Privacy Policy
This Privacy Policy explains how spectre processes personal data for the website, account features, supported mailbox audits, AI-assisted identification, erasure request drafting, sending workflows, and organisation features.
1. Controller
The controller responsible for this service is:
| Operator | ALB Digital Diensliestungen |
|---|---|
| Legal form | ALB Digital Diensliestungen |
| Address | Mainzer Strasse, 53179 Bonn, Germany |
| Privacy contact | privacy@agentspectre.eu |
| General / legal contact | legal@agentspectre.eu |
| Phone | +49 1556 528 3042 |
| Data Protection Officer | No separate DPO is named in the current Impressum details. Privacy requests should be sent to privacy@agentspectre.eu. |
2. Short Overview
- spectre does not ask for email passwords. Connections use OAuth or provider-specific interfaces.
- Mailbox audits are designed around metadata and signals such as sender, subject, date, and account-related patterns.
- Erasure requests are drafted or sent only after user action and review.
- Third-party organisations may refuse or limit erasure where legal retention duties or exemptions apply.
3. Processing Purposes and Legal Bases
| Activity | Purpose | Legal basis |
|---|---|---|
| Website operation | Delivery, security, error analysis, abuse prevention. | Legitimate interests and legal obligations where applicable. |
| Account and login | Authentication, account management, plan management, usage counters. | Contract performance / pre-contractual measures. |
| Mailbox connection | Authorized access to supported mailbox metadata and sending functions. | Contract performance and consent where required. |
| Request drafting and sending | Preparing Article 17 / DSAR-oriented communications for user review and transmission. | Contract performance. |
| Payments | Checkout, fraud prevention, billing, tax documentation. | Contract performance and legal obligations. |
| Support | Answering questions, troubleshooting, handling legal and privacy requests. | Contract performance, legal obligations, or legitimate interests. |
4. Mailbox and OAuth Data
Depending on the selected provider, spectre may process OAuth tokens, provider identifiers, email address, permission scopes, sender, subject, date, provider metadata, snippets where technically returned, detected organisations, categories, confidence scores, request text, and sending status.
Full mailbox dumps, email passwords, attachments, calendars, and contacts are not the purpose of the mailbox audit and should not be permanently stored by spectre.
5. AI Support
spectre may use AI services to identify organisations, estimate language or jurisdiction, find privacy contacts, and prepare request drafts. Data should be minimized before use. AI output is operational assistance, not legal advice.
6. Recipients and Service Providers
Personal data may be processed by hosting providers, account/database providers such as Appwrite, payment providers such as Stripe, mailbox providers such as Google or Microsoft, AI providers where enabled, and target organisations that receive user-approved requests.
The exact provider setup, region, data processing agreements, and transfer mechanisms should be documented from the live production configuration.
7. Your Rights
Subject to GDPR requirements, you may have rights of access, rectification, erasure, restriction, data portability, objection, withdrawal of consent, and complaint to a supervisory authority.
Requests may be sent to privacy@agentspectre.eu. For Bonn / North Rhine-Westphalia, the relevant supervisory authority is the Landesbeauftragte fuer Datenschutz und Informationsfreiheit Nordrhein-Westfalen.
8. Security and Retention
spectre uses technical and organisational measures such as transport encryption, OAuth authorization, access controls, server-side secret management, log minimization, and role-based controls for organisation features.
Data is retained only as long as needed for the relevant purpose, account operation, proof, legal obligations, billing, support, or security. No internet service can guarantee absolute security.