Legal

Privacy Policy

Effective date: May 25, 2026  ·  Last updated: May 25, 2026

Spectreworks AI ("we," "us," or "our") operates spectreworks.ai. This policy explains what information we collect, how we use it, and your rights regarding it. We keep this short on purpose — if something is unclear, email us at [email protected].

Information We Collect

We collect information you give us directly:

• Contact and audit requests — first name, last name, email address, company name, and a description of your automation goals when you submit the audit request form.
• Advisory account registration — email address and name when you create an account to access gated security advisories.
• Payment — billing is processed entirely by Stripe. We do not see or store your card number, CVV, or full billing details. We receive a confirmation of payment and the tier purchased.

We use Plausible Analytics to understand aggregate site traffic. Plausible collects no personal data, uses no cookies, and is fully GDPR/CCPA compliant. We see page view counts and referral sources — nothing that identifies individual visitors. We do not use tracking pixels.

How We Use Your Information

• To respond to your audit or scope call request and schedule your session via Calendly.
• To fulfill services you have purchased.
• To send relevant email communications — project updates, security advisories, and educational content — via ConvertKit (Kit). Every marketing email includes an unsubscribe link.
• To authenticate you and provide access to gated advisory content.
• To comply with legal and financial obligations.

Third-Party Services

We use the following services to operate. Each has its own privacy policy:

• Amazon Web Services (AWS) — cloud hosting, database storage, authentication (Cognito), and transactional email (SES). AWS is our primary infrastructure provider.
• Stripe — payment processing. Card data never touches our servers.
• ConvertKit (Kit) — email list management and marketing sequences.
• Calendly — scheduling for audit and scope calls. If you book a session, Calendly processes your name and email under their privacy policy.
• Plausible Analytics — privacy-first, cookieless web analytics. No personal data is collected or stored. See plausible.io/privacy for details.
• Cloudflare — content delivery network and DNS. Cloudflare processes request metadata (IP address, browser headers) as part of normal CDN operation.

Data Retention

• Audit form submissions are retained for business records as long as the relationship is active.
• Advisory accounts remain active until you request deletion.
• Payment records are retained as required by applicable financial and tax regulations.
• Email marketing records are retained until you unsubscribe or request removal.

Your Rights

You have the right to access, correct, or delete the personal data we hold about you. To exercise any of these rights, email [email protected] and we will respond within 30 days.

Unsubscribing from email — every marketing email we send includes an unsubscribe link. You can opt out at any time without affecting your account or purchased services.

EU/EEA residents — if you are located in the European Union or European Economic Area, you have rights under the General Data Protection Regulation (GDPR), including the right to data portability and the right to lodge a complaint with your local supervisory authority.

California residents — under the California Consumer Privacy Act (CCPA), you have the right to know what personal information we collect, the right to delete it, and the right to opt out of its sale. We do not sell personal information.

Data Security

We use industry-standard security controls — encrypted connections (HTTPS), access controls, and least-privilege IAM policies — to protect your information. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Children's Privacy

Our services are directed at businesses and professionals. We do not knowingly collect information from individuals under the age of 18.

Changes to This Policy

We may update this policy from time to time. If we make material changes, we will update the "Last updated" date at the top of this page. Continued use of our services after changes constitutes acceptance of the updated policy.

Contact

Questions about this policy or your data: [email protected]