following data is stored locally on your device and, if you create a Lectis account for cross-device sync, is synced to your account in encrypted form. It is never sold or shared with third parties:
When you save an article, Lectis fetches the URL you provided in order to render a clean reading view. The fetch is made from your device (or, where necessary for paywalled or JavaScript-heavy sites, from a Spindlecode-operated extraction service that processes the URL transiently and does not retain the page content beyond what is needed to return it to you). Lectis does not transmit your reading list, highlights, or behavioral data to any third party.
If you create a Lectis account to sync across devices, we collect your email address and an authentication credential. We use this only to authenticate you and provide service-related notifications. You can delete your account, and the associated reading data, at any time from within the app or by emailing contact@spindlecode.com.
Lectis does not include third-party analytics SDKs, advertising frameworks, or behavioral tracking. We do not build a profile of what you read.
"Save to Lectis" is a browser extension distributed through the Chrome Web Store, Firefox Add-ons, and the Mac App Store. It lets you save the article you are currently reading to your Lectis library with a single click. This section describes what data the extension handles in addition to the policy above.
What gets sent to Lectis when you click Save:
The extension only sends this data when you click the toolbar button, the right-click "Save to Lectis" menu item, or use the keyboard shortcut. It does not read or transmit pages you do not explicitly save, your browsing history, your other tabs, your form input, your cookies, or any data about pages you simply visit.
Permissions the extension requests, and why:
activeTab + scripting — to run Mozilla Readability.js against the current tab when you click Save, so we can extract the cleaned article body on your device.tabs — so the extension can show a green checkmark on the toolbar icon when you are on a page you have already saved.storage — to remember your sign-in token across sessions and cache which URLs you have already saved.contextMenus + notifications — for the right-click "Save to Lectis" menu and the "Saved" / "Save failed" notifications.sidePanel (Chrome only) — to open the Lectis reader as a side panel.identity — for the "Sign in with Google" flow.host_permissions: https://api.lectisapp.com/* — the only host the extension may make network requests to. The extension cannot read or transmit data from any other site.Authentication. Sign-in uses Google OAuth: when you press "Sign in with Google", you are redirected to Google's consent screen, Google returns an identity token, and the extension exchanges that token at Lectis for a session JWT. We store your Google profile email, display name, and profile picture URL so the extension can show who you are signed in as. We do not receive your Google password and we do not have access to your Gmail, Drive, Calendar, or any other Google service. The only Lectis account that may be signed in to is one that already exists; the extension cannot create a new Lectis account on your behalf.
What is NOT collected. The extension does not contain analytics or telemetry. It does not phone home with your browsing activity. Pages you do not explicitly save are never transmitted. We do not sell or share any of the data above with third parties, advertisers, or data brokers.
Deletion. Each saved article has a delete button. Removing an article also removes its cached HTML and inline images from our database. To delete your entire account and all associated data, sign out of the extension and email contact@spindlecode.com; we will erase your account and all of its content within 7 days.
Roster Rhythm is an app for youth sports teams covering team management, game-day scoring, live streaming, walk-up music, and stats. Roster Rhythm is currently in development; this section describes how it is designed to handle data, and will be updated before launch with any changes.
Roster Rhythm accounts are intended for coaches, team managers, scorekeepers, and parents or guardians (collectively, "Adult Users"). Roster Rhythm is not directed to children under 13, and children under 13 may not create accounts. A coach, manager, or parent may add a minor child to a roster as a player; the child does not log in to Roster Rhythm and does not have an account.
When an Adult User adds a player to a roster, the Adult User may enter information such as the player's first name (or nickname), jersey number, position, date of birth (used only to confirm league age eligibility), team affiliation, and walk-up song. Game-day use generates additional data tied to that player, such as at-bats, statistics, pitch counts, and play-by-play events. Live streaming and any photo or video features may capture the likenesses of minor players on the field.
The Adult User who adds a player is responsible for obtaining any consent required by their league, school, or local law from the player's parent or guardian before entering the player's information or streaming games in which the player appears. If you are a parent or guardian and you believe information about your child has been added to Roster Rhythm without your consent, please contact us at contact@spindlecode.com and we will remove it.
For Adult Users, we collect: email address, display name, password (stored hashed), team and league affiliations, and any messages you send through team chat. We use this only to operate the service, authenticate you, deliver notifications, and let team members communicate.
When an Adult User starts a live stream of a game, video and audio captured by the streaming device are transmitted through our streaming infrastructure and made available to viewers the streamer chooses (for example, family members of the team). Streams may be recorded and saved to the streamer's account. The streamer is responsible for ensuring all individuals visible in the stream (including parents of all minor players) have consented as required by their league or local law.
Walk-up music selections you save are stored in your account and played from your device during games. We do not collect listening history beyond what is needed to play the right song at the right time.
Roster Rhythm relies on third-party infrastructure providers for cloud hosting, video streaming delivery, and push notifications. These providers process data on our behalf under contractual data-processing terms and do not use your data for their own purposes.
Spindlecode does not direct any of its apps to children under 13, and our apps are not designed for use by children under 13 to create accounts or interact directly with our services. Roster Rhythm is intended for use by coaches, scorekeepers, parents, and other adults; minor players appear in Roster Rhythm only as roster entries created by an adult. We do not knowingly collect personal information directly from a child under 13.
If you are a parent or guardian and you believe a child under 13 has provided personal information to us directly (for example, by signing up for a waitlist), please contact contact@spindlecode.com and we will delete the information. We comply with the U.S. Children's Online Privacy Protection Act (COPPA) and corresponding state laws, and we will not knowingly use, share, or sell the personal information of a child under 13 without verifiable parental consent.
For users between 13 and 18, additional rights may apply under state laws (for example, California's "eraser" right for minors). To exercise any such right, contact us at the address above.
Depending on where you live, you may have additional rights regarding your personal information under laws such as the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"), the Virginia Consumer Data Protection Act ("VCDPA"), and similar laws in Colorado, Connecticut, Utah, and other states. These rights may include:
We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We have not done so in the preceding twelve months and we have no plans to do so.
To exercise any of these rights, email contact@spindlecode.com with the subject line "Privacy Rights Request" and tell us which right you are exercising. We will verify your request by matching the information you provide to information we already hold (for example, the email address associated with your account or waitlist signup). You may designate an authorized agent to make a request on your behalf; we will require written authorization. We will respond within the time period required by applicable law (typically 45 days).
In the preceding twelve months, we have collected the following categories of personal information, solely for the business purposes described above and not for sale or cross-context behavioral advertising:
If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation ("GDPR") and corresponding laws give you rights regarding your personal information. Spindlecode acts as the data controller. The lawful bases on which we process your data are:
You have the right to access, rectify, erase, restrict processing of, port, and object to processing of your personal information, and to withdraw consent at any time without affecting the lawfulness of prior processing. To exercise any right, email contact@spindlecode.com. You also have the right to lodge a complaint with your national supervisory authority. Where data is transferred from the EEA, UK, or Switzerland to the United States, we rely on Standard Contractual Clauses or another lawful transfer mechanism with our service providers.
We have not appointed an EU or UK representative because our processing of EEA/UK personal data is occasional and limited to non-sensitive data (waitlist emails and account credentials). If you would like to discuss this position, please contact us.
We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date.
If you have questions about this privacy policy, please contact us at contact@spindlecode.com.