1. Scope
This Privacy Policy describes how SPECTRA | VAULT handles data when you use our privacy-first anonymization platform for AI workflows. It covers the web app, API endpoints, and associated processing services.
Privacy Policy
Enterprise-grade privacy commitments for AI data anonymization workflows.
Last updated: April 2026
2. Data We Process
We process files you upload (for example CSV, JSON, TXT, TSV, XLSX/XLS, DOCX, and PDF) solely to anonymize and sanitize sensitive content. Typical data categories can include names, emails, phone numbers, addresses, and campaign metadata.
3. Processing Purpose
Our primary purpose is privacy protection before AI usage. Uploaded content is transformed into anonymized output so customers can safely use downstream LLM tools and analytics systems with reduced exposure risk.
4. Legal Basis (GDPR-Oriented)
Where GDPR applies, processing is generally performed under legitimate interests and/or contract performance, depending on customer configuration and deployment context. Customers remain responsible for ensuring an appropriate lawful basis for their source data.
5. Data Minimization and Security Controls
We apply data minimization principles and process only what is needed for sanitization. Core controls include deterministic masking options, C++ high-performance anonymization, temporary processing directories, and configurable retention behavior in customer-managed operations.
6. Retention
By design, uploaded files are intended for short-lived processing. Temporary artifacts are deleted after pipeline completion. Customers should configure infrastructure-level backups, retention windows, and logs according to their compliance requirements.
7. AI Integrations
If AI insight features are enabled, only anonymized sample content should be sent to external AI providers. Customers control whether they provide API credentials and remain responsible for provider-side compliance and data handling terms.
8. International Transfers
Any international transfer of data depends on the customer's deployment and provider choices. When transfers occur, appropriate safeguards (such as SCCs or equivalent mechanisms) should be in place under applicable law.
9. Your Rights
Subject to applicable law, users may have rights to access, correction, deletion, restriction, objection, and portability. Enterprise customers should route rights requests through their designated data controller processes.
10. Incident Response
We recommend maintaining an incident response workflow with audit log review, containment, and notification procedures aligned with regulatory timelines relevant to your jurisdiction and industry.
11. Children’s Data
The service is not intended for use by children under the age required by applicable law. Do not upload data that you are not authorized to process.
12. Policy Updates
We may update this policy periodically to reflect legal, security, or product changes. Material updates should be reviewed before continued operational use.