Privacy Policy

We collect information you provide directly: your name, email address, and password when you create an account. When you use our services we collect usage data including API spec files you upload, pipeline run logs, cluster event data from the KlusterAlert agent, and product interaction data to help us improve the service. We use cookies and similar technologies to keep you signed in and to understand how our product is used. We do not use cookies for advertising.

We use your information to provide, maintain, and improve SpecLayer — including processing API specs, running governance checks, maintaining your developer portals, and delivering Kubernetes alerts to your configured notification channels. We may use your email to send transactional messages (account confirmation, billing receipts, security notifications) and, with your consent, product update emails. You can unsubscribe from marketing emails at any time.

We do not sell your personal data. We share data only with: • Service providers who process data on our behalf (cloud hosting, payment processing, email delivery) under strict data processing agreements. • AI providers (Anthropic) when you use the AI Enrichment feature. Spec content sent for enrichment is not used to train AI models. • Law enforcement or regulatory authorities when legally required.

Your data is stored in the European Union (EU-West) by default. Enterprise customers may request data residency in other regions. We encrypt data in transit using TLS 1.2+ and at rest using AES-256. Access to production systems is restricted to authorised personnel and protected by multi-factor authentication. API keys are stored as SHA-256 hashes and cannot be recovered — only the prefix is stored in plaintext.

We retain your account data for as long as your account is active. Spec versions and governance check results are retained according to your plan limits (90 days on Free, unlimited on Pro and Enterprise). When you delete your account, we delete your personal data within 30 days. Some data may be retained for up to 7 years where required by applicable law (e.g. billing records).

Depending on where you are located, you may have the right to: • Access the personal data we hold about you • Correct inaccurate data • Request deletion of your data • Object to or restrict certain processing • Export your data in a portable format To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

We use the following cookies: • Session cookies — to keep you signed in • Preference cookies — to remember your settings (e.g. sidebar collapse state) • Analytics cookies — to understand how the product is used (anonymised) You can disable analytics cookies in your account settings. Session and preference cookies are required for the product to function.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the product at least 14 days before the change takes effect. The "last updated" date at the top of this page reflects the most recent revision.

If you have questions about this policy or how we handle your data, contact our Data Protection Officer at [email protected] or write to us at: SpecLayer Ltd. Data Protection Officer [Registered address]