supaspec

Privacy Policy

Last updated: February 20, 2026

At Supaspec, we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

1. Information We Collect

We collect the following types of information when you use Supaspec:

  • Account information — your email address and display name, provided during sign-up.
  • Spec content — the projects, sections, and version history you create within the platform.
  • Usage data — page views, feature usage, and interaction patterns to help us improve the product.
  • Authentication tokens — API keys and MCP tokens are stored as cryptographic hashes. We never store plaintext secrets.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Supaspec service.
  • Authenticate your identity and manage your account.
  • Communicate with you about service updates, security alerts, and support.
  • Analyze usage patterns to improve product features and performance.

3. Third-Party Services

We use the following third-party services to operate Supaspec:

  • Stytch — for authentication and session management.
  • Prisma Postgres — for database storage and management.
  • Vercel — for application hosting and deployment.

These services have their own privacy policies and data handling practices. We only share the minimum information necessary for each service to function.

4. Data Storage and Security

Your data is encrypted at rest and in transit. API keys and authentication tokens are stored as cryptographic hashes — we never store plaintext secrets. We implement industry-standard security measures to protect your information against unauthorized access, alteration, disclosure, or destruction.

5. Cookies

Supaspec uses essential session cookies only. These cookies are required for authentication and core functionality. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

6. Data Retention

Your data is retained for as long as your account is active. If you delete your account, all associated data — including projects, sections, version history, and personal information — will be permanently deleted from our systems within 30 days.

7. Your Rights

You have the right to:

  • Access and review all personal data we hold about you.
  • Export your specs and data at any time through the platform.
  • Request deletion of your account and all associated data.
  • Object to the processing of your data for specific purposes.

We comply with GDPR requirements for users in the European Economic Area. To exercise any of these rights, contact us at privacy@supaspec.dev.

8. Children's Privacy

Supaspec is not directed at children under the age of 13. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 13, we will take steps to delete that information promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via the email address associated with your account before the changes take effect. Continued use of Supaspec after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy or our data practices, contact us at privacy@supaspec.dev.