Spellbook
What Spellbook publishes about its data handling, captured from spellbook.legal on 2026-06-05. See also the Spellbook vendor profile.
Document inventory
| Document | Publicly posted | Source |
|---|---|---|
| Terms of service | yes | https://spellbook.legal/terms-of-service |
| Privacy policy | yes | https://spellbook.legal/privacy-policy |
| Data processing agreement | not posted at capture | — |
| Security page | yes | https://spellbook.legal/security |
| Subprocessor list | not posted at capture | — |
Transparency count: 3/5
Spellbook had 3 of the 5 document types publicly posted at capture (terms of service, privacy policy, security page). Not found publicly: data processing agreement, subprocessor list — which means not publicly posted at capture time, not that the document doesn't exist. Many vendors share DPAs and subprocessor lists only on request or behind a trust portal.
AI-training stance: De-identified carve-out
verdict: deidentified-rd-carveout
No third-party LLM training; binding terms bar cross-customer training; reserves only de-identified/derived data for R&D.
“any Customer Data used for User personalization will remain strictly specific to the Customer and its Users, and will not be used to train, fine-tune, or otherwise improve services or functionalities for other customers”
Quoted verbatim from the vendor's terms of service, read 2026-06-05.