Privacy Policy
This Privacy Policy explains how spectre processes personal data for the website, account features, supported mailbox audits, AI-assisted identification, erasure request drafting, sending workflows, and organisation features.
1. Controller
The controller responsible for this service is:
| Operator | ALB Digital Diensliestungen |
|---|---|
| Legal form | ALB Digital Diensliestungen |
| Address | Mainzer Strasse, 53179 Bonn, Germany |
| Privacy contact | privacy@agentspectre.eu |
| General / legal contact | legal@agentspectre.eu |
| Phone | +49 1556 528 3042 |
| Data Protection Officer | No separate DPO is named in the current Impressum details. Privacy requests should be sent to privacy@agentspectre.eu. |
2. Short Overview
- spectre does not ask for email passwords. Connections use OAuth or provider-specific interfaces.
- Mailbox audits are designed around metadata and signals such as sender, subject, date, receipts, service messages, and privacy notices.
- Erasure requests are drafted or sent only after user action and review.
- Third-party organisations may refuse or limit erasure where legal retention duties or exemptions apply.
3. Processing Purposes and Legal Bases
| Activity | Purpose | Legal basis |
|---|---|---|
| Website operation | Delivery, security, error analysis, abuse prevention. | Legitimate interests and legal obligations where applicable. |
| Account and login | Authentication, account management, plan management, usage counters. | Contract performance / pre-contractual measures. |
| Mailbox connection | Authorized access to supported mailbox metadata and sending functions. | Contract performance and consent where required. |
| Request drafting and sending | Preparing Article 17 / DSAR-oriented communications for user review and transmission. | Contract performance. |
| Payments | Checkout, fraud prevention, billing, tax documentation. | Contract performance and legal obligations. |
| Support | Answering questions, troubleshooting, handling legal and privacy requests. | Contract performance, legal obligations, or legitimate interests. |
4. Mailbox and OAuth Data
Depending on the selected provider, spectre may process OAuth tokens, provider identifiers, email address, permission scopes, sender, subject, date, provider metadata, snippets where technically returned, detected organisations, categories, confidence scores, request text, and sending status.
Full mailbox dumps, email passwords, attachments, calendars, and contacts are not the purpose of the mailbox audit and should not be permanently stored by spectre.
5. AI Support
spectre may use AI services to identify organisations, estimate language or jurisdiction, find privacy contacts, and prepare request drafts. Data should be minimized before use. AI output is operational assistance, not legal advice.
6. Recipients and Service Providers
Personal data may be processed by the following provider categories where the corresponding feature is used:
| Static hosting / serverless functions | Website delivery, OAuth callbacks, checkout functions, API routes, security logging, and abuse prevention. |
|---|---|
| Appwrite | Account records, plan status, usage counters, request history, and organisation queue data where configured. |
| Stripe | Checkout, payment processing, fraud prevention, invoices, and payment status verification. |
| Mailbox providers | Google/Gmail, Microsoft/Outlook, Yahoo, GMX, Web.de, iCloud, or other selected providers process authentication, mailbox access, and message sending under their own provider terms. |
| AI service provider, where enabled | Minimized mailbox signals for organisation identification, contact lookup, language hints, and request draft assistance. |
| Target organisations | Recipients of user-approved erasure or data-rights requests. |
Production deployment must keep this list aligned with the live hosting region, Appwrite region, AI provider setup, payment setup, and data processing agreements.
7. Your Rights
Subject to GDPR requirements, you may have rights of access, rectification, erasure, restriction, data portability, objection, withdrawal of consent, and complaint to a supervisory authority.
Requests may be sent to privacy@agentspectre.eu. For Bonn / North Rhine-Westphalia, the relevant supervisory authority is the Landesbeauftragte fuer Datenschutz und Informationsfreiheit Nordrhein-Westfalen.
8. Security and Retention
spectre uses technical and organisational measures such as transport encryption, OAuth authorization, access controls, server-side secret management, log minimization, and role-based controls for organisation features.
Data is retained only as long as needed for the relevant purpose, account operation, proof, legal obligations, billing, support, or security. No internet service can guarantee absolute security.