spectre
Launch
Privacy Policy

Privacy Policy

This Privacy Policy explains how spectre processes personal data for the website, account features, supported mailbox audits, AI-assisted identification, erasure request drafting, sending workflows, and organisation features.

Last updated: 10 June 2026. German legal notices are available in the Datenschutzerklärung.

1. Controller

The controller responsible for this service is:

OperatorALB Digital Diensliestungen
Legal formALB Digital Diensliestungen
AddressMainzer Strasse, 53179 Bonn, Germany
Privacy contactprivacy@agentspectre.eu
General / legal contactlegal@agentspectre.eu
Phone+49 1556 528 3042
Data Protection OfficerNo separate DPO is named in the current Impressum details. Privacy requests should be sent to privacy@agentspectre.eu.

2. Short Overview

3. Processing Purposes and Legal Bases

ActivityPurposeLegal basis
Website operationDelivery, security, error analysis, abuse prevention.Legitimate interests and legal obligations where applicable.
Account and loginAuthentication, account management, plan management, usage counters.Contract performance / pre-contractual measures.
Mailbox connectionAuthorized access to supported mailbox metadata and sending functions.Contract performance and consent where required.
Request drafting and sendingPreparing Article 17 / DSAR-oriented communications for user review and transmission.Contract performance.
PaymentsCheckout, fraud prevention, billing, tax documentation.Contract performance and legal obligations.
SupportAnswering questions, troubleshooting, handling legal and privacy requests.Contract performance, legal obligations, or legitimate interests.

4. Mailbox and OAuth Data

Depending on the selected provider, spectre may process OAuth tokens, provider identifiers, email address, permission scopes, sender, subject, date, provider metadata, snippets where technically returned, detected organisations, categories, confidence scores, request text, and sending status.

Full mailbox dumps, email passwords, attachments, calendars, and contacts are not the purpose of the mailbox audit and should not be permanently stored by spectre.

5. AI Support

spectre may use AI services to identify organisations, estimate language or jurisdiction, find privacy contacts, and prepare request drafts. Data should be minimized before use. AI output is operational assistance, not legal advice.

6. Recipients and Service Providers

Personal data may be processed by the following provider categories where the corresponding feature is used:

Static hosting / serverless functionsWebsite delivery, OAuth callbacks, checkout functions, API routes, security logging, and abuse prevention.
AppwriteAccount records, plan status, usage counters, request history, and organisation queue data where configured.
StripeCheckout, payment processing, fraud prevention, invoices, and payment status verification.
Mailbox providersGoogle/Gmail, Microsoft/Outlook, Yahoo, GMX, Web.de, iCloud, or other selected providers process authentication, mailbox access, and message sending under their own provider terms.
AI service provider, where enabledMinimized mailbox signals for organisation identification, contact lookup, language hints, and request draft assistance.
Target organisationsRecipients of user-approved erasure or data-rights requests.

Production deployment must keep this list aligned with the live hosting region, Appwrite region, AI provider setup, payment setup, and data processing agreements.

7. Your Rights

Subject to GDPR requirements, you may have rights of access, rectification, erasure, restriction, data portability, objection, withdrawal of consent, and complaint to a supervisory authority.

Requests may be sent to privacy@agentspectre.eu. For Bonn / North Rhine-Westphalia, the relevant supervisory authority is the Landesbeauftragte fuer Datenschutz und Informationsfreiheit Nordrhein-Westfalen.

8. Security and Retention

spectre uses technical and organisational measures such as transport encryption, OAuth authorization, access controls, server-side secret management, log minimization, and role-based controls for organisation features.

Data is retained only as long as needed for the relevant purpose, account operation, proof, legal obligations, billing, support, or security. No internet service can guarantee absolute security.