Privacy policy

This Privacy Policy (“Policy”) explains how personal data is processed and protected within the Speci Service, and what rights you have.

1) Definitions

  1. Privacy Policy / Policy – this document describing rules for processing and protecting personal data in the Speci Service.

  2. GDPR – Regulation (EU) 2016/679 (General Data Protection Regulation), where applicable.

  3. Capitalized terms not defined here have the meaning given in the Terms of Service applicable to the Speci Service.

2) Who is the Data Controller

If you are a Client or User of the Speci Service, the Data Controller of personal data processed for account administration and delivery of the Service is:

Appsi P.S.A. (the “Controller”)
Contact email: speci [AT] speci.io
Website: https://speci.io

Note: In many cases, when you enter personal data of your own customers into Speci, you (the Client) act as the independent data controller of that customer data. In such situations, Appsi P.S.A. typically acts as a data processor on your behalf (to the extent required to provide the Service).

3) Purposes and Legal Bases of Processing

We process personal data for the following purposes and on the following bases (depending on applicable law, including GDPR where relevant):

a) Providing the Service and customer support

  • Creating accounts, enabling login, maintaining and operating the Service

  • Communication related to the Service, handling requests, support and complaints
    Legal basis: performance of a contract and/or steps taken at your request before entering into a contract; and/or legitimate interests (Service operation, communication, support).

b) Legal and compliance obligations

  • Accounting, tax, invoicing, recordkeeping, and other mandatory compliance duties (where applicable)
    Legal basis: compliance with a legal obligation.

c) Protecting rights and handling disputes

  • Preventing abuse, ensuring security, defending against claims, pursuing claims, investigation of incidents
    Legal basis: legitimate interests (security, continuity, legal protection).

d) Marketing communications (optional)

If you opt in (e.g., in settings or a registration form), we may send product updates or offers.
Legal basis: consent and/or legitimate interests, depending on the applicable rules for electronic marketing in your jurisdiction.
You can unsubscribe at any time via account settings or by emailing speci [AT] speci.io.

4) What Data We Process

Data may include (depending on what you provide and how you use the Service):

  • Account and identity data: name/surname or company name, email, password (stored in a secure hashed form), phone number (if provided)

  • Service usage data: device identifier, last login time, app version, join date, IP address

  • Company and billing data (if you use paid features and provide such details): company name, registered address, tax/business identifiers (as applicable in your country), bank account number (if provided/required)

System logs and diagnostics

The Service may collect technical logs about errors and performance across components (mobile app, web portal, API). Logs are processed for diagnostics, security, and system administration. Depending on the issue, logs may contain values entered by users. We use logs to keep the Service reliable and secure.

5) Where Data Comes From

  1. Data is provided directly by you (e.g., via the Speci app/portal).

  2. Providing the email address and password is voluntary, but necessary to create an account and use the Service. Other data is generally optional, but lack of certain information may limit specific features (e.g., billing).

6) Who We Share Data With

We may share personal data with:

a) Authorized employees and contractors who need access to perform their duties.

b) Service providers supporting us in operating the Service (e.g., hosting, infrastructure, IT tools, analytics, accounting, legal, customer support).
If you use electronic payments or card payments, data necessary to complete the transaction may be shared with payment providers/processors.

c) Public authorities, regulators, courts, or other authorized third parties only when required by applicable law or valid legal process.

7) Data Retention

We keep data only as long as necessary:

a) Account data: typically until you delete your account or terminate the Service agreement, unless longer retention is required or justified (e.g., dispute handling, security, legal obligations).

b) Where processing is based on legitimate interests: for as long as those interests remain valid, or until you successfully object (where applicable), unless another legal basis allows continued processing.

c) Legal/compliance retention: certain records (e.g., invoicing/accounting) may need to be retained for periods required by applicable law in the relevant jurisdiction.

Retention may be extended where necessary to establish, exercise, or defend legal claims.

8) Your Rights

Depending on your jurisdiction (and under GDPR where applicable), you may have the right to:

  • Access your personal data (and obtain a copy)

  • Rectify inaccurate or incomplete data

  • Erase data (“right to be forgotten”), in certain cases

  • Restrict processing, in certain cases

  • Data portability, in certain cases

  • Object to processing based on legitimate interests, including objection to direct marketing

  • Withdraw consent at any time (withdrawal does not affect the lawfulness of processing before withdrawal)

To exercise your rights, contact us at speci [AT] speci.io.

Complaints to a supervisory authority

If you believe your data is processed unlawfully, you may lodge a complaint with the competent data protection authority in your country/region.

9) Automated Decision-Making

We do not use your personal data for automated decision-making (including profiling) that produces legal effects or similarly significant impacts on you.

10) International Data Transfers

As a rule, we aim to process and store data within the European Economic Area (EEA).
If we use providers located outside the EEA (or who may access data from outside the EEA), we ensure appropriate safeguards are used (such as Standard Contractual Clauses or other lawful transfer mechanisms, as required).

Some tools/providers we use may be operated by entities headquartered outside the EEA (e.g., global cloud providers). Where such transfers occur, they are performed with legally required protections in place.

11) Security Measures

We use appropriate technical and organizational measures to protect personal data, including encryption of data transmitted over the internet and access controls.
In the event of a personal data breach, we will notify affected users and/or authorities when required by applicable law.

12) Cookies and Similar Technologies

  1. Cookies are small files saved on your device when using the website/portal and (where applicable) embedded web components. They store preferences and technical information (e.g., browser type).

  2. We use cookies to ensure the Service functions correctly and to improve the Service.

  3. We may use cookies/analytics to understand usage and improve features. This is typically based on legitimate interests and/or consent, depending on local rules.

  4. We may process IP addresses for technical diagnostics, statistics, administration, and security.

  5. Cookie categories may include:

    • Strictly necessary cookies (always active): required for core functionality and security.

    • Analytics cookies: help us understand usage and improve performance (subject to applicable consent rules).

  6. You can manage cookies through your browser settings and, where available, within the Service’s cookie controls. Blocking some cookies may affect functionality.

13) Changes to This Policy

We may update this Policy from time to time. If changes are material, we will provide appropriate notice (e.g., via email or in-app notice). The updated version will be published on https://speci.io.

14) Contact

Questions, requests, and rights-related inquiries: speci [AT] speci.io