Privacy Policy

Effective Date: 2025/11/09

Spettro ("we," "us," or "our") operates the Spettro VPN service (the "Service"), which provides subscription-based access to WireGuard and Amnezia-WG configuration files for VPN connections. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service, including our website (https://www.spettro.io) and user dashboard (https://app.spettro.io). By using the Service, you consent to the practices described in this policy.

1. Information We Collect

We collect the following types of information:

a. Information You Provide

• Account Information: When you register for an account, we store your email address, a securely hashed version of your password (argon2id) and any other details you provide (e.g., nickname) in our database.
• Payment Information: For credit card payments, we collect payment details through Stripe, our payment processor. For cryptocurrency payments, we process transactions via Cryptomus, which may involve blockchain-related data (e.g., wallet addresses). We do not store full payment details; these are handled securely by our payment processors.
• Support Communications: Information you provide when contacting us at support@spettro.io or through our dashboard.

b. Automatically Collected Information

• Usage Data: We collect data about your interactions with the Service, such as pages visited, failures and errors via our dashboard hosted on Vercel and events collection system PostHog.
• Analytics Data: We use Google Analytics to collect anonymized data about website usage, such as IP addresses, browser types, device information, and session durations.
• reCAPTCHA Data: Our authentication pages use Google reCAPTCHA to prevent abuse (e.g. credentials stuffing), which may collect device and behavioral data (e.g., mouse movements) to verify you are not a bot.

c. Non-Personal Data

• We do not log or store your VPN activity, such as browsing history, traffic data, or connection logs, as our Service only provides configuration files and static IP addresses.

2. How We Use Your Information

We use your information to:

• Provide and manage the Service, including account creation, subscription management, and delivery of configuration files via the dashboard.
• Process payments through Stripe (for card payments) or Cryptomus (for cryptocurrency payments).
• Verify user authenticity and prevent fraud using Google reCAPTCHA.
• Analyze usage patterns to improve the Service via Google Analytics.
• Communicate with you, including responding to support requests and sending service-related updates.
• Comply with legal obligations or enforce our Terms and Conditions.

3. How We Share Your Information

We do not sell your personal information. We may share your information with:

• Service Providers:
  • Stripe and Cryptomus: Process payments. Stripe handles card details, and Cryptomus processes cryptocurrency transactions. Both follow their own privacy policies.
  • Vercel: Hosts our dashboard, which may process usage data.
  • Google (reCAPTCHA and Analytics): Provides bot protection and analytics services. Google’s privacy practices apply to data collected via reCAPTCHA and Analytics.
  • AWS Key Management Service (KMS): Manages encryption and decryption of configuration secrets to secure your VPN configuration files.
• Legal Requirements: We may disclose information if required by law, such as in response to a court order or subpoena, or to protect our rights, safety, or property.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4. Data Storage and Security

Your account data is hosted on Hetzner cloud infrastructure (Ashburn, VA), though hosting locations may change. Configuration secrets for your VPN files are encrypted and decrypted using AWS Key Management Service (KMS) to ensure their security. We implement reasonable technical and organizational measures, such as encryption and access controls, to protect your data.

5. Your Choices and Rights

Depending on your jurisdiction, you may have rights such as:

• Accessing, correcting, or deleting your personal data.
• Objecting to or restricting certain processing.
• Requesting data portability.

To exercise these rights, contact us at support@spettro.io. We will respond within the timeframe required by applicable law (e.g., 30 days under GDPR for EU residents). You may also manage your subscription and account details via the dashboard.

You can opt out of Google Analytics by using tools like the Google Analytics Opt-out Browser Add-on. Note that disabling reCAPTCHA may prevent login access.

6. Data Retention

We retain your account and billing information for as long as your account remains active or as necessary to provide the Service. You may request account termination and deletion of your data by contacting us at support@spettro.io. We will delete your data, except for information held by third-party service providers (subject to their privacy policies) or where retention is required by law or for legitimate business purposes, such as tax recordkeeping.

7. International Data Transfers

Your data may be processed in the United States or other countries where our service providers (e.g., Hetzner, Vercel, Stripe, Google, AWS) operate. We ensure appropriate safeguards, such as Standard Contractual Clauses, where required by law (e.g., for GDPR compliance).

8. Third-Party Links and Services

The Service may link to third-party websites or services (e.g., Stripe, Cryptomus, Google, AWS). These parties have their own privacy policies, and we are not responsible for their practices.

9. Children’s Privacy

The Service is not intended for individuals under 18 or the age of majority in their jurisdiction. We do not knowingly collect data from children. If we learn such data has been collected, we will delete it.

10. Changes to This Privacy Policy

We may update this Privacy Policy at any time. Changes will be posted on this page (https://www.spettro.io/legal/privacy-policy) and become effective immediately. If changes are material, we may notify you via email or through the dashboard. Your continued use of the Service constitutes acceptance of the updated policy.

11. Contact Information

For questions or to exercise your data rights, contact us at support@spettro.io.

By using the Service, you confirm you have read, understood, and agree to this Privacy Policy.