Privacy Policy

Last updated: 29 June 2026

1. Controller and Data Protection Officer

Spectre AI Pro (“we”, “us”, “our”) is the data controller responsible for your personal data within the meaning of Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter “GDPR”).

Company: Spectre AI Pro
Email: admin@spectre.pro
Data Protection Officer: dpo@spectre.pro

For all matters related to the protection of your personal data, you may contact our Data Protection Officer at dpo@spectre.pro or by post to our registered office.

2. Personal Data We Process

We process the following categories of personal data:

  • Account data: Name, email address, password (hashed via bcrypt), organisation name, and role.
  • Authentication data: OAuth tokens from Google and Apple sign-in providers (where used).
  • Conversation data: Messages sent to and generated by AI agents, including prompts, responses, and attached files.
  • Usage data: Agent interactions, session timestamps, feature usage analytics, and IP address.
  • Voice data: Audio input captured for voice-to-text features, processed in real time and not retained beyond the session unless explicitly saved.
  • Design studio data: Project content, version history, and export artifacts created within the platform.
  • Technical data: Browser type, device identifiers, operating system, and log data for security and troubleshooting.

3. Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 of the GDPR:

  • Article 6(1)(b) — Performance of a contract: Processing your account, conversations, and project data to deliver the AI agent services you have requested.
  • Article 6(1)(f) — Legitimate interests: Security monitoring, fraud prevention, service improvement, and analytics. These interests are balanced against your rights and never override your fundamental privacy rights.
  • Article 6(1)(c) — Legal obligation: Retaining billing records and audit logs where required by applicable EU or national law.
  • Article 6(1)(a) — Consent: Processing voice data and optional analytics cookies. Consent can be withdrawn at any time without affecting the lawfulness of prior processing.

4. Purposes of Processing

  • Providing access to AI agent services, including chat, voice, and design studio features.
  • Authenticating your identity and managing your session securely.
  • Storing and retrieving conversation history and project data.
  • Improving the quality, accuracy, and safety of AI responses through aggregated, anonymised analytics.
  • Detecting, preventing, and responding to security incidents, fraud, or abuse.
  • Complying with legal obligations and responding to lawful requests from competent authorities.

5. Data Recipients

Your personal data is processed by Spectre AI Pro personnel and, where necessary, by the following categories of processors (sub-processors) acting under written agreements compliant with Article 28 GDPR:

  • AI model providers: xAI (Grok) and other model providers for generating AI responses. Data is transmitted via encrypted API calls and is not used by providers for training purposes.
  • Cloud infrastructure: Hosting providers for compute, storage, and database services, located within the European Union where feasible.
  • Authentication providers: Google and Apple for OAuth-based sign-in. These providers process your data under their own privacy policies.
  • Email and communication: Transactional email services for account notifications and security alerts.

We do not sell your personal data to any third party. We do not share your data for advertising purposes.

6. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), we ensure an adequate level of protection through Standard Contractual Clauses (SCCs) adopted by the European Commission, supplemented by transfer impact assessments where required by the Schrems II ruling. A copy of the SCCs can be requested from dpo@spectre.pro.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Account data: Retained for the duration of your account. Deleted within 30 days of account closure.
  • Conversation data: Retained for the lifetime of your account unless you manually delete individual conversations.
  • Voice data: Processed in real time and deleted immediately after transcription, unless saved as part of a conversation.
  • Log data: Retained for 90 days for security and troubleshooting purposes.
  • Audit trails: Retained for up to 7 years where required by applicable financial or tax law.

8. Your Rights Under GDPR

As a data subject within the European Union, you have the following rights:

  • Right of access (Article 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Article 16): Correct inaccurate or incomplete personal data.
  • Right to erasure (Article 17): Request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction (Article 18): Request that we limit processing of your data under certain conditions.
  • Right to data portability (Article 20): Receive your data in a structured, machine-readable format and transmit it to another controller.
  • Right to object (Article 21): Object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent (Article 7(3)): Withdraw consent for processing that relies on it at any time.
  • Right not to be subject to automated decision-making (Article 22): Not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

To exercise any of these rights, email dpo@spectre.pro. We will respond within one month, extendable by two further months for complex requests (Article 12(3)).

9. Right to Lodge a Complaint

You have the right to lodge a complaint with your local supervisory authority if you believe our processing of your personal data infringes the GDPR. In Belgium, the supervisory authority is the Gegevensbeschermingsautoriteit / Autorité de protection des données (APD/GBA), Rue de la Presse 35, 1000 Brussels — www.gegevensbeschermingsautoriteit.be.

10. Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including TLS 1.3 encryption in transit, AES-256 encryption at rest, bcrypt password hashing, role-based access control, regular security audits, and continuous monitoring. See our Security page for details.

11. Children’s Data

Our services are not directed at individuals under the age of 16. We do not knowingly process personal data of children. If you believe we have processed a child’s data, contact dpo@spectre.pro and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or in-app notification at least 30 days before they take effect. The date of last update is indicated at the top of this page.

13. Contact

For any questions about this Privacy Policy or your personal data, contact us at:
Email: dpo@spectre.pro
General: admin@spectre.pro