Privacy Policy
Last updated: January 10, 2026
We are Specter Labs OÜ, a private limited company registered in Estonia (registry code 14863992, registered address Ahtri st 12, 10151 Tallinn, email company@tryspecter.com) ("Specter", "we", "us" or "our"). We operate the website https://www.tryspecter.com and its subdomains (the "Website") and the web-based Specter data platform, including software, databases, interfaces, associated media, documentation, updates, new releases and other components or materials incorporated therein or integrated therewith (collectively, the "Platform").
The purpose of the privacy policy document ("Privacy Policy") is to provide clear and transparent information on how we may process your personal data when you are using our Platform.
If you have questions about how we process your Personal Data or if you wish to submit us requests for exercising your rights involved in processing of your Personal Data, please contact us using the contact details provided in this Privacy Policy. A separate Privacy Rights Notice, describing in more detail how Data Subjects may exercise their rights under the GDPR, is available on the Website.
DEFINITIONS
In these Terms the following terms have the following meanings:
| "Agreement" | means the legally binding agreement between Specter and the Customer. |
| "Authorized User" | means any natural person who is permitted by the Customer to access and use the Services under the Customer's account (including during a free trial), and whose access has been provided by Specter (for example, by seat or user license). |
| "Customer" | means the legal entity or natural person entering into the Agreement with Specter, and any Authorized Users acting on its behalf. |
| "Data Subject" | means natural person whose personal data is processed by Specter. In the context of this Privacy Policy, "Data Subject", "User's representative" and "You" refer the same. |
| "Data Catalogue" | means Specter's description of data fields made available in the Databases, as published or otherwise made available by Specter from time to time. |
| "Databases" | means the structured datasets made available through the Platform from time to time, containing business, professional and market-related information, as further described in the Data Catalogue. The scope and composition of the Databases may change over time. |
| "Customer Content" | means any data, lists, notes, tags, configurations, identifiers, queries, uploads or other material that the Customer or its Authorized Users submit to or store in the Platform, excluding Specter Data. |
| "GDPR" | means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). |
| "Personal Data" | means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
| "Applicable Law" | means all valid European Union legal acts and all valid legal acts of the Republic of Estonia, including, but not limited to, the national implementation acts for GDPR which are applicable during the validity of these terms and conditions or shall be applicable after the terms and conditions enter into force. |
| "User" | means any natural person who accesses the Website or who has a user account on the Platform (including Authorized Users). |
| "User's representative" | means any natural person who uses the Platform on behalf of the User. |
| "Privacy Policy" | means this document on personal data processing. |
| "Terms" | means the Website Terms of Service available on the Website. |
| "Data Controller" | means a natural or legal person, public sector authority, agency or other body who, alone or jointly with others, determines the purposes and means of the personal data processing. Depending on the context, Specter and the Customer act as independent data controllers. For the purposes of this Privacy Policy terms, the Data Controller is Specter. |
| "Data Processor" | means a natural or legal person, public sector authority, agency or other body who processes the personal data on behalf of the controller. |
1. WHY WE PROCESS PERSONAL DATA AND WHAT PERSONAL DATA DO WE PROCESS?
When the Customer has opted to use our Platform, Specter must process Personal Data to enable Users (including Authorized Users and User's representatives) to log in, manage their accounts, and use the Platform and its functionalities.
Specter acts as an independent Data Controller for Personal Data it processes for the purposes described in this Privacy Policy. Where the Customer uses the Platform to process Personal Data (e.g., uploads, queries or Customer Content), the Customer is an independent Data Controller for such processing.
Specter processes personal data based on the principles of personal data protection, including the principle of minimum interference, according to which we process only the data that are required for managing the Platform and achieving our purposes.
Upon the use of our Platform, we process Personal Data that is submitted to us directly by the Customers in the course of using our Platform. Such data may include:
- general personal information and contact details: name (first and last name), e-mail address;
- account related details: login details and information (such as password) used for creating account via Platform, authentication data if signing in via third-party identity providers (Google, Microsoft/Outlook, Clerk.com), account configuration, account status information;
Specter also processes Personal Data that we obtain from third parties. Such data may include:
- publicly available professional data: Specter also processes Personal Data obtained from publicly accessible sources to create and maintain Specter's Databases (Company Signals, People Database, Talent Signals, Investor Database, Interest Signals). This includes professional and company-related information made public online. Such processing is carried out based on legitimate interest (please see the section 2.3 below). Such processing is limited to information that individuals have made publicly available for professional purposes (e.g., employment history, company affiliations, job titles). Specter does not collect sensitive or private information from non-public sources.
- technical information: technical information collected during the use of the Platform, for example the operating system of device used for browsing or other data collected via cookies (please see the section 5 below).
2. WHAT IS THE LEGAL BASIS FOR PROCESSING PERSONAL DATA?
2.1 Data processing for contract performance
Specter processes personal data primarily for the purposes of performing contractual obligations that arise from the Terms. This includes enabling the User (including Authorized Users and User's representatives) to register an account, log in to the Platform (including via Google or Outlook/Microsoft), authenticate access, maintain account settings, use the Platform functionalities, and receive customer support. Processing also includes the use of certain analytics tools (such as PostHog or Intercom) that are required to ensure proper functionality of the Platform.
The legal basis for personal data processing in such cases is article 6(1)(b) of the GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract).
2.2 Data processing for the performance of a legal obligation
Specter processes Personal Data also where it is required to perform legal obligations applicable to Specter. For example, if a court requests Personal Data from Specter under an applicable court order or court judgement or if a law enforcement agency requests Personal Data under an applicable regulation. Also, if Specter is obligated to retain Personal Data, for example, under the Accounting Act or other applicable legal acts. In case of such processing, the legal basis for Personal Data processing is article 6(1)(c) of the GDPR (processing is necessary for compliance with a legal obligation to which the Data Controller is subject).
2.3 Data processing on the basis of legitimate interest
Specter may process Personal Data on the basis of legitimate interest in situations where such processing is necessary for Specter's operations and where these interests are not outweighed by the rights and freedoms of the Data Subject. In such case, the legal basis is Article 6(1)(f) of the GDPR. Specter may rely on legitimate interest in the following cases:
- where processing is necessary to prepare, submit or defend legal claims (for example, claims related to a breach of the Terms);
- where processing is necessary to ensure the technical functionality, security and improvement of the Platform, including through the use of analytics tools (such as PostHog, Intercom or Google Analytics);
- where Specter processes professional or company-related Personal Data that is publicly available, for the purposes of maintaining and updating Specter's Databases (Company Signals, People Database, Talent Signals, Investor Database, Interest Signals);
Specter may also have legitimate interest in processing personal data if this is necessary to ensure the technical functionality of the Platform (please see the section "Cookies" below). The data processed on the basis of legitimate interest shall be retained in compliance with the general statutory limitation period for claims. More details on the retention periods can be found in the section 3 below.
OVERVIEW OF PROCESSED PERSONAL DATA
| Purpose | Collected personal data | Legal basis | Retention period |
|---|---|---|---|
| Providing the Platform to Users | Contact details: name, e-mail address, technical identifiers, authentication information (including login via Google, Outlook, Clerk) | GDPR article 6 (1) (b), after the termination of the contract GDPR article 6 (1) (f) | During the term of the Terms of Use, and thereafter only as necessary for legitimate interest (e.g., defending legal claims), generally up to 3 years in accordance with the limitation period under the Estonian General Part of the Civil Code Act (§ 146). |
| Registration and management of the User account | Account details (username, password), authentication provider details (Google, Outlook, Clerk), session and login logs | GDPR article 6 (1) (b), after the termination of the contract GDPR article 6 (1) (f) | During the term of the Terms of Use, and thereafter only as necessary for legitimate interest (e.g., defending legal claims), generally up to 3 years in accordance with the limitation period under the Estonian General Part of the Civil Code Act (§ 146). |
| Providing customer support and responding to inquiries | Name, e-mail, message content and any additional data submitted by the User | GDPR article 6 (1) (f) | Up to the end of the limitation period of the claim related to which the inquiry is submitted. Generally, the limitation period is 3 years (§ 146 (1) of An Act on the General Part of the Civil Code); |
| Maintaining and updating Specter Databases | Professional and company-related personal data obtained from publicly available sources | GDPR article 6 (1) (f) | As long as necessary for the purposes of maintaining accurate databases. Specter reviews and updates its Databases on a regular basis and removes or updates outdated Personal Data at least once every 12 months. |
| Accounting documents | Documents required for the performance of a legal obligation. | GDPR article 6 (1) (c) | 7 years under the Accounting Act (§ 12 (4) of the Accounting Act). |
| Data collected with cookies | Read the separate section "Cookies". | ||
3. TRANSFER OF PERSONAL DATA AND USE OF DATA PROCESSORS
Specter does not transfer personal data to third parties, except when Specter has the legitimate right under the Applicable Law.
Specter primarily stores and processes Personal Data in the European Economic Area (EEA). However, if a Customer is located in the United States or Asia, the Customer's Platform environment and related Customer Content may be stored in regions located in the United States or Asia. Specter uses only hosting regions and configurations that provide adequate protection under GDPR, including Standard Contractual Clauses (SCCs) and additional safeguards where required.
Where Specter transfers Personal Data outside the EEA, Specter ensures appropriate safeguards (Article 46 GDPR), such as standard Contractual Clauses (SCCs) adopted by the European Commission, technical and organisational measures ensuring data security or other supplementary safeguards where required.
Specter may use Data Processors for Personal Data processing. Data Processors assigned by Specter, who in limited circumstances may process the Personal Data, are, for example, IT-service providers (such as AWS for hosting and storage services, PostHog for platform analytics, Intercom for customer support etc.) or other providers of services required for the functioning of the Platform.
Specter uses as Data Processors only such partners whose reliability Specter has verified and who have committed to processing Personal Data in compliance with the Applicable Law.
4. COOKIES
Our Platform uses Cookies. Cookies are small text files containing information stored on the computer and used for tracking or identification.
The Platform uses the following cookies:
- Strictly necessary cookies, that are essential in order to enable you to navigate and use the features of the Platform.
- Performance cookies, that collect information about how visitors use the Platform and are used to improve the functionality and performance of the Platform.
- Targeting cookies, that are used to deliver advertisements more relevant to you and your interests, and to measure the effectiveness of advertising campaigns.
The specific cookies that Platform uses are the following:
| Cookie | Domain | Description | Validity | Type |
|---|---|---|---|---|
| _ga_BM5BBQ5RQJ | .tryspecter.com | This cookie is used by Google Analytics to persist session state. | 1 year 1 month | Performance |
| _ga | .tryspecter.com | This cookie is associated with Google Universal Analytics. It is used to distinguish unique users by assigning a randomly generated number as a client identifier and to calculate visitor, session and campaign data. | 1 year 1 month | Performance |
| guest_id_marketing | .twitter.com | Used to identify a visitor across visits and devices in order to present relevant advertisements based on the visitor's preferences. | 1 year 1 month | Targeting |
| personalization_id | .twitter.com | Carries information about how the end user uses the website and any advertising they may have seen before visiting. | 1 year 1 month | Targeting |
| guest_id | .twitter.com | Cookie set by Twitter to identify and track the website visitor. | 1 year 1 month | Targeting |
| _gcl_au | .tryspecter.com | Used by Google AdSense for experimenting with advertisement efficiency across websites using their services. | 3 months | Targeting |
| _lfa | .tryspecter.com | Leadfeeder cookie that collects behavioural data of website visitors, including pages viewed, visitor source and time spent on the site. | 1 year | Targeting |
| muc_ads | .t.co | Cookie used for targeting and advertising purposes; helps track and personalise advertising content. | 1 year 1 month | Targeting |
| guest_id_ads | .twitter.com | Cookie associated with Twitter's advertising services; used to identify and track visitors to display personalised ads based on preferences. | 1 year 1 month | Targeting |
You have the right to delete or block (disable) cookies at any time by changing your browser settings. However, some cookies might be necessary for the functionality of Platform. Cookies can be disabled by following the instructions under the browser's "help" section. More information on how cookies operate or how to disable cookies is also available on the website www.allaboutcookies.org.
5. RIGHTS OF THE DATA SUBJECT
Specter shall ensure all the rights of the data subject arising from the Applicable Law.
In particular, Data Subject shall inter alia have the following rights:
- right to access: the right to ask at any time whether Specter holds any personal data about them or not and receive information about which Personal Data Specter is processing about them;
- right to rectification: the right to request from Specter the supplementation or rectification of their personal data if these are insufficient, incomplete or inaccurate;
- right to object: the right to submit objections to Specter concerning the processing of one's Personal Data, for example if the personal data is processed on the basis of the legitimate interests of Specter;
- right to erasure: the right to request the erasure of Personal Data, for example, if the Personal Data are processed based on the Data Subject's consent and the Data Subject has withdrawn their consent;
- right to restriction of processing: the right to request from Specter the restriction of processing of Personal Data under the Applicable Law, for example, where Specter no longer needs the Personal Data for the purposes of the processing or where the Data Subject has objected to processing;
- right to withdraw the consent for processing Personal Data: if the processing of Personal Data is based on the Data Subject's consent, the Data Subject has the right to withdraw the consent given to Specter at any time;
- right to data portability: the right to receive from Specter the Personal Data that the Data Subject has provided to and which are processed on the basis of the Data Subject's consent or for the performance of a contract concluded with the Data Subject, in writing or in a generally used electronic format and, if technically possible, request that Specter transfers these data to another Data Controller;
- right to lodge a complaint: If the Data Subject is of the opinion that the processing of their Personal Data has violated their rights, they have the right at any time to file this claim to the Data Protection Inspectorate / Tatari 39, 10134 Tallinn, info@aki.ee, www.aki.ee. List of national Data Protection Authorities in EU is available at https://edpb.europa.eu/about-edpb/board/members_en).
The rights of the Data Subject listed in this section regarding the processing of their Personal Data are not absolute rights. In certain cases, the rights of other Data Subjects or the legal obligations of Specter may limit the rights of the data subject.
In order to exercise the rights pertaining to the processing of Personal Data or to submit requests concerning the processing of personal data, please contact us using the contact details provided in the section 8 below.
Before responding to a rights request, Specter may take reasonable steps to verify the identity of the requester to prevent unauthorized access to Personal Data.
6. EXERCISING PRIVACY RIGHTS AND OPT-OUT REQUESTS
Data Subjects may exercise their privacy rights by submitting a request via the dedicated privacy request form available on the Website or by contacting Specter at privacy@tryspecter.com.
Specter maintains a separate Privacy Rights page at https://www.tryspecter.com/privacy-rights. This page includes a web-based form allowing individuals to submit requests (including opt-out requests) directly.
Where permitted under Applicable Law, Specter may request additional information reasonably necessary to verify the identity of the requester or the authority of an authorised agent acting on behalf of a Data Subject.
7. SECURITY OF PERSONAL DATA
Specter shall ensure the security of Personal Data processing, for the purposes of protecting Personal Data from accidental or unauthorised processing, disclosure or destruction. Specter applies security measures consistent with Article 32 GDPR, including technical and organisational safeguards appropriate to the risk.
Considering the state of the art and costs of implementation, and the nature, scope, context and purposes of the personal data processing as well as the risk to the rights and freedoms of data subjects, of varying likelihood and severity, that may result from personal data processing, Specter shall apply appropriate technical and organisational measures upon personal data processing to ensure the protection of personal data.
8. NON-EU RESIDENTS
Specter is established in the European Union and primarily processes Personal Data in accordance with the GDPR. The GDPR is generally considered to provide a high standard of protection for Personal Data. Individuals located outside the European Economic Area, including in the United States, may be subject to different privacy laws depending on their jurisdiction.
Where such laws are applicable to Specter, and to the extent required by those laws, Specter will consider and respond to privacy-related requests in accordance with its legal obligations. Nothing in this Privacy Policy is intended to create rights or obligations beyond those imposed by applicable data protection or privacy laws. The availability and scope of any rights, and the manner in which such rights may be exercised, depend on the Data Subject's location and the specific legal framework that applies in each case.
9. MISCELLANEOUS
Upon changes in legal acts or practice, Specter has the right to make amendments to the Privacy Policy which shall be immediately published at our Website.
Specter does not provide data retention or archival services. Customer Content, usage history, logs or other data stored in the Platform may be modified, overwritten or deleted during normal operations, updates or maintenance. Specter does not guarantee the preservation of any Customer Content or User data beyond what is required under Applicable Law. The Customer is solely responsible for retaining copies or backups of any data it wishes to preserve.
In case of questions concerning the processing of Personal Data or to submit requests concerning the processing of Personal Data, please contact Specter.
Our contact details are:
Specter Labs OÜ (14863992)
Ahtri st 12, 10151 Tallinn
company@tryspecter.com or privacy@tryspecter.com