Privacy Policy

This Privacy Policy explains how Specdra LLC (“Specdra,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you access or use our websites, applications, and related services (collectively, the “Services”). It also describes the choices and rights you have regarding your information. By accessing or using the Services, you agree to the practices described in this Privacy Policy.

1. Information We Collect. We collect information that you provide to us directly, information we collect automatically when you use the Services, and information we receive from third parties. A. Information you provide. Account information: name, email address, password or authentication identifiers, company or organization name, job title, and related profile information. Customer content: files and materials you upload or submit through the Services — including commercial leases, amendments, exhibits, rent rolls, and related documents — along with the structured data, abstracts, summaries, flags, and other outputs generated from them. Communications: information you provide when you contact us, request a demo, submit a support request, respond to a survey, or otherwise communicate with us, including the content of those messages. Billing information: if you purchase a paid plan, billing and transaction details; account authentication and billing are managed through Clerk, and payments are processed by Stripe; payment card details are handled by these providers in accordance with their own privacy policies, and we do not store full payment card numbers on our servers. B. Information collected automatically.Usage data: information about how you interact with the Services, such as pages and features viewed, actions taken, and the dates and times of your activity. Device and log data: IP address, browser type, device and operating system information, language preferences, referring and exit pages, and similar technical information collected through server logs. Cookies and similar technologies: we and our service providers use cookies and similar technologies to operate and secure the Services and to measure and analyze usage, as described under “Cookies and Tracking Technologies” below. C. Information from third parties. We may receive information about you from third parties, such as authentication providers, payment processors, analytics providers, and others who help us operate and improve the Services, and we combine it with the information described above.

2. How We Use Information. We use the information we collect to: provide, operate, maintain, and secure the Services; process the documents and content you submit in order to generate abstractions, structured data, risk flags, and other outputs you request; authenticate users, manage accounts, and administer subscriptions and billing; respond to your inquiries, demo and support requests, and provide customer support; monitor, analyze, and improve the performance, reliability, and features of the Services; detect, investigate, and prevent fraud, abuse, security incidents, and other harmful or unlawful activity; send you service-related communications and, where permitted, marketing communications you can opt out of; and comply with our legal obligations and enforce our agreements.

3. AI and Automated Processing. The Services use automated systems and artificial intelligence models to read, extract, structure, and analyze information from the documents and content you submit, in order to provide the features you request. To deliver these features, we transmit relevant portions of your content to our third-party AI provider, Anthropic (the provider of the Claude models), which processes it solely to generate the outputs you request and does not use it to train its models. Automated processing is used only to deliver the Services to you and is subject to the protections described in this Privacy Policy. We do not use your customer content to train general-purpose AI models for unrelated purposes without your consent.

4. How We Share Information. We do not sell your personal information. We share information only in the following circumstances. Service providers and subprocessors: with reputable vendors who process information on our behalf, only to deliver services to us and under obligations to protect it; our current subprocessors include Vercel (website hosting and privacy-friendly site analytics, such as page views and visit data), DigitalOcean (hosting infrastructure, database, and file storage for the application, SOC 2 compliant), Clerk (authentication, account management, and billing), Stripe (payment processing), Anthropic (AI processing of submitted content to generate outputs), and Resend (transactional and support email delivery). Within your organization: with other authorized users or administrators of the account or workspace to which your information belongs. Legal and safety: when required to comply with applicable law, regulation, legal process, or governmental request, or to protect the rights, property, safety, and security of Specdra, our users, or others. Business transfers: in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to the protections of this Privacy Policy. With your consent: when you direct us to share your information or otherwise consent to sharing.

5. Legal Bases for Processing. If you are located in the European Economic Area, the United Kingdom, or a jurisdiction with similar requirements, we process your personal information on the following legal bases: performance of a contract with you; our legitimate interests in operating, securing, and improving the Services; compliance with legal obligations; and your consent, where applicable. Where we rely on consent, you may withdraw it at any time.

6. Data Retention. We retain personal information and customer content for as long as your account is active or as needed to provide the Services, and thereafter as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, and maintain backups for a commercially reasonable period. When information is no longer needed, we take steps to delete or de-identify it. Deletion: if you delete your account, your authentication profile may be removed through our authentication provider; to request deletion of uploaded documents and the data and outputs derived from them, contact us at support@specdra.com. We may retain limited information, such as logs, where necessary for security, fraud prevention, legal compliance, or other legitimate business purposes.

7. Data Security. We use administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, misuse, and alteration, including encryption in transit, access controls, and monitoring. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.

8. Your Rights and Choices. Depending on your location, you may have the right to access, correct, update, delete, port, restrict, or object to the processing of your personal information, and to withdraw consent where processing is based on consent. These rights may include those under the EU/UK GDPR and the California Consumer Privacy Act (as amended by the CPRA). Access and portability: request a copy of the personal information we hold about you. Correction: ask us to correct inaccurate or incomplete information. Deletion: ask us to delete your personal information, subject to legal exceptions. Marketing choices: opt out of marketing emails at any time using the unsubscribe link or by contacting us. To exercise any of these rights, contact us at support@specdra.com. We will respond consistent with applicable law, and we will not discriminate against you for exercising your rights. If we process customer content on behalf of an organization, we will direct your request to that organization where appropriate.

9. International Data Transfers. We may process and store information in countries other than the one in which you reside, including the United States. Where we transfer personal information across borders, we use appropriate safeguards — such as standard contractual clauses — to protect it in accordance with applicable law.

10. Cookies and Tracking Technologies.We use cookies and similar technologies that are necessary to operate and secure the Services. For website analytics we use Vercel, which provides privacy-friendly, cookieless measurement of page views and visit data to help us understand usage and improve performance; Vercel’s processing is described in its privacy policy. You can control cookies through your browser settings; disabling some cookies may affect how the Services function.

11. Children’s Privacy. The Services are intended for businesses and are not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us and we will take appropriate steps to delete it.

12. Third-Party Links and Services. The Services may contain links to, or integrate with, third-party websites and services that we do not control. This Privacy Policy does not apply to those third parties, and we encourage you to review their privacy practices.

13. Changes to This Privacy Policy.We may update this Privacy Policy from time to time. When we do, we will revise the “Effective date” above and, where appropriate, provide additional notice. Your continued use of the Services after an update takes effect constitutes acceptance of the revised Privacy Policy.

14. Contact Us. If you have questions or concerns about this Privacy Policy or our privacy practices, contact us at support@specdra.com.