Privacy Policy

Data controller

Specaria (operator: Dima Spector). Contact: hello@specaria.io.

Scope

This policy covers data collected by the Specaria marketing site (www.specaria.io) and the customer portal (portal.specaria.io). It does not cover data that customers process using Specaria products — that data stays in the customer's own environment and is subject to the customer's own privacy policy.

What we collect — marketing site

• No cookies. No analytics scripts. No tracking pixels.
• Server access logs (Cloud Run) retained for 30 days — standard request metadata only: IP address, request path, timestamp, response code, user-agent. No PII beyond what is implicit in HTTP headers.

What we collect — customer portal

• Account data: email address and display name (for license delivery and operator review).
• License request data: product slug, customer organization name, intended-use description.
• No payment data. v1 of the platform has no billing surface.

Audit hashes

License issuance events are hashed and retained for up to 18 months in GCS Object Lock storage. These hashes do not contain customer personal data — they contain license JTI (token identifier) and issuance timestamp only.

Data residency

All Specaria platform infrastructure is hosted in me-west1 (Tel Aviv, Israel). Product data stays in the customer's own environment; no product data is transmitted to Specaria infrastructure except opt-in telemetry, which the customer enables explicitly per installation.

GDPR rights

Where applicable, you have the right to access, rectify, erase, restrict, and port your personal data, and to object to processing. Submit requests to hello@specaria.io.

Changes to this policy

We will publish material changes to this policy on this page. The "Last updated" date in the page header reflects the most recent revision.