Privacy Policy
Privacy Policy
Effective date: 2026-02-19
SpecAnchor processes data under principles of minimization and purpose limitation.
1. Data Collected and Purpose
| Category | Data | Purpose |
|---|---|---|
| Error reports | Anonymous installation ID, violation codes, status summary, minimal diagnostic attachments | Incident analysis and quality improvement |
| Local settings | Language preference, telemetry opt-out, local state files | Service operation and UX |
| Optional feature | OpenAI API key (stored locally and encrypted only if user opts in) | Enhanced AI explanation feature |
2. Data Minimization and Anonymization
- Source code, SoT content, absolute file paths, API keys and tokens are excluded from transmission.
- Path data is hashed and sensitive patterns are masked.
- Telemetry targets error-centric events only by default, not broad behavioral tracking.
3. Transmission Security
- Default transport uses HTTPS (TLS).
- If a public key is configured, envelope encryption (AES-GCM + public key wrapping) is used.
- On encryption failure, plaintext fallback is blocked; the event stays queued for controlled retry.
4. Retention
Queued telemetry and failed items are cleaned after policy windows (for example, 7 days) or when no longer needed for operational purposes.
5. Third-party Sharing and Processing
Except where required by law, data is not shared beyond stated purposes. If external infrastructure/processors are introduced, this policy will be updated accordingly.
6. Your Rights
- You can opt out of telemetry from settings at any time.
- You can remove locally stored API keys with the Forget action.
- You can request policy and processing information through the contact channel.
7. Contact
Contact: support@specanchor.com