Sperotel Technologies LLP built the Sperotel Messaging, Sperotel Mobile Application, BlackOS and Juvo. This SERVICE is provided by Sperotel Technologies LLP and is intended for use as is.
Privacy is essential, and we want you to understand the issues involved. Therefore, we used plain English to make our terms as straightforward as possible.
Where you read ‘Sperotel’, ‘Sperotel Services’, ‘Sperotel Messaging’, ‘BlackOS’ or ‘sperotel.com’, it refers to all services made available at https://sperotel.com.
Where you read 'sperotel server', 'sperotel servers , it refers to the services configured within Sperotel which store the user account and personal conversation history, provide additional functionality such as bots and integrations, and (where enabled by the Customer) communicate via the third-party application services.
Where you read ‘the Service’ in this document, it refers to the Sperotel Messaging app instances exposed on https://sperotel.com (or subdomains or customer’s domain) by Sperotel Technologies LLP. Where you read ‘Sperotel’ or ‘we’ or ‘us’ below, it refers to Sperotel Messaging, a trading name of Sperotel Technologies LLP and their agents.
This document explains how we process personal data as it relates to:
This document does not cover the following:
This document explains data protection issues relating to Sperotel Customers and Users. Simply put, you’re a Customer if you’re paying (or otherwise compensating) Sperotel to provide a dedicated hosted messaging service. If you have an account registered on a sperotel server that you use to send and receive messages or use the Sperotel Messaging application to connect any server within the Sperotel network, you are a User.
It is possible to be both a Customer and a User, but we encourage you to consider these roles separately when considering data protection concerns.
Sperotel Technologies has a different legal basis for processing based on which product you are using:
The customer can use Sperotel Services to provision and manage hosted Sperotel servers. The customer owns and controls all messages and files submitted to their server by User accounts registered natively on their server. This ownership does not extend to messages and files submitted over federation or bridging.
This means that, in addition to the usual data access controls defined by the core protocol, all unencrypted messages and files can be accessed by the customer, and that access is retained even if no User account within the system retains access to the data.
The information we collect is for the purpose of supporting your management of hosted servers through Sperotel Messaging Services or to support the operations of the Sperotel client. We do not profile server Users or their data. However, we might profile metadata pertaining to the configuration and management of hosted Sperotel servers to improve our products and services.
We collect information about you when you input it into the Sperotel Dashboard or Sperotel apps or otherwise provide it directly to us.
Sperotel Dashboard Home Customer Account and Profile Information
We collect information when you register for an account. This information is kept to a minimum on purpose and is restricted to the following:
Your authentication identifier is used to authenticate your access to Sperotel Dashboard at https://dashboard.sperotel.com and uniquely identify you.
Paying for hosted server services via Sperotel is handled entirely by our payment processor, Stripe. The processor stores your credit card information and billing contact information to process your monthly or annual automatic renewals or upgrade or downgrade your subscription without re-entering a credit card number.
We never have access to, nor store your full credit card information. The payment processor code we use also sets a cookie in your browser, to remember your info for future purchases. You can delete or block that cookie if you wish; our website will continue to work.
We require you to enter your billing information. This data, as well as the last four digits of your credit card, which is sent to us by our payment processor, is stored in our transaction database in order to maintain our financial records. This information appears on your invoice, which can be accessed by anyone who has been sent the url link to your invoice. We make the invoice links purposefully long and hard to guess for added security, and we prevent search engines from indexing them. The history of changes to the billing contact information on the invoice made by you or our team are logged and stored in our transaction database.
The data we collect in our transaction database, including Personal Data, is not shared with third parties, except for the purposes of determining the validity of payment. In this case, we may share the name and email address associated with the purchase with the credit card holder, your company’s accounting department, or with our payment processor when responding to a chargeback.
We might collect information about you through adverts placed on third-party platforms such as LinkedIn, Twitter or Google. Whenever you click an advert on these platforms, you may be asked to provide details such as:
Within each of these adverts you will be notified of the legal basis under which your data will be processed. This information will be stored on our CRM provider Pipedrive, and will be processed in accordance with this policy.
We log the IP addresses of everyone who accesses Sperotel Messaging and its services. This data is used in order to mitigate abuse, debug operational issues, and monitor traffic patterns.
Our logs are kept for:
We may collect location data if you use the static or live location-sharing features within the Sperotel Messaging app. This includes your longitude, altitude and latitude data to calculate your precise location accurately. Location data is held within the room in which it is shared, so it will be encrypted in encrypted rooms and not encrypted in rooms where encryption is switched off.
All our clients use the third-party service Maptiler to provide the images used to display maps.
In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to
We never store passwords in plain text; they are stored hashed. Passwords sent to the server are encrypted using SSL.
It is your sole responsibility to keep your user name, password and other sensitive information confidential. Actions taken using your credentials shall be deemed to be actions taken by you, with all consequences including service termination and civil and criminal penalties.
If you become aware of any unauthorised use of your account or any other security breach, you must notify Sperotel immediately by emailing email@example.com. Users should manage good password hygiene (e.g. using a password manager) and change their password if they believe their account is compromised.
These Services do not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do necessary actions.
Data stored in Sperotel is accessible by the customer’s account and by Sperotel engineers (employees and contractors) under the conditions outlined below.
- We restrict who at Sperotel (employees and contractors) can access non-encrypted data to roles that require access to maintain the health of the Application and Services.
We never share what we see with other users or the general public.
We host our services on Amazon Web Services (AWS):
Physical access to our offices and locations uses typical physical access restrictions.
We use secure private keys when accessing servers via SSH, and protect our AWS console passwords locally with a password management tool. Nobody at Sperotel, or any of our processors, is able to access encrypted data.
All of the Sperotel user data resides within the same dedicated cluster or on a dedicated cluster, depending on the plan a customer is subscribed to. We use software best practices to guarantee that only the customer can access it. In other words, we segment User data via software. We do our best and are very confident we’re doing an excellent job at it, but, like every other service that hosts User data on the same database, we cannot guarantee that it is immune to a sophisticated attack.
If you have discovered a security concern, please email us at firstname.lastname@example.org. We’ll work with you to ensure that we understand the scope of the issue and fully address your concern. Information security is our highest priority, and we work to address any issues that arise as quickly as possible.
Please act in good faith towards our users’ privacy and data during your disclosure. White-hat security researchers are always appreciated.
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention at email@example.com if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This policy is effective as of 2022-11-15
If you have any questions or suggestions about our Terms and Conditions, do not hesitate to contact us at firstname.lastname@example.org