agent spectre
Launch

Privacy Policy

This Privacy Policy explains how Agent Spectre collects, uses, and protects your personal information. We are committed to transparency and ensuring your privacy rights are respected.

Last updated: December 2024

Gmail Data Usage

Agent Spectre uses Gmail access only to identify account-related emails and to transmit user-authorized erasure requests.

When you connect your Gmail account to Agent Spectre, we request OAuth 2.0 permissions with minimal scopes:

  • gmail.readonly - Allows us to read email headers (from, subject, date) to identify account signatures. We never access email content or body text.
  • gmail.send - Allows us to transmit erasure requests directly from your authenticated Gmail account to verified Data Protection Officer contacts.

What we analyze: We process only email metadata (sender addresses, subjects, dates) to identify organizations holding your personal data. This includes detecting account signatures from signup confirmations, privacy policy updates, and marketing communications.

What we never access: We do not read, store, or process the content of your emails. We do not access attachments, calendar events, contacts, or any other Gmail data beyond the headers necessary for account identification.

Local processing: Email metadata analysis occurs entirely within your browser's volatile memory. No email data is transmitted to our servers during the scanning process.

Data Collection & Processing

Account Information

To provide our services, we collect and store minimal account information:

  • Email address (for account identification and erasure request transmission)
  • Name (for personalizing erasure requests)
  • Subscription tier and usage statistics (request count, tier status)
  • Google OAuth subject ID (for account linking, if provided)

Email Metadata (Temporary Processing)

During privacy scans, we temporarily process email headers in your browser to identify account signatures. This data is never stored on our servers. Only the results (identified accounts) are saved to your account for your review.

Payment Information

Payment processing is handled exclusively by Stripe, our PCI-compliant payment processor. We never store credit card numbers or payment details on our servers.

Data Storage & Retention

Storage location: Account data is stored in AppWrite, a secure database service. All data is encrypted at rest and in transit.

Retention period: We retain your account information and identified accounts for as long as your account is active. You can delete your account and all associated data at any time through your account settings.

Email data: We do not store your email content or metadata on our servers. Email headers are processed only in your browser's volatile memory during scans.

Data Sharing & Third Parties

Agent Spectre does not sell, rent, or share your personal information with third parties except in the following limited circumstances:

  • Google Gmail API: We use Google's Gmail API to access email headers and send erasure requests. Google's use of your data is governed by their Privacy Policy.
  • Gemini AI (Google): Anonymized account signatures (sender addresses, dates) are sent to Google's Gemini API for account identification. No email content or personal identifiers are included.
  • Stripe: Payment information is processed by Stripe. We receive only payment confirmation and subscription status.
  • Legal compliance: We may disclose information if required by law or to protect our rights and the safety of our users.

Your Privacy Rights

Under GDPR, CCPA, and other privacy regulations, you have the following rights:

Right to Access

You can access all data we hold about you through your account dashboard.

Right to Deletion

You can delete your account and all associated data at any time.

Right to Revoke Access

You can revoke Gmail OAuth access at any time through your Google Account settings.

Right to Data Portability

You can export your identified accounts and account data in a machine-readable format.

Security Measures

We implement industry-standard security measures to protect your data:

  • TLS 1.3 encryption for all data in transit
  • OAuth 2.0 authentication with minimal permission scopes
  • Serverless function isolation for AI operations
  • Zero-knowledge architecture (we cannot read your email content)
  • Local browser processing for email metadata analysis
  • Secure environment variables for API keys (never exposed to client-side)

Contact & Questions

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Privacy inquiries: privacy@agentspectre.eu

General inquiries: legal@agentspectre.eu