Privacy Policy

Last updated: 4 March 2026

1. Who We Are

Specter Automations Ltd ("Specter", "we", "us", "our") is an AI-powered operations intelligence provider for hotels. We are registered in England and Wales.

Data Controller: Specter Automations Ltd
Contact: jack@specterai.co.uk

2. What Data We Collect

2a. Hotel Clients (Data Processor Role)

When a hotel uses our platform, we act as a Data Processor on behalf of the hotel (the Data Controller). We process:

Guest data: Name, room number, phone number (via WhatsApp), and message content sent through the platform
Staff data: Name, role, department, phone number, and messages sent through the platform
Operational data: Message classifications, routing decisions, response times, and aggregated analytics

This data is processed solely to provide the hotel operations intelligence service. We do not use hotel guest or staff data for our own marketing purposes.

2b. Website Visitors

When you visit specterautomations.com, we may collect:

Contact information: Name and email address if you submit a contact form or request a demo
Usage data: Pages visited, time on site, and referring URL (via privacy-respecting analytics)

2c. Prospective Hotel Clients

We may collect publicly available business information about hotels for the purpose of outreach:

Hotel name, address, and publicly listed contact details
Publicly available review data and ratings
Information from hotel websites

3. How We Use Your Data

Service delivery: Processing WhatsApp messages, routing requests, generating intelligence briefs, and providing dashboard analytics for hotel clients
AI processing: Messages are processed by AI models (Anthropic Claude) for classification, routing, and brief generation. Messages are not used to train AI models.
Service improvement: Aggregated, anonymised analytics to improve our platform
Communication: Responding to enquiries, sending demo information, and service updates
Legitimate interest: Business-to-business outreach to hotels using publicly available contact information

4. Legal Basis for Processing (GDPR)

Contract performance: Processing hotel client data to deliver our service (Article 6(1)(b))
Legitimate interests: Business-to-business marketing, service improvement, fraud prevention (Article 6(1)(f))
Consent: Where you have opted in to receive marketing communications (Article 6(1)(a))
Legal obligation: Where we are required to retain data by law (Article 6(1)(c))

5. Data Sharing

We share data only with the following categories of recipients:

AI processing: Anthropic (Claude AI) — for message classification and brief generation. Anthropic does not retain or train on data sent via their API.
Messaging: Twilio — for WhatsApp message delivery
Infrastructure: Supabase (database hosting), Cloudflare (content delivery)
Email: Zoho Mail — for email communications

All sub-processors are bound by data processing agreements. We do not sell personal data to third parties.

6. Data Retention

Active hotel client data: Retained for the duration of the service agreement plus 90 days
Daily intelligence briefs: 14 days in the active dashboard; archived data retained for the contract period
Guest conversation data: Retained for 12 months after the guest's stay, then anonymised
Website enquiries: 24 months from last contact
Prospect data: 12 months from collection, refreshed if there is ongoing legitimate interest

7. Data Security

We implement appropriate technical and organisational measures to protect personal data:

All data encrypted in transit (TLS 1.2+) and at rest
Database access restricted by role-based permissions
API authentication on all service endpoints
Regular security reviews of our infrastructure
Sub-processors selected for their security standards and compliance

8. Your Rights

Under the UK GDPR, you have the right to:

Access: Request a copy of your personal data
Rectification: Correct inaccurate personal data
Erasure: Request deletion of your personal data ("right to be forgotten")
Restriction: Request we limit processing of your data
Portability: Receive your data in a structured, machine-readable format
Object: Object to processing based on legitimate interests or direct marketing
Withdraw consent: Where processing is based on consent, withdraw at any time

To exercise any of these rights, contact us at jack@specterai.co.uk. We will respond within 30 days.

Hotel Guest Rights

If you are a hotel guest and wish to exercise your data rights regarding messages sent through our platform, please contact the hotel directly in the first instance (as they are the Data Controller). You may also contact us and we will assist in facilitating your request.

9. International Transfers

Some of our sub-processors operate outside the UK. Where data is transferred internationally, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the ICO
Adequacy decisions where applicable
Assessment of the recipient country's data protection standards

10. Cookies

Our website uses only essential cookies required for the site to function. We do not use advertising or tracking cookies. If we introduce analytics, we will use privacy-respecting solutions and update this policy accordingly.

11. Children's Data

Our services are not directed at individuals under 18. We do not knowingly collect personal data from children. If a hotel guest is under 18, the hotel is responsible for ensuring appropriate parental consent.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email to hotel clients. The "Last updated" date at the top of this page indicates when this policy was last revised.

13. Complaints

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

ico.org.uk/make-a-complaint
Helpline: 0303 123 1113

14. Contact Us

For any questions about this privacy policy or our data practices:

Specter Automations Ltd
Email: jack@specterai.co.uk