SpecterAI Privacy Policy

Information You Provide:

When you register for an individual account or are enrolled via an enterprise subscription, we collect information such as your name, email address, contact details, country or location, and any profile details you choose to provide. You may also provide information when communicating with us (e.g., via support requests) or when submitting coursework or assessments. For enterprise users, we may receive your work email or employee ID and associate your account with your employer’s organization.

Automatically Collected Data:

We collect technical information about your device and usage of the Platform automatically. This includes your IP address, browser type, device type, operating system, referring URLs, pages viewed, and dates/times of access. We also gather data on your interactions with the Platform, such as features used, training modules completed, time spent on content, and other usage metrics. This data helps us monitor performance, maintain security, and optimize user experience.

Cookies and Tracking Technologies:

Like most online services, we use cookies, web beacons, and similar technologies to collect data about your browsing activities on our site (see Cookies and Tracking below for details). For example, we use cookies to keep you logged in, remember your preferences, and gather analytics about how users navigate our content. You can control cookies via your browser settings; however, if you disable certain cookies, parts of the Platform may not function properly.

Biometric Data (for AI-Proctored Labs):

If you participate in AI-proctored labs or assessments, we may collect biometric identifiers and information for identity verification and academic integrity purposes. This can include facial images or scans and related data from facial recognition technology, as well as behavioral metrics like keystroke dynamics or gaze patterns. For example, our proctoring system may analyze video of you during an exam to verify your identity and ensure you are not receiving unauthorized assistance. We will obtain your explicit consent for any biometric data processing where required by law. If you do not consent to the collection of biometric data, or if you opt out of its use, we will provide alternative arrangements when feasible; however, certain exams or certifications may not be available without biometric proctoring for integrity reasons.

Retention and Deletion of Biometric Data:

Biometric identifiers and information will be retained only until the initial purpose for collecting or obtaining such identifiers has been satisfied, or for a maximum of three (3) years from your last interaction with the Platform, whichever comes first. Biometric data will then be permanently deleted. We maintain a publicly available biometric data retention schedule in compliance with Illinois BIPA and similar state laws.

AI-Generated Content and User Inputs:

Our Platform may offer AI-driven features (such as virtual lab assistants or personalized learning modules). When you interact with these features or submit any content to the AI (for instance, entering prompts, code, or questions), we collect those inputs. We may also collect the AI-generated outputs provided to you. This information can include personal data if you choose to include it in your inputs.

Model Training Data:

By default, we may use user inputs and feedback to train, improve, and refine our AI models and services. For example, analyzing how learners answer questions can help us improve our AI’s accuracy and personalize training content. We do not use this data for marketing or building user profiles – it is used solely to enhance our educational AI systems. We take steps to de-identify or anonymize personal information in training datasets.

Payment and Financial Information:

When you make a purchase or pay for a subscription, you may provide payment details such as credit card information or billing address. Important: SpecterAI does not collect or store full payment card numbers or bank account numbers on our servers. Payments are handled through trusted third-party payment processors (e.g., Stripe, PayPal, or similar services). These payment providers receive your payment card details directly to process transactions on our behalf. We only receive limited information from the payment processor (such as a confirmation of payment, the last four digits of your card for reference, or a payment token). If you choose not to provide payment information, you will be unable to subscribe or make purchases on the Platform.

Enterprise or Organizational Information:

For enterprise subscriptions, your employer or sponsoring organization may provide us with personal information to set up and manage your access. This can include your name, work email, job title, or other identifiers necessary for account creation under the enterprise account. We also link information about your usage and performance in the Platform to your enterprise’s account. If your enrollment in a training program or diploma track is sponsored by a third party (such as an employer, educational institution, or government program), we may collect additional information as needed from those parties or from you (for example, an employee ID or program identifier). We treat this information in accordance with this Privacy Policy, in combination with any agreements we have with the sponsoring organization.

Academic and Assessment Information:

In the course of your studies, we collect data related to your educational activities on the Platform. This includes course enrollments, modules and labs completed, quiz and exam results, project submissions, grades, feedback, and certification or diploma status. If you complete a program and earn a diploma or certificate, we will collect and store that achievement (e.g., diploma ID, issue date) in your profile. Diplomas issued are private by default; we will not disclose your certification status publicly without your consent. However, if an employer or sponsor paid for your training, they may receive confirmation of your results as described in Data Sharing below.

Communications:

If you contact us for support, provide feedback, or otherwise communicate with SpecterAI (through email, chat, or phone), we will collect the information you choose to share in those communications (such as queries, feedback, or personal details you provide). We may also keep records of our correspondence with you for quality assurance and to address any follow-up issues.

Sensitive Information:

Apart from biometric data (discussed above) and optional demographic data you might provide, we do not actively seek to collect sensitive personal information such as social security numbers, government ID numbers, health information, or precise geolocation. We will only collect such data if necessary (for example, if you volunteer a government-issued ID for verification) and with appropriate consent or legal basis. We do not request or process special categories of data such as racial or ethnic origin, religious or philosophical beliefs, or information about your health or sex life, except if you choose to provide such information voluntarily (e.g., in a user profile or survey) or if required for compliance with law.

Information from Third Parties:

We may receive personal information about you from other sources. For example, if your account or subscription is provided through an employer or educational partner, that organization might supply us with your details as noted. We could also receive information from service providers or partners, such as updated contact information, results of identity verification checks, or joint marketing partners (if you sign up via a promotion). We treat information from third-party sources according to this Policy and any additional restrictions imposed by the source. Where required by law, we will obtain your consent before collecting information from third parties.

Service Delivery and Account Management:

We process your personal data to provide our services to you and to carry out our contractual obligations. This includes creating and managing your user account, authenticating your login, providing you access to courses, labs, and content, and enabling you to participate in training modules and assessments. We use your information to operate, maintain, and improve the Platform’s functionality, such as keeping track of your progress, saving your preferences, and ensuring the content is delivered correctly. We also use it to provide customer support, respond to your inquiries, and send you service-related communications (e.g. welcome emails, password reset assistance, or notices about Platform updates and schedule maintenance).

Educational Progress Tracking and Certification:

Your data is used to track your learning progress, assess your performance, and issue certifications or diplomas upon completion of programs. For example, we maintain records of courses completed, scores and grades achieved, and skills assessments results. We use this information to generate progress reports for you and (if applicable) for your employer or sponsor, and to determine when you have met requirements for a certificate or diploma. We also use your personal information (like your name) to generate diplomas or certificates and will display that information on the diploma document. Additionally, to preserve academic integrity, we use proctoring data (including biometric data) to verify that course requirements and exams were completed by you legitimately. This helps us ensure that any credentials we issue are valid and earned under the proper conditions.

AI Content Personalization and System Improvement:

SpecterAI leverages artificial intelligence to enhance your learning experience. We may analyze your interactions with the Platform (such as which content you found challenging or which topics interest you) to personalize the content and recommendations you see. For instance, our system might suggest additional practice labs or resources based on your past performance. We also use user inputs and feedback to improve our AI models and algorithms – for example, refining our virtual lab assistant’s ability to answer questions. Improving our AI may involve using your de-identified inputs in model training, as discussed above, which helps make our models more accurate and beneficial over time. We do this to meet our legitimate interest in continually enhancing the Platform’s educational effectiveness and personalization features.

Identity Verification and Academic Integrity:

For certain programs (especially those resulting in diplomas or requiring proctored exams), we use personal information to verify your identity and uphold academic integrity. This includes using biometric proctoring data to ensure the person taking an exam is the enrolled student and to detect and prevent cheating. During proctored assessments, the AI may monitor video of you and flag suspicious behavior (e.g., the presence of additional people or usage of disallowed resources). We use these measures to maintain a fair and credible testing environment. Your image or biometric identifiers may also be used to compare against your prior records (or a photo ID if provided) to confirm your identity for diploma issuance. Any biometric or video recordings are used strictly for proctoring and identity verification purposes and to enforce our Honor Code and Terms of Service, in line with our legal obligations and legitimate interests in academic honesty.

Service Improvement and Research:

We analyze data about how users navigate and learn on our Platform to improve our offerings. This can include performing analytics on course usage patterns, completion rates, and feedback to identify trends and areas for enhancement. We may conduct internal research on learning outcomes to support educational innovation and improve our content. For example, we might study aggregated data to see which teaching methods are most effective. In some cases, we may collaborate with academic or industry researchers to study learning behaviors (using de-identified data whenever possible). These research efforts help us fulfill our mission of improving computer education and are done under strict data protection measures. Opt-Out for Research: If you prefer not to have your de-identified data included in research analytics beyond the immediate improvement of our services, you can contact us to opt out. We will exclude your data from any such external research datasets or analytical projects upon request, unless the processing is already anonymized or is required for our internal service improvements.

Marketing and Communications (Opt-In):

We may use your contact information (such as email address) to send you promotional communications about new courses, program offerings, newsletters, or events only if you have opted in to receive such marketing. For example, if you sign up for our newsletter or indicate interest in receiving updates, we will send you news about SpecterAI products, special offers, or other information that may be of interest. We abide by applicable laws regarding marketing communications: if required (e.g., in the EU or Canada), we will only send you marketing emails with your consent. In other cases, we may rely on our legitimate interest to inform existing users about our services, but you will always have the opportunity to unsubscribe.

Opt-Out:

You can opt out of marketing emails at any time by clicking the “unsubscribe” link in the email or by adjusting your communication preferences in your account settings. We do not share your personal information with third parties for their own marketing purposes without your consent.

Compliance with Legal and Regulatory Requirements:

We use your information as needed to comply with applicable laws, regulations, and industry standards. This includes using personal data to fulfill financial recordkeeping obligations (e.g., for transaction history and invoices), to respond to lawful requests by public authorities, or to meet accountability and audit requirements (such as maintaining exam records for accreditation purposes). If you are in a jurisdiction with academic oversight, we may use or disclose necessary information to demonstrate compliance with academic standards or regulatory requirements. We also process and retain data as necessary to comply with court orders, subpoenas, or other legal processes, and to meet our obligations under privacy laws (for instance, keeping proof of consent for biometric data if required).

Enforcement and Security:

Your information is used to enforce our Terms of Service, Honor Code, and other policies, and to ensure the security and integrity of our Platform. For example, we may use data (including automated monitoring data and audit logs) to detect, investigate, and prevent fraud, cheating, misuse of the Platform, or other illegal activities. If we suspect violations (such as someone sharing accounts or using the service in unauthorized ways), we will examine relevant personal information to resolve the issue. We also use data to protect the rights, property, and safety of SpecterAI, our users, our employees, or others. This can include using IP addresses and device identifiers to block malicious actors, using logs to identify security breaches, or sharing data with law enforcement when necessary to address threats.

Aggregated and De-Identified Data Uses:

We may combine and anonymize personal data to generate statistical information that no longer identifies any individual. We use aggregated data for purposes such as product development, analytics, and marketing. For instance, we might publish reports on overall platform success rates or usage trends (e.g., “X% of users completed a particular course”) in a way that contains no personal identifiers. This information helps us communicate the Platform’s effectiveness and improve content, and since it is de-identified, it is outside the scope of personal data protection rules.

Other Purposes with Consent:

In certain cases, we may request your consent to use your personal information for purposes not covered above. For example, if we ever wish to feature a user testimonial with personal details or share your achievement publicly, we would ask for your permission. If you consent to a specific use, you can withdraw that consent at any time, and we will stop the processing for that purpose. We will not use your personal information in new ways without first updating this Policy or obtaining your consent if required.

Legal Bases for Processing (EU/UK users):

If you are located in jurisdictions that require a legal justification for processing personal data, know that we rely on several legal bases: (1) Contractual necessity – we process data to provide the services you signed up for (e.g., delivering training and certifications); (2) Legitimate interests – we use data to improve our offerings, ensure security, prevent fraud, and conduct research, balanced against your privacy rights; (3) Consent – we obtain consent for specific activities like marketing emails or biometric processing, and you can withdraw consent at any time; (4) Legal obligations – we process and retain data as needed to comply with laws (e.g., financial records, responding to legal processes). We will gladly clarify the specific legal basis for any processing of your personal data upon request.

Automated Decision-Making:

Certain features of the Platform, including AI-based proctoring and performance analysis, may involve automated processing of your data that could have significant effects (e.g., exam validity determinations). In such cases, you have the right to request human review of the decision, to express your viewpoint, and to contest the outcome, as permitted under applicable law.

Service Providers and Processors:

We share personal information with trusted third-party companies who provide services on our behalf, such as cloud hosting, data storage, analytics, email delivery, customer support tools, payment processing, and AI service providers. These service providers are bound by confidentiality obligations and are only permitted to use your information as necessary to perform their functions in delivering our service. For example, our cloud infrastructure providers store data securely for us, our email service sends out account notifications, and our payment processor handles billing information. We ensure these partners implement adequate security measures. They are prohibited from using your data for any other purposes and must adhere to our privacy and security requirements.

Enterprise Accounts (Employers or Sponsors):

If your access to SpecterAI is provided or paid for by an employer or another sponsoring organization (such as a university, government agency, or training partner), we may share certain information about your use of the Platform with that sponsor. Specifically, we may disclose your enrollment status, course and lab progress, quiz/exam scores, certification or diploma completion, and related performance metrics to authorized representatives of your employer or sponsoring institution. For instance, if your employer purchased a group subscription for you, they can receive reports on your training hours, courses completed, skill assessment results, and similar data to track the ROI of their training program. We only share this information with entities that are already authorized to have it (typically, the organization that gave you access) and solely for program management and workforce development purposes. These organizations must handle your information in compliance with applicable privacy laws, and they are not allowed to use it for unrelated purposes. If you leave an employer or sponsor, you may lose access to the Platform under that account; however, you may be able to retain or transfer your data to an individual account (please contact us for options in such cases).

Educational or Accreditation Partners:

In some cases, we may partner with educational institutions or certification boards to offer certain programs. If you enroll in a co-sponsored course or seek an accreditation that involves a third-party institution, we will inform you at enrollment if any data sharing with that partner is necessary. For example, if a university accredits a course on our Platform, we might need to share your course performance data with the university for credit recognition. Such sharing will be limited to what is required in that context and will be disclosed to you when you sign up for the program.

Affiliates:

If SpecterAI is part of a corporate group or if we establish subsidiaries or affiliates, we may share personal information with those affiliated entities (e.g., a parent or sister company) for purposes consistent with this Privacy Policy. For instance, if SpecterAI, Inc. establishes a branch in the EU to better serve European customers, we might transfer user data to that branch. Any SpecterAI affiliate that accesses personal information will do so under the same obligations of confidentiality and security.

Business Transfers:

In the event that SpecterAI undergoes a business transaction such as a merger, acquisition by another company, reorganization, or sale of all or part of its assets, your personal information may be disclosed to or transferred as part of that transaction. We would only do this subject to appropriate protections and only if the receiving party agrees to uphold privacy standards equivalent to those in this Policy. Similarly, if SpecterAI is involved in a bankruptcy or restructuring, personal data may be considered an asset and could be transferred to third parties as allowed by law. In any such scenario, we will provide you notice (e.g., via email or a prominent notice on our site) before your personal information is transferred or becomes subject to a different privacy policy. You would then have the opportunity to stop using the Platform or exercise any rights you have with respect to your data.

Legal Compliance and Protection:

We may disclose personal information to third parties (such as courts, law enforcement authorities, regulators, or others) when we believe, in good faith, that such disclosure is necessary to: (a) comply with any applicable law, regulation, legal process, or governmental request; (b) enforce our Terms of Service, Honor Code, or other agreements; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of SpecterAI, our users, or the public. For example, we may share information with law enforcement in response to a valid subpoena or to report misuse of the Platform. We will limit the information disclosed to what is reasonably necessary and will object to overbroad or inappropriate requests as appropriate. When permitted, we may notify you of such legal demands.

Integrity and Security Partners:

We might share certain information with specialized third parties to help us ensure platform integrity. For instance, we could share data with fraud prevention services or academic integrity consultants to analyze patterns and identify cheating or account misuse. We may also share information with our professional advisors (lawyers, auditors) as needed for them to provide services to us under strict confidentiality.

With Your Consent or At Your Direction:

Apart from the cases listed above, we will share your personal information with third parties only if you give us specific permission to do so. For example, if you ask us to send your course completion certificate to a prospective employer or to connect you with a mentor, we will share data at your request. Similarly, if you participate in a public forum, webinar, or community feature on our Platform, any information you voluntarily post (e.g., in a discussion board visible to other learners) may be accessible to those audiences by design. We advise you to exercise discretion when sharing personal information in any public areas of the Platform. We are not responsible for how other users may use information you make public in these contexts.

Aggregate or De-Identified Information:

We may share aggregated, anonymized information that cannot reasonably identify you with third parties for various purposes, such as research, analytics, or promotional use. For instance, we might share statistics about overall platform usage or learning outcomes with researchers or publish trend reports. This information will not include any personal identifiers. We may also share de-identified data sets with educational researchers or partners to advance the science of learning, after ensuring such data cannot be linked back to individual users.

No Sale of Personal Data:

SpecterAI does not and will not sell or rent your personal information to data brokers or third parties for their own marketing use. We do not share personal data with third parties for cross-context behavioral advertising or targeted advertising purposes without your opt-in consent, and we do not allow third parties to collect information on our site for their independent use except as described (e.g., cookie providers as explained in Cookies and Tracking). In the past 12 months, we have not sold any personal information and have only disclosed personal information to service providers or others as described in this Policy, which is considered a “business purpose” disclosure under laws like CCPA.

Access and Portability:

You have the right to request a copy of the personal information we hold about you. This includes information you provided to us and information about how we have used or shared it. We will provide this data in a commonly used electronic format. For EU users, you have the right to data portability, meaning in certain situations you can request to receive your personal data in a structured, machine-readable format, or ask us to transmit it to another controller where technically feasible.

Correction (Rectification):

If any of your personal information is inaccurate or incomplete, you have the right to request a correction or update. Many data points (like your name, email, etc.) can be edited directly by you in your account profile. For any information that you cannot update yourself, you may contact us and we will correct any inaccuracies without undue delay, as required by law.

Deletion (Right to be Forgotten):

You may request that we delete your personal information, and we will honor such requests to the extent required by applicable law. If you have an account with SpecterAI, you can also initiate deletion by using any self-service account deletion function (if available) or by contacting us. Upon verification of your request, we will deactivate and delete your account and remove your personal data from our records, except for information we are required or permitted to retain by law. Note that we may need to keep certain data for a limited time for legitimate business or legal purposes, for example, records of transactions for financial reporting, or data required to enforce our rights or comply with legal obligations (see Data Retention below). If you request deletion, we will also inform any service providers or third parties with whom we have shared your information (for purposes of providing our service) to delete your information, as required by law. Important: Deleting your data is irreversible and means you will lose access to any certifications and course progress tied to your account. We may ask you to verify your identity and intent before deleting an account due to the permanent nature of deletion.

Restriction of Processing:

You have the right to ask us to limit or “pause” the processing of your personal data in certain circumstances. For example, if you contest the accuracy of your data, you can request we restrict processing until the accuracy is verified. You can also request restriction if you believe our processing is unlawful or if we no longer need the data but you want us to preserve it for legal claims. When processing is restricted, your data will still be stored but not used (other than to comply with your request or for legal reasons).

Objection to Processing:

You have the right to object to our processing of your personal information when such processing is based on our legitimate interests (including profiling based on those interests). If you object, we will evaluate your request and will stop or adjust the processing unless we have compelling legitimate grounds to continue or the processing is needed for legal claims.

Direct Marketing and Analytics:

You can always object to your data being used for direct marketing or certain analytics. If you opt-out of marketing, we will stop sending marketing emails. If you object to analytics tracking (e.g., via cookies), see Cookies and Tracking on how to adjust those settings.

Research or AI Training:

If you object to your data being used for our research or AI model improvement purposes, we will exclude your data from those processes, as those are not strictly required for providing the core service. To object, you may contact us at privacy@specterai.ai with your request. Please note, if you restrict or object to processing that is essential for us to provide the Platform (for example, objecting to data use that is necessary for running your account or ensuring security), we may not be able to provide you with certain services or features. We will inform you if this is the case so you can make an informed decision.

Withdrawal of Consent:

If we rely on your consent to process any personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing conducted prior to your withdrawal. For example, if you consented to biometric proctoring, you can later withdraw consent; however, doing so might mean we cannot offer you the proctored exam and thus you might not complete a requirement. If you withdraw consent for marketing emails, we will stop sending them. Withdrawing consent for optional data processing will not affect your access to the Platform’s core services, but as noted, it may limit certain features that require that data.

Opt-Out of Sale or Sharing (CCPA/CPRA):

As noted, we do not sell personal information. If you are a California resident, you still have the right to direct us not to sell or share your personal data for cross-context behavioral advertising. We treat all such requests seriously. We have provided a clear affirmation that we do not sell data, but if you still send us a “Do Not Sell or Share My Personal Information” request, we will honor it by maintaining your data off any future sale/sharing lists and confirming our practices. California residents can also enable the Global Privacy Control (GPC) or similar browser signals; if we detect such a signal, we will treat it as a valid opt-out of sale/sharing request. We do not knowingly share data in a way that would trigger this right, but we respect and implement these preferences.

Non-Discrimination:

We will not discriminate against you for exercising any of these rights. In other words, if you choose to exercise your privacy rights (such as requesting deletion or opting out of data sharing), we will not deny you our services, charge you different prices, or provide you a lower quality of service because of your decision. The only scenario in which service might be affected is if a request inherently prevents us from providing something (e.g., if you ask us to delete all your data, we cannot keep your account active). But we will not otherwise retaliate or impose penalties as a result of your choices, consistent with laws like CCPA that prohibit such discrimination.

Additional Canadian Rights:

If you are in Canada, in addition to the rights above (which we extend to you), you have the right to file a complaint with the Office of the Privacy Commissioner of Canada or your provincial privacy regulator. We will work with you to address any concerns. PIPEDA gives you the right to access your personal information and challenge its accuracy. We will assist with those requests as described. SpecterAI does not engage in automated decision-making that produces legal effects without human involvement; if that changes, and it involves your data, we will ensure compliance with any consent or explanation requirements under Canadian law.

Other Jurisdictions:

If you are in a jurisdiction not explicitly listed, we will still endeavor to honor your requests regarding your personal data to the extent feasible. For example, residents of certain U.S. states (like Virginia, Colorado, Connecticut, etc.) have rights similar to CCPA and GDPR (access, deletion, etc.), and we extend the same courtesy to you. If we are unable to fulfill a request that is not legally required in your region, we will inform you and explain the reasons. Users in regions such as the EU/UK have the right to lodge a complaint with their Data Protection Authority (DPA) if they believe we have infringed their data protection rights. Users in other countries may have similar avenues with local regulators.

Additional U.S. State Rights:

If you reside in states such as Virginia, Colorado, Connecticut, Utah, Delaware, or Oregon, you may also have specific rights under your state’s privacy law. These rights may include the right to opt out of targeted advertising, the right to opt out of profiling in furtherance of decisions with significant effects, and the right to appeal our response to a data rights request. We will honor these rights as required by law. Instructions on how to exercise them are provided below under “Exercising Your Rights.”

Exercising Your Rights:

To make any request regarding your personal data, you can contact us at privacy@specterai.ai. Please indicate the right you wish to exercise and provide sufficient information for us to verify your identity (we take privacy of others seriously, so we need to ensure the person making a request is actually the data subject or their authorized agent). For certain requests, we may also provide self-service tools: for example, you can usually access and update your profile information by logging into your account. If available, you may also use an online portal for data requests. We will respond to valid requests within the timeframes set by law (for instance, within 30 days for many jurisdictions, with the possibility of a reasonable extension if necessary). There is generally no fee for these requests, but if a request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on it (we will explain our reasoning in such cases).

Appeals Process:

If we deny your request to exercise a privacy right, you have the right to appeal our decision. To do so, please reply to our denial communication with “Appeal” in the subject line or contact privacy@specterai.ai. We will review your appeal within forty-five (45) days (or the period required by your state law) and notify you of the outcome, including information on how to escalate your complaint to your state’s Attorney General or data protection authority if you remain unsatisfied.

Opting Out of Marketing and Analytics:

As noted, you can unsubscribe from marketing emails anytime. For analytics and advertising cookies, see Cookies and Tracking below for opt-out options. SpecterAI honors Global Privacy Control (GPC) signals and similar legally recognized browser or device-level privacy signals. When we detect such a signal, we will automatically treat it as a valid request to opt out of the sale or sharing of personal information and disable all non-essential cookies, including advertising and tracking cookies.

Consent for Biometric and Research Data:

We will explicitly seek your consent for biometric data collection where required by laws such as GDPR, certain U.S. state laws (e.g., Illinois BIPA), or Canadian law. This consent will explain why the data is needed and how it will be used. You have the right to decline or revoke consent for biometric processing. If you withdraw consent, we will delete the biometric data we have collected (unless retention is required by law), and we will provide an alternative solution if possible (for example, arranging an in-person exam if feasible, or simply not using biometric proctoring though this may impact certification eligibility). For use of your data in research or product improvement that is beyond the scope of providing the service, we will either base it on legitimate interests (with strong privacy safeguards and an opt-out) or ask for your consent, depending on the context. You can opt out of such secondary uses at any time as described above.

Encryption in Transit and At Rest:

All data transmitted between your browser/app and our servers is encrypted using Transport Layer Security (TLS). This means that personal information (including login credentials and any sensitive data) is protected from eavesdropping when sent over the internet. Likewise, we encrypt personal data at rest in our databases and storage using strong encryption algorithms (such as AES-256). AES-256 encryption is a widely adopted industry standard, considered extremely secure and recommended by cybersecurity experts. By using robust encryption, we aim to ensure that even if data were to be accessed without authorization, it would be unreadable and unusable.

Access Controls and Authentication:

Access to personal data within SpecterAI is restricted to authorized employees and contractors who need it to perform their job duties. We employ role-based access control, meaning staff can only access the specific data necessary for their role. Administrative access to systems storing personal data is protected with strong authentication (such as multi-factor authentication) to prevent unauthorized logins. We also enforce least privilege principles so that even authorized personnel only have the minimum access necessary.

Automated Password System:

For user accounts, we utilize a secure password management system. In many cases, users do not set their own passwords on SpecterAI; instead, passwords may be auto-generated by our system to meet high complexity requirements. If we provide or reset a password for you, it will be a strong, random password that you should keep confidential. (You may be able to change this password later, depending on our account settings, but we encourage always using a strong unique password.) By automating password generation, we reduce the likelihood of weak passwords. All passwords are stored in hashed form (using modern hashing algorithms) and not in plain text.

Audit Logs and Monitoring:

We maintain detailed audit logs of system access and data queries. These logs record when sensitive data is accessed, by whom, and what actions were taken. We monitor these logs for any unusual or unauthorized activity. Audit trails help us detect and investigate suspicious behavior and provide an additional layer of accountability. Users (including employees) are aware that their actions in systems are logged, which acts as a deterrent to misuse. Our security team employs intrusion detection and prevention systems to monitor access patterns and network traffic for signs of malicious activity.

Network and Application Security:

We protect our IT infrastructure using firewalls, network segmentation, and up-to-date security software. Regular security scans, vulnerability assessments, and penetration testing are conducted to identify and address potential weaknesses. Our applications are developed following security best practices (including OWASP guidelines for web security) and undergo code reviews and testing to mitigate common vulnerabilities. We also utilize anti-malware and anti-virus solutions to protect against viruses or other threats.

Limited Employee Access and Training:

Only a limited number of authorized SpecterAI personnel have access to personal data, and they are trained in privacy and security practices. Every SpecterAI employee undergoes background checks as permitted by law and is required to sign confidentiality agreements. We conduct privacy and security training for all staff to keep awareness high. Our internal policies strictly forbid any employee from accessing user data without a valid business reason. Any access to user conversations, proctoring videos, or personal details (for example, by a support engineer investigating an issue) is logged and only done when necessary to assist you or maintain the system. Employees understand that misuse of data could lead to disciplinary action, including termination.

Data Minimization and Retention:

We follow the principle of data minimization. We store the least amount of personal data necessary for the purposes described. We also retain personal data only for as long as needed (see Data Retention below), thereby limiting exposure. When data is no longer needed, we dispose of it securely, using techniques like secure deletion or anonymization.

Physical Security:

The data centers and cloud infrastructure we use have strong physical security controls. These typically include 24/7 monitoring, access badges, biometric scanners, and strict personnel entry logs. Even though much of our data is in the cloud, any offices or local systems that might contain personal data are secured to prevent unauthorized entry or theft (e.g., locked cabinets, alarm systems, and device encryption for laptops).

Third-Party Security:

Before engaging any third-party service provider that will handle personal data, we vet their security practices to ensure they meet our standards. We require our vendors to use appropriate security measures and to notify us promptly of any security incidents. We maintain a list of approved subprocessors and ensure they sign data protection agreements. If a vendor doesn’t meet our security requirements, we will not entrust data to them.

Incident Response:

SpecterAI has an incident response plan in place for handling potential data breaches or security incidents. If we detect any breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data, we will promptly act to contain and remediate the issue. In the event of a data breach affecting your personal information, we will notify you and relevant authorities as required by law. Notification may be via email or posting a prominent notice on our website, and will include information about what happened and recommendations for your protection. We also periodically test and update our incident response procedures to ensure we can react effectively.

Data Retention Schedule:

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. For example, account information is retained while your account is active; proctoring videos and biometric data are retained for no more than three (3) years after the exam date unless required by law; payment transaction records are retained for seven (7) years to comply with financial regulations; and support communications are retained for two (2) years. When the applicable retention period ends, we securely delete or anonymize the data. A detailed retention schedule is available upon request.

What Are Cookies?

Cookies are small text files that websites place on your device (computer, tablet, smartphone) when you visit. They are widely used to make websites work, to remember your preferences, and to gather information about how you interact with the site. Cookies can be “session cookies” (which expire when you close your browser) or “persistent cookies” (which remain on your device for a set period or until you delete them).

Cookies We Use:

SpecterAI uses the following categories of cookies on our Platform:

Essential Cookies:

These are necessary for the website and Platform to function properly. They include, for example, cookies that enable you to log into secure areas of our site, navigate the Platform, or access course content. Essential cookies are also used to remember things like your session ID so you don’t have to log in repeatedly as you move through the site. Without these cookies, certain services you have asked for (such as secure account log-in or adding items to your cart) cannot be provided. Because they are necessary for the operation of the site, you cannot opt out of essential cookies.

Functional Cookies:

These cookies allow our site to remember choices you make and provide enhanced, more personal features. For instance, they might remember your preferences such as language selection, volume level, or the last page you visited in a course. They may also be used to provide services you have requested, like playing a video or remembering if you already completed a survey. Functional cookies are not strictly necessary but improve your experience. You can disable them, but some preferences may not be saved.

Analytics and Performance Cookies:

We use these to collect information about how users use our Platform, in order to improve it. They help us understand which pages are popular, how users move through the site, and if they encounter errors. For example, we use Google Analytics or similar tools to analyze site usage data (like which pages users visit, how long they stay, and how they got to our site). The information collected is generally aggregated and does not directly identify you. It helps us improve our content and design. We may also use these cookies to track the effectiveness of our communications and troubleshoot any issues. If you opt out of analytics cookies, your visits will not be part of our analytical data.

Advertising and Marketing Cookies:

At present, SpecterAI’s use of advertising cookies is limited, but we may in the future use cookies or pixels to help deliver relevant SpecterAI advertisements on third-party websites or to measure the effectiveness of our marketing campaigns. For example, if we run ads on other platforms (like Google or LinkedIn), we might use cookies and similar tech to know if someone who saw an ad later signed up on our site. We might also use retargeting cookies to show you ads for SpecterAI if you visited our site. These cookies may collect data about your online activity over time and across different sites. We will obtain your consent (where required by law) before using marketing cookies. You can manage your preferences to allow or refuse these cookies.

Third-Party Cookies and Social Media:

Some third-party services that we integrate with the Platform may set their own cookies. For instance, if our site includes content from third parties (like a YouTube video, or a social media “share” button), those third-party services may set cookies. Similarly, our use of analytics and advertising services (Google, Facebook Pixel, etc.) involves third parties setting cookies to track user behavior. We also may use a third-party AI or chat widget that uses cookies. These third parties have their own privacy policies and cookie policies. While we try to only partner with reputable companies, we do not have direct control over the cookie practices of third parties. Notably, if you use the mobile app, cookies per se might not be used, but similar tracking may occur via SDKs and device identifiers. We treat those similarly and give you options through your device settings.

Third-Party Use of Data:

Some third parties (such as analytics providers and advertising networks) may collect personal data through our Platform for their own independent purposes. These parties may use such information for cross-context behavioral advertising or profiling. Where required by law (e.g., under the California CPRA), we will obtain your opt-in consent before enabling such third-party tracking. You may also exercise your right to opt out at any time by using the tools described in this section.

Cookie Consent and Management:

When you first visit our site (and periodically thereafter), you will see a cookie notice or banner that informs you of our use of cookies and allows you to manage your cookie preferences. You can choose to accept all cookies or reject non-essential cookies. If you opt out of certain categories (like analytics or marketing), those cookies will not be set, and any previously set will be disabled where possible.

Additionally, most web browsers allow you to control cookies through their settings preferences. You can usually configure your browser to refuse some or all cookies, or to prompt you before accepting a cookie from websites. You can also delete cookies that have already been set. However, please note: If you block or delete essential cookies, the Platform may not function correctly, and you may not be able to log in or use certain features.

For analytics cookies, Google offers an opt-out browser add-on (for Google Analytics) which you can install to prevent data from being used by GA. For advertising, you can visit industry opt-out sites like the Network Advertising Initiative’s opt-out page or the Digital Advertising Alliance’s opt-out page to opt out of interest-based advertising cookies from participating companies. On mobile devices, you can use your device settings to limit ad tracking.

Do-Not-Track Signals:

“Do Not Track” (DNT) is a preference you can set in your browser to signal that you do not want to be tracked across websites. The web industry is currently still working on DNT standards, and not all services respond to DNT signals. However, SpecterAI respects global privacy signals where feasible. If we detect a DNT or Global Privacy Control signal in your browser, we will treat it as an opt-out of any data sale/sharing and will disable non-essential cookies (especially advertising cookies) to the extent we can. Keep in mind that DNT may not affect essential cookies which are needed for our site to run.

Analytics Tools:

We may use tools such as Google Analytics, which use cookies and similar technologies to collect and analyze information about use of the Platform and report on activities and trends. These tools may also collect information about the use of other websites, apps, and online resources. You can learn about Google’s practices at Google’s site and opt out by downloading the Google Analytics opt-out browser add-on.

Marketing and Email Tracking:

In addition to cookies, we may use tracking technologies in our email communications. For example, some emails may include a “web beacon” or pixel that tells us if you open the email or click on a link within it. This helps us gauge the effectiveness of our communications and know what content is of interest to users. You can disable image loading in your email client if you do not want to allow this tracking in emails, or you can simply unsubscribe from marketing emails.

Behavioral Advertising:

As of now, SpecterAI does not host third-party ads on our Platform, but we may advertise our own services on other websites. If we engage in remarketing (showing you SpecterAI ads on other sites based on your activity on our site), cookies or pixels would be used to facilitate that. If you prefer not to see targeted SpecterAI ads, you can opt out via the ad settings of the platforms we use (for example, Google Ads settings, Facebook Ad preferences) or using the broader opt-out mechanisms described above. Even if you opt out of targeted advertising, you may still see non-personalized ads for SpecterAI or other services; they just won’t be tailored to you.

Cookie Duration:

The length of time a cookie stays on your device varies. Session cookies last until you stop browsing (or shortly after). Persistent cookies last for a defined period (which could be minutes, days, or even years). We set persistent cookies for certain preferences (like remembering you on return visits) or for long-term analytics. You can see the specific expiration of cookies in your browser’s cookie manager.

Changes to Cookie Usage:

If we make any significant changes to how we use cookies or tracking technologies (for instance, if we begin using new types of cookies), we will update our Cookie Policy (this section) and, if required, prompt you to review your settings again. We may also provide notice via the site or email if necessary.

Standard Contractual Clauses (SCCs):

For personal data originating from the European Economic Area (EEA), UK, or Switzerland, which are transferred to the U.S. or other countries not deemed “adequate” by EU/UK authorities, we rely on approved Standard Contractual Clauses. These are legal contracts that ensure that the data receives an adequate level of protection and that data subjects’ rights are upheld. Our Terms of Service or Data Processing Agreement (for enterprise clients) incorporate these clauses where relevant, binding us and the data recipient to protect the data to EU standards. A copy of these clauses can be provided upon request.

Adequacy Decisions:

Where applicable, if a country to which we send data has been formally recognized by the EU or other jurisdictions as having adequate data protection (an “adequacy decision”), we may rely on that as the transfer mechanism. (For instance, transfers to Canada or Japan might fall under adequacy rules.)

Other Transfer Mechanisms:

We may also rely on additional safeguards such as Binding Corporate Rules (if applicable in the future), or consent from the individual in certain cases, or other mechanisms allowed by law. If you initiate a transfer (for example, by accessing our services from outside the US or by requesting we email you at an international address), that may be considered consent to the cross-border transfer.

Data Storage Locations:

Our primary data centers are in the U.S. We may also utilize cloud services that could store data in multiple global regions (for redundancy or content delivery). We choose reputable providers (like AWS, Azure, Google Cloud) that offer robust security and privacy commitments, including compliance with international standards.

Access by International Teams:

SpecterAI may have support, engineering, or other teams in various countries (for example, an EU support desk or developers in Canada). Any access to personal data by these teams is done under the same strict controls and only as necessary. We ensure that our internal transfers of data (for example, from our U.S. servers to an employee working remotely in another country) also comply with our data transfer agreements and security standards.

Your Rights Regarding International Transfers:

If you are in the EEA, UK, or Switzerland, you have certain rights to be informed about and object to certain transfers of your data. We have explained our transfer mechanisms above; if you require further information about these safeguards, you can contact us (see Contact Information below). In some cases, we may also honor requests to store data in a specific region (for enterprise customers under special agreements), but for individual users, data will likely be stored in the U.S.

Material Changes:

If we make any material changes to how we collect or use personal information, we will take steps to notify you in advance. For example, we may provide a prominent notice on our website or within the Platform, or send you an email notification, explaining the changes and when they will take effect. In some cases (especially if required by law), we might seek your consent to changes in the way we use your data.