Privacy Policy
Effective date: 2026-05-16
Launch-readiness draft. This document was authored to satisfy V1 launch gates. Final review and adjustments by qualified counsel are required before Specwarden charges paying customers. If you are reviewing this before that happens, please email legal@specwarden.ai with questions.
What we collect
- Account information: Your email address (from Clerk), the plan tier you choose, and the date you signed up.
- Review metadata: Filename, row count, detected standard (AIAG-RPN or AIAG-VDA), counts of findings by severity, whether AI degraded, and the timestamp.
- Usage logs: Which reviews ran on which days, for quota enforcement.
- Technical telemetry: Request IDs, error stack traces (with PII stripped via Sentry beforeSend).
What we do not collect
- The contents of your files — failure modes, supplier names, cell values are never persisted to our database.
- Body text of findings — only counts are stored.
- Persistent file binaries — uploads are parsed inside the request, then discarded.
- Anything from the file beyond what Specwarden needs to detect column structure and run rules.
Third-party processors
| Service | Purpose | Region | What they see | Compliance |
|---|---|---|---|---|
| Clerk | Authentication | US | Email, sign-in events | Trust Center |
| Anthropic | LLM review (Sonnet 4.6) | US | Anonymized FMEA row content during review only; not stored or used to train models per Anthropic's policy | Trust Center |
| Supabase | Database + file storage | US-East | Account metadata, review counts | Security |
| Sentry | Error tracking | US | Stack traces with PII stripped | Security |
| Resend | Email delivery | US | Recipient email, send timestamp | Security |
| Vercel Web Analytics | First-party page-view analytics | US | Pageview URL, referrer, device type, country (no cookies, no PII, no fingerprinting) | Privacy |
| Vercel Speed Insights | Core Web Vitals measurement | US | Page-load performance metrics (LCP, FID, CLS, INP) — no user data | Privacy |
Data retention
- Account information: kept until you delete your account.
- Review metadata: kept for 12 months for billing reconciliation, then anonymized.
- File contents: never stored (zero-second retention).
- Backups: weekly Postgres snapshots retained 30 days.
Your rights
- Access — email privacy@specwarden.ai for an export of everything tied to your account.
- Deletion — email the same address; we will process within 30 days.
- Portability — exports are in JSON.
- You can also disconnect at any time from Settings → Account → Delete.
Contact
Privacy inquiries: privacy@specwarden.ai
Changes to this policy
We will email registered users at least 14 days before a material change takes effect.