Skip to main content
SPECTRONIA Spectronia

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your information.

Last updated: September 7, 2025

Website Privacy (Spectronia website)

This section applies to your use of the Spectronia website and any information collected through our website, including contact forms, newsletter subscriptions, and general browsing.

Information We Collect

We collect information you provide directly to us through our website, such as when you contact us, subscribe to our newsletter, or request information. This may include:

  • Name and contact information (email address, phone number)
  • Company information and job title
  • Project details and requirements
  • Communication preferences
  • Any other information you choose to provide through contact forms

How We Use Your Information

We use the information we collect through our website to:

  • Respond to your inquiries and provide customer support
  • Send you newsletters and marketing communications (with your consent)
  • Improve our website and user experience
  • Analyze website usage and trends
  • Develop new products and services

Legal bases (GDPR/UK GDPR)

When processing personal data under GDPR and UK GDPR, we rely on the following legal bases:

  • Consent: For sending marketing communications and using non-essential cookies (e.g., newsletter subscriptions, analytics cookies)
  • Contract: For providing services you've requested (e.g., responding to service inquiries, processing project contracts)
  • Legitimate interests: For website security, fraud prevention, and service improvement (e.g., analyzing website usage to improve user experience, preventing security threats). We conduct a balancing test to ensure our interests don't override your privacy rights.
  • Legal obligation: For compliance with applicable laws and regulations (e.g., retaining records for tax purposes, responding to legal requests)

Note: These legal bases apply when EEA/UK data protection laws govern our processing of your personal data, regardless of your location.

Cookies and Tracking Technologies

We use only strictly necessary cookies; analytics is disabled by default. You can control cookie settings through your browser preferences, though some features may not function properly if cookies are disabled.

App Privacy (PlanMint)

This section applies to your use of the PlanMint application and any information collected through the app, including user accounts, project data, and app-specific features.

Information We Collect

When you use PlanMint, we collect information necessary to provide and improve the service, including:

  • Account information (username, email address, profile details)
  • Project data and content you create or upload
  • Usage data and app analytics
  • Device information and app performance data
  • Communication data within the app

How We Use Your Information

We use the information we collect through PlanMint to:

  • Provide, maintain, and improve the PlanMint service
  • Process transactions and send related information
  • Send technical notices, updates, and support messages
  • Personalize your app experience
  • Ensure app security and prevent fraud
  • Develop new features and functionality

Legal bases (GDPR/UK GDPR)

When processing personal data under GDPR and UK GDPR, we rely on the following legal bases:

  • Consent: For marketing communications and optional features (e.g., push notifications, marketing emails, optional data sharing)
  • Contract: For providing PlanMint services (e.g., account creation, project data processing)
  • Legitimate interests: For app security, fraud prevention, and service improvement (e.g., analyzing usage patterns to improve features, detecting suspicious activity). We conduct a balancing test to ensure our interests don't override your privacy rights.
  • Legal obligation: For compliance with applicable laws and regulations (e.g., financial record keeping, responding to legal requests, data retention requirements)

Note: These legal bases apply when EEA/UK data protection laws govern our processing of your personal data, regardless of your location.

Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except as described in this policy. We may share your information:

  • With your explicit consent
  • To comply with legal obligations or court orders
  • To protect our rights, property, or safety, or that of our users
  • With trusted service providers who assist us in operating our business
  • In connection with a business transfer or acquisition

Third-party service providers (processors)

We use the following third-party service providers to support our operations:

  • Firebase (Auth, Firestore, Cloud Functions Gen2, App Check, FCM) - provides infrastructure and app functionality for PlanMint. Location: Global (including US/EU); safeguards: SCCs/DPF. Privacy policy: Firebase Privacy/Security & DPA/SCC info
  • Google Analytics 4 (website analytics) - only enabled if GA4_ID is present; otherwise disabled. Location: Global (including US/EU); safeguards: SCCs/DPF. Privacy policy: Google partner-sites privacy explainer (GA/GA4)

Note: Transfers of personal data outside the EEA rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards as required by applicable data protection laws.

International transfers

See International Transfers.

Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Your Rights and Choices

Depending on your location, you may have the following rights under applicable data protection laws:

  • Access: Request access to and receive a copy of your personal information
  • Rectification: Request correction of inaccurate or incomplete personal information
  • Erasure: Request deletion of your personal information in certain circumstances
  • Restriction: Request restriction of processing of your personal information in certain circumstances
  • Portability: Receive your personal data in a structured, commonly used, and machine-readable format
  • Object: Object to processing of your personal information for certain purposes
  • Withdraw consent: Withdraw your consent for processing based on consent at any time
  • Automated decision-making: Not be subject to a decision based solely on automated processing, including profiling
  • Lodge a complaint: Lodge a complaint with a supervisory authority if you believe your rights have been violated

We do not make decisions with legal or similarly significant effects solely by automated means.

How to exercise your rights

To exercise any of these rights, please contact us using the details provided in the "Data Controller & Contact" section. We will respond to your request within 30 days of receipt and may require verification of your identity before processing your request.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law. When we no longer need your information, we will securely delete or anonymize it.

Category Purpose Retention
Account data (email) Auth & security Kept while the account is active; deleted within 30 days after deletion request
Plans & tasks (user content) Core app functionality Kept while the account is active; user-initiated deletions respected; backups purge within 30 days
Device tokens (FCM) Push notifications Rotated automatically or removed on logout/uninstall
Website analytics (if enabled) Improve the site Aggregated up to 14 months; or deleted earlier on request

International Transfers

Some of our service providers are located outside the European Economic Area (EEA) and United Kingdom. When we transfer your personal data to these countries, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission and UK authorities. For more information about the specific safeguards we use for international transfers, please contact us using the details provided in the "Data Controller & Contact" section.

Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

In the EEA/UK, we do not knowingly process personal data of individuals under the applicable age of digital consent in your country.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

Data Controller & Contact

Controller: Spectronia
Contact email: contact@spectronia.com

If you have any questions about this privacy policy or our data practices, please contact us at the email above. We will respond to your inquiry within 30 days of receipt.

You may lodge a complaint with your local supervisory authority in the EEA/UK.

PlanMint App Privacy

This section provides detailed information about how we process personal data specifically within the PlanMint application.

Data We Process

  • Account email (Auth): Used for authentication and account management
  • Plan/task content you save: Your personal plans, tasks, and related content
  • Usage/diagnostics (minimal): Basic app usage metrics and error reports for reliability
  • Device push token (FCM): For sending push notifications about your plans and reminders

Purposes

  • Account access: Authentication and secure access to your personal data
  • Plan generation: Creating and managing your personal plans and tasks
  • Reminders/notifications: Sending timely reminders about your plans and deadlines
  • App reliability and abuse prevention (App Check): Ensuring app security and preventing misuse

AI Processing

AI processing occurs server-side only in Cloud Functions. Prompts and API keys are stored securely in Secret Manager. No AI prompts or keys are stored in the client application. User text is not logged in raw form to protect your privacy.

Security

  • TLS in transit: All data transmission is encrypted using Transport Layer Security
  • Firestore rules: Enforce ownerUid row-level access to ensure data isolation
  • App Check enforced: Additional security layer to prevent unauthorized access

Data Sharing

  • No sale: We do not sell your personal data to third parties
  • No behavioral ads: We do not use your data for behavioral advertising
  • Processors: Third-party service providers are listed in the "Third-party service providers (processors)" section above

Deletion

You can delete your account and data through the in-app "Delete account & data" feature or by email request. Backups are purged within 30 days of deletion.

Learn more about account deletion and data removal

Children

PlanMint is not directed to children. In the EEA/UK, we do not knowingly process personal data of individuals under the applicable age of consent.