Privacy Policy
Last updated: April 3, 2026
1. Data we collect
Spekia only collects the data necessary to provide the service:
— Email address: for magic link authentication.
— Session conversations: your voice and text exchanges with the AI during scoping sessions.
— Generated documents: the PRD and technical prompt produced at the end of each session.
— Payment data: processed exclusively by Stripe. We never store card numbers.
— Email address: for magic link authentication.
— Session conversations: your voice and text exchanges with the AI during scoping sessions.
— Generated documents: the PRD and technical prompt produced at the end of each session.
— Payment data: processed exclusively by Stripe. We never store card numbers.
2. Encryption and security
All sensitive data (conversations, PRD, technical prompt) is encrypted with AES-256 column-level encryption in our database. This means that even if the database were accessed without authorization, your data would remain unreadable.
Communications between your browser and our servers are protected by HTTPS/TLS.
Communications between your browser and our servers are protected by HTTPS/TLS.
3. Data access
Your session data is strictly private. No employee, administrator, or third party can access the content of your conversations or generated documents.
Only your authenticated account can read, share, or delete your sessions.
Only your authenticated account can read, share, or delete your sessions.
4. Third-party sharing
We never sell, rent, or share your data with third parties for commercial purposes.
The only sub-processors with limited technical access are:
— Google (Gemini): LLM processing to generate AI responses. Data sent is the current conversation content.
— Deepgram: real-time voice transcription (audio streamed, not stored by Deepgram).
— ElevenLabs: text-to-speech synthesis for AI responses.
— Stripe: secure payment processing.
— SMTP (email): sending magic login links.
None of these sub-processors has access to your complete session data.
The only sub-processors with limited technical access are:
— Google (Gemini): LLM processing to generate AI responses. Data sent is the current conversation content.
— Deepgram: real-time voice transcription (audio streamed, not stored by Deepgram).
— ElevenLabs: text-to-speech synthesis for AI responses.
— Stripe: secure payment processing.
— SMTP (email): sending magic login links.
None of these sub-processors has access to your complete session data.
5. Data deletion
You can permanently delete any session at any time from your dashboard. Deletion is irreversible and erases:
— All conversations (user and AI messages)
— Generated documents (PRD and technical prompt)
— Associated metadata
Deleted data cannot be recovered.
— All conversations (user and AI messages)
— Generated documents (PRD and technical prompt)
— Associated metadata
Deleted data cannot be recovered.
6. Data retention
Your session data is retained as long as your account is active and you have not deleted the session.
If you delete your account, all your sessions and associated data are automatically and permanently deleted.
If you delete your account, all your sessions and associated data are automatically and permanently deleted.
7. Cookies
Spekia only uses technical cookies necessary for authentication (httpOnly JWT cookie). We do not use any tracking, advertising, or third-party analytics cookies.
8. Your rights (GDPR)
Under the GDPR, you have the following rights:
— Access: view all your session data from your dashboard.
— Deletion: delete any session at any time.
— Portability: download your generated documents as PDF.
— Rectification: edit your session titles.
For any request, contact us at privacy@spekia.app.
— Access: view all your session data from your dashboard.
— Deletion: delete any session at any time.
— Portability: download your generated documents as PDF.
— Rectification: edit your session titles.
For any request, contact us at privacy@spekia.app.
9. Changes
This policy may be updated. In case of significant changes, we will notify you by email.