Privacy Policy

1. Introduction

Speco ("Speco", "we", "us", or "our") operates the Speco AI platform available at specoai.com (the "Service"). This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using the Service you agree to the practices described below.

2. Information We Collect

We collect the following categories of information:

• Account and authentication data. When you sign in with Google, GitHub, or email, we receive your name, email address, and a unique identifier from the authentication provider.
• Content you upload. Documents, datasets, prompts, instructions, evaluation inputs, and other content you submit to train or operate your AI specialists.
• Messages and integrations. If you connect the Service to third-party channels (for example, WhatsApp via the Meta APIs), we process the message content, sender identifiers, and metadata required to route and respond to those messages.
• Billing information. When you subscribe to a paid plan, payment details are collected and processed directly by Stripe. We store a customer identifier and subscription status, not raw card data.
• Usage data. Logs, device and browser information, IP address, approximate location, and product analytics events needed to operate and improve the Service.

3. How We Use Information

• Provide, operate, and maintain the Service.
• Authenticate users and protect accounts.
• Train, evaluate, and run the AI specialists you configure.
• Process payments and manage subscriptions.
• Send transactional messages related to your account.
• Monitor, debug, and improve reliability, performance, and security.
• Comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information, and we do not use the content you upload to train foundation models that are shared across customers.

4. Data Storage and Security

Data is stored with reputable cloud infrastructure providers and transmitted over encrypted connections (HTTPS/TLS). We apply access controls, audit logging, and the principle of least privilege. No system is perfectly secure, but we work to protect your data using industry-standard practices.

5. Third-Party Services

The Service relies on trusted third parties to function. Each processes data only for the specific purposes listed below:

• Supabase — authentication, database, and file storage.
• Stripe — payment processing and subscription management.
• OpenAI and other LLM providers — model inference for AI specialists. Prompts and context you submit are sent to these providers to generate responses.
• Meta (WhatsApp Business / Graph APIs) — receiving and sending messages when you connect WhatsApp integrations.
• Vercel — application hosting and edge delivery.
• Google and GitHub — OAuth sign-in.
• PostHog — privacy-aware product analytics.

6. Data Retention

We retain account data for as long as your account is active. Content you upload is retained until you delete it or terminate your account. Billing and transactional records may be retained longer where required for tax, accounting, or legal compliance. Operational logs are retained for a limited period sufficient to support debugging, security, and abuse prevention.

7. User Rights

Depending on your jurisdiction (for example, under GDPR, LGPD, or CCPA), you may have the right to access, correct, export, or delete personal information we hold about you, and to object to or restrict certain processing. You can exercise these rights by contacting us using the information below. You may also disconnect third-party integrations or delete uploaded content from within the Service at any time.

8. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

9. Changes to this Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above. Material changes will be communicated through the Service or by email where appropriate.

10. Contact Information

Questions or requests related to this Privacy Policy can be sent to joaovictorlopezmatias@gmail.com.