Privacy Policy

Effective May 2026

This Privacy Policy explains what data we collect when you use Specter, why we collect it, and how we use it. We aim to collect the minimum we need to run the Service.

1. What we collect

• Account data. Email address, hashed password (delegated to our auth provider), display name (optional), and role.
• Subscription data. Active plan, start and end dates, redemption history, and payment provider references. We do not store full payment card numbers.
• Configuration data. The settings you save (named profiles, per-weapon overrides, keybinds, etc.) are stored against your account so the desktop client and overlay can read them.
• Operational logs. Standard web-server logs (IP address, user agent, request timing) for security, abuse prevention, and debugging.
• Device identifiers. Where required to limit concurrent installations or detect resold accounts.

2. What we do NOT collect

• We do not collect data from your game client beyond your saved configuration.
• We do not collect telemetry from inside the Software at runtime — no keystrokes, game state, or screen captures leave your machine.
• We do not sell your data to third parties.

3. How we use it

We use collected data to authenticate you, deliver your subscription, sync your saved configuration to the running overlay, send service-related email (security alerts, receipts, mandatory notices), and protect the Service from fraud and abuse.

4. Sub-processors

We rely on a small set of third-party services to run Specter. They process the minimum data required to deliver their function and are bound by their own privacy commitments:

• Hosting and CDN providers (e.g. Vercel, Cloudflare)
• Auth identity provider (Locksmith)
• Object storage (Cloudflare R2)
• Payment processors (Stripe)
• Email delivery

5. Retention

Account, subscription, and configuration data are retained for as long as your account is active. Operational logs are retained for up to 90 days unless required longer for legal, regulatory, or security reasons. On account deletion we remove personal data within 30 days, except records we are legally required to keep (e.g. payment receipts).

6. Your rights

Depending on your jurisdiction, you may have rights to access, correct, export, or delete the personal data we hold about you. Send requests to support@spectercs.lol and we will respond within the period required by applicable law.

7. Security

We protect data with industry-standard practices: TLS in transit, encryption at rest where offered by the storage provider, short-lived authentication tokens, and least-privilege access for our team. No system is perfectly secure; in the event of a breach affecting your personal data we will notify affected users without undue delay.

8. Children

Specter is not directed at children under 18 and we do not knowingly collect personal data from minors.

9. Changes

We may update this policy from time to time. Material changes will be announced via the dashboard or by email. Continued use after revisions take effect constitutes acceptance.

10. Contact

Privacy questions: support@spectercs.lol.