Privacy Policy

1. Introduction

Finetron, LLC d/b/a SpecThis ("SpecThis", "we," "our," or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our software development planning service ("Service").

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide to us, including:

• Account Information: Name, email address, password, and organization details when you create an account
• Payment Information: Billing address and payment method details (processed securely by Stripe)
• Profile Information: Optional profile details such as job title, company name, and profile picture
• Content: Plans, specifications, work items, and other content you create or upload to the Service
• Communications: Messages you send to us, such as support requests and feedback

2.2 Information Automatically Collected

When you use the Service, we automatically collect certain information, including:

• Usage Data: Pages visited, features used, time spent, click patterns, and interaction with the Service
• Device Information: IP address, browser type and version, operating system, device type, and unique device identifiers
• Log Data: Server logs, error reports, and diagnostic information
• Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar tracking technologies

2.3 Information from Third Parties

We may receive information about you from third-party services you connect to our Service, such as:

• Authentication Providers: When you sign in using third-party authentication services
• Integration Partners: When you connect third-party tools to our Service
• Analytics Providers: Aggregated analytics and insights from Statsig and Google Analytics

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide and Maintain the Service

• Create and manage your account
• Process payments and subscriptions
• Store and sync your content across devices
• Provide customer support and respond to your requests
• Send transactional emails (account notifications, receipts, service updates)

3.2 To Improve and Optimize the Service

• Analyze usage patterns and user behavior
• Identify and fix bugs and technical issues
• Develop new features and functionality
• Conduct research and testing
• Monitor and improve Service performance

3.3 To Communicate with You

• Send product updates and announcements
• Provide tips and best practices
• Notify you of changes to our Terms or Privacy Policy
• Send marketing communications (you can opt out at any time)

3.4 For Security and Legal Compliance

• Detect and prevent fraud, abuse, and security incidents
• Enforce our Terms of Service
• Comply with legal obligations and respond to legal requests
• Protect our rights and property

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

• Stripe: Payment processing and billing management
• Amazon Web Services (AWS): Cloud hosting and data storage
• Statsig: Product analytics, feature flagging, and session replay
• Google Analytics: Web analytics and user behavior tracking
• Email Service Providers: Transactional and marketing emails

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Team Members and Organization

If you use the Service as part of an organization, your content and activity may be visible to other members of your organization according to the permissions set by your organization administrators.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders, warrants)
• Requests from government authorities
• Situations involving potential threats to public safety
• Enforcement of our Terms of Service or other agreements

4.4 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control.

4.5 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information. Types of cookies we use:

5.1 Essential Cookies

Required for the Service to function properly. These cannot be disabled and include authentication, security, and load balancing cookies.

5.2 Analytics Cookies

Help us understand how you use the Service through Statsig and Google Analytics. These track page views, feature usage, and user behavior.

5.3 Preference Cookies

Remember your settings and preferences (language, display options, etc.).

5.4 Managing Cookies

You can control cookies through your browser settings. Note that disabling cookies may limit your ability to use certain features of the Service. Most browsers accept cookies by default, but you can configure your browser to reject cookies or notify you when a cookie is set.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Retention periods vary depending on the type of information:

• Account Information: Retained until you delete your account, plus 90 days for backup purposes
• Content: Retained until you delete it or close your account
• Usage Data: Typically retained for 24 months for analytics purposes
• Payment Information: Retained as required for accounting and tax purposes (typically 7 years)
• Legal and Compliance Data: Retained as required by applicable laws and regulations

After the retention period, we will delete or anonymize your information. Some information may remain in backups for a limited period but will not be accessible.

7. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption in transit (TLS/SSL) and at rest (AES-256)
• Secure authentication and access controls
• Regular security audits and vulnerability assessments
• Secure data centers and infrastructure (AWS)
• Employee training on data protection and security
• Incident response and breach notification procedures

While we strive to protect your information, no method of transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

8. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

8.1 Access and Portability

You have the right to access your personal information and receive a copy in a portable format. You can export your data through your account settings or by contacting us.

8.2 Correction

You can update your account information at any time through your account settings. If you need assistance, contact us at support@specthis.ai.

8.3 Deletion

You can delete your account at any time through account settings. Upon deletion, we will remove your personal information within 90 days, except as required for legal or legitimate business purposes.

8.4 Opt-Out of Marketing

You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or by updating your communication preferences in your account settings. Note that you will still receive transactional emails necessary for the Service.

8.5 Do Not Track

Some browsers have a "Do Not Track" feature. We do not currently respond to Do Not Track signals because there is no industry standard for compliance.

9. Geographic-Specific Privacy Rights

9.1 GDPR (European Union)

If you are located in the EU, you have additional rights under the General Data Protection Regulation:

• Right to Rectification: Correct inaccurate personal information
• Right to Erasure: Request deletion of your personal information ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your information
• Right to Object: Object to certain types of processing
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

Legal Basis for Processing: We process your information based on:

• Contractual necessity (to provide the Service)
• Legitimate interests (to improve and secure the Service)
• Consent (for marketing and non-essential cookies)
• Legal obligations (compliance with laws)

9.2 CCPA/CPRA (California)

If you are a California resident, you have rights under the California Consumer Privacy Act:

• Right to Know: Request information about what personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information (we do not sell personal information)
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit Use: Limit use of sensitive personal information
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your rights

Categories of Personal Information: We collect identifiers, commercial information, internet activity, and inferences as described in Section 2 of this Privacy Policy.

Do Not Sell My Personal Information: We do not sell personal information to third parties.

9.3 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate. If you have questions about your rights in a specific jurisdiction, please contact us.

10. International Data Transfers

Our Service is operated in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

For EU users, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection for international data transfers.

11. Children's Privacy

The Service is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.

12. Third-Party Links and Services

The Service may contain links to third-party websites and services. This Privacy Policy does not apply to those third-party services. We are not responsible for the privacy practices of third parties, and we encourage you to review their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Sending an email to the address associated with your account
• Posting a notice in the Service
• Updating the "Last Updated" date at the top of this Privacy Policy

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@specthis.ai

For GDPR-related inquiries, you may also contact your local data protection authority.

15. Data Protection Officer

If required by applicable law, we will appoint a Data Protection Officer (DPO). Contact information for our DPO (if applicable) will be provided here when appointed.