S
Spec AI

Legal

Privacy Notice

Last updated: June 23, 2026

This notice explains how Mahin Khattak ("we", "us"), as data controller, collects and uses personal data when you use Spec AI.

1. Data we collect

  • Account data: name, company name, email address, hashed login credentials.
  • Service content: the briefs, specs, supplier text, and other Inputs you submit, and the AI Outputs generated for you.
  • Usage & telemetry: page views, AI run counts, feature interactions, device and browser type, IP address.
  • Support messages: the content of any email or in-app message you send us.

2. How we use it

  • To create and operate your account (contract performance).
  • To generate AI outputs you request (contract performance).
  • To prevent fraud, abuse, and secure the Service (legitimate interests).
  • To improve product quality, debug issues, and analyse aggregate usage (legitimate interests).
  • To send service-related emails (contract performance) and, with consent, occasional product updates.
  • To comply with legal obligations.

3. Sharing

We share personal data with:

  • Paddle, our Merchant of Record, for sale of the product, subscription management, payments, tax compliance, and invoicing.
  • Cloud and infrastructure providers that host the Service and our database.
  • AI model providers that run the language models powering our tools; your Inputs are sent to them solely to generate Outputs for you.
  • Professional advisers (legal, accounting) and authorities where required by law.

4. International transfers

Personal data may be processed outside your country, including in the United States and the European Economic Area. Where transfers are made out of the UK/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

5. Retention

We retain account data for as long as your account is active, and for a reasonable period afterwards for legal and accounting purposes. Run history is retained while your account is active and deleted on request or on account closure. Logs and telemetry are kept for up to 12 months.

6. Your rights

Depending on your jurisdiction, you may have the right to access, rectify, erase, restrict or port your personal data, to object to certain processing, and to withdraw consent. UK/EEA users have the right to lodge a complaint with their supervisory authority. We will respond to requests within one month.

7. Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and least-privilege service accounts.

8. Cookies

We use essential cookies and similar storage to keep you signed in and to operate core features of the Service. We do not use third-party advertising cookies.

9. Contact

Mahin Khattak — mahinkhattak@gmail.com