GDPR Compliance
Last updated: 29 June 2026
1. Our Commitment
Spectre AI Pro is fully committed to compliance with Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”). This page details how we implement the principles, rights, and obligations set out in the GDPR. It should be read alongside our Privacy Policy.
2. Data Protection Principles (Article 5)
We adhere to the seven core principles of GDPR Article 5:
- Lawfulness, fairness, and transparency: All processing is based on a valid legal basis, is fair to data subjects, and is communicated transparently.
- Purpose limitation: Data is collected for specified, explicit purposes and not further processed in incompatible ways.
- Data minimisation: We collect only the data necessary for the stated purposes.
- Accuracy: We maintain accurate and up-to-date data and correct inaccuracies without delay.
- Storage limitation: Data is retained only for as long as necessary, as detailed in our Privacy Policy.
- Integrity and confidentiality: Data is processed securely with appropriate technical and organisational measures.
- Accountability: We demonstrate compliance through documentation, records of processing activities, and regular reviews.
3. Your Rights
Under the GDPR, you have the following rights as a data subject:
- Right of access (Article 15): You may request confirmation that we process your data and a copy of it. We provide this free of charge, with a reasonable fee only for manifestly unfounded or excessive requests.
- Right to rectification (Article 16): You may request correction of inaccurate data or completion of incomplete data.
- Right to erasure / “right to be forgotten” (Article 17): You may request deletion of your data where it is no longer necessary, consent is withdrawn, or processing is unlawful. We will comply unless retention is required by law.
- Right to restriction (Article 18): You may request that we limit processing while a rectification, objection, or legality assessment is pending.
- Right to data portability (Article 20): You may receive your data in a structured, commonly used, machine-readable format (e.g., JSON) and transmit it to another controller.
- Right to object (Article 21): You may object to processing based on legitimate interests or for direct marketing. We will stop processing unless we demonstrate compelling legitimate grounds.
- Rights regarding automated decision-making (Article 22): You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Our AI services assist but do not make automated decisions about you without human oversight.
- Right to withdraw consent (Article 7(3)): Where processing relies on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
4. How to Exercise Your Rights
To exercise any of your rights, contact our Data Protection Officer:
Email: dpo@spectre.pro
We will respond within one month of receiving your request (Article 12(3)). This period may be extended by two further months for complex or numerous requests, in which case we will inform you of the extension and the reasons within the first month. We will verify your identity before processing requests to protect against unauthorised access.
5. Data Protection Officer (Articles 37–39)
We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. The DPO serves as your point of contact for all data protection matters and cooperates with supervisory authorities. The DPO can be reached at dpo@spectre.pro and operates independently, without receiving instructions regarding the exercise of their tasks.
6. Records of Processing Activities (Article 30)
We maintain records of all processing activities, including the purposes of processing, categories of data subjects and personal data, categories of recipients, retention periods, and technical and organisational security measures. These records are available to supervisory authorities upon request.
7. Data Protection by Design and by Default (Article 25)
We implement data protection by design and by default. This means that privacy considerations are integrated into the development of all features from the outset, and the default settings of our Service ensure that only data necessary for each specific purpose is processed. Examples include: minimal data collection at registration, no tracking cookies by default, and voice data deleted immediately after processing.
8. Data Breach Notification (Articles 33–34)
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware of the breach (Article 33). Where the breach is likely to result in a high risk, we will also notify you without undue delay (Article 34), describing the nature of the breach, the likely consequences, and the measures we are taking to address it.
9. Data Protection Impact Assessment (Article 35)
For processing that is likely to result in a high risk to your rights and freedoms (e.g., large-scale processing of conversation data, voice processing), we conduct Data Protection Impact Assessments (DPIAs). DPIAs assess the risks and the measures we implement to mitigate them. Where residual risks remain high, we consult with the supervisory authority (Article 36).
10. International Transfers (Chapter V)
Where personal data is transferred outside the EEA, we rely on adequacy decisions (Article 45) or Standard Contractual Clauses (Article 46). We conduct transfer impact assessments in line with the Schrems II ruling (Case C-311/18) and implement supplementary measures where necessary.
11. Right to Lodge a Complaint (Article 77)
You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. In Belgium, the supervisory authority is the Gegevensbeschermingsautoriteit / Autorité de protection des données (APD/GBA), Rue de la Presse 35, 1000 Brussels — www.gegevensbeschermingsautoriteit.be.
12. Related Documents
- Privacy Policy — Full details of data processing
- Cookie Policy — Cookie usage and consent
- Security — Technical and organisational measures
- Terms of Service — Service agreement
13. Contact
Data Protection Officer: dpo@spectre.pro
General: admin@spectre.pro