This Privacy Policy explains how Specter Automations ("Specter", "we", "us") collects, uses, and protects personal information. It applies to:
- Website visitors who browse specterai.co.uk, specterautomations.com, or related sites
- Hotel guests whose messages are processed through the Specter AI platform
- Hotel staff who use the platform or whose contact details are stored in the system
- Hotel clients (GMs, HODs) who use the dashboards and manage their hotel's configuration
Questions about your data? Email hello@specterai.co.uk.
1. Who We Are
Specter Automations provides AI-powered operational intelligence to UK hotels. Our platform processes WhatsApp messages from hotel guests and staff, classifies them using AI, routes them to the right department, and generates daily intelligence briefs.
Contact: hello@specterai.co.uk
Website: specterai.co.uk
2. Information We Collect
2a. Website Visitors
When you visit our website, we collect minimal information:
- Usage data: Pages viewed, time on site, referral source. Collected via Cloudflare analytics (privacy-focused, no cookies).
- Contact form data: If you submit a form or book a demo, we collect your name, email, and any information you provide.
- Cookies: We use only essential cookies for site functionality. No advertising or tracking cookies.
2b. Hotel Guests
When you interact with a hotel via the Specter AI WhatsApp service:
| Data | How Collected | Why |
|---|---|---|
| Name | You provide it when registering via the guest landing page | To identify you in conversations and personalise responses |
| Room number | You provide it when registering | To route requests to the correct location (e.g., maintenance to your room) |
| Phone number | Automatically captured from your WhatsApp messages | To maintain your conversation thread and send responses |
| Message content | Messages you send via WhatsApp to the hotel | To classify your request and route it to the right department |
| Sentiment and classification | Generated by AI from your messages | To prioritise urgent requests and improve service |
Important for hotel guests: Your hotel is the Data Controller for your personal information. Specter processes your data on behalf of the hotel to deliver the messaging service. If you want to exercise your data rights (access, deletion, etc.), contact the hotel directly or email us and we will direct your request appropriately.
2c. Hotel Staff
If you are a hotel staff member using the Specter platform:
- Contact details: Name, email, phone number, department, role — provided by your hotel's management
- Messages: WhatsApp messages you send to the hotel's Specter number are processed the same as guest messages
- Dashboard activity: If you have a dashboard login, we log login times and activity for security purposes
2d. Hotel Clients (GMs, Business Contacts)
- Account information: Name, email, hotel name, billing details
- Payment data: Processed by Stripe — we do not store card numbers
- Dashboard usage: Login activity, configuration changes, for security and support
3. How We Use Your Information
| Purpose | Legal Basis (UK GDPR) |
|---|---|
| Processing guest/staff messages for classification and routing | Legitimate interest (hotel's operational need) / Contract performance |
| Generating daily intelligence briefs | Contract performance (service delivery to hotel client) |
| Sending WhatsApp responses to guests | Legitimate interest (guest requested service by messaging) |
| Processing payments | Contract performance |
| Improving the AI classification system | Legitimate interest (service improvement) |
| Website analytics | Legitimate interest (understanding website usage) |
| Responding to enquiries | Consent (you contacted us) / Legitimate interest |
4. AI Processing
Your messages are processed by an AI system (Anthropic's Claude) for classification purposes. This means:
- The AI reads your message to determine which department should handle it, how urgent it is, and whether it can be answered automatically.
- The AI may generate a suggested response based on the hotel's knowledge base (e.g., breakfast hours, WiFi password).
- Your message content is sent to Anthropic's API for processing. Anthropic does not use API inputs to train their models.
- No automated decisions with legal or significant effects are made about you. Classification determines message routing, not access to services or contractual terms.
- If you believe a message was mishandled, contact the hotel directly. Hotels can review and override any AI classification.
5. Who We Share Data With
We share personal data only with service providers necessary to deliver the platform:
- Anthropic (San Francisco, USA) — AI message classification. Receives message text only. Does not train on API data.
- Twilio (San Francisco, USA) — WhatsApp message delivery. Receives phone numbers and message content.
- Supabase (Frankfurt, EU) — Database hosting. Stores all operational data.
- Stripe (USA) — Payment processing for hotel subscriptions. Receives billing details.
- Cloudflare (Global) — Website hosting and CDN. Processes IP addresses for content delivery.
Where data is transferred outside the UK/EU, it is protected by Standard Contractual Clauses or equivalent legal safeguards.
We do not sell personal data. We do not share personal data with advertisers. We do not use personal data for marketing to hotel guests.
6. How Long We Keep Your Data
- Guest messages: 90 days in active systems, then archived for the duration of the hotel's subscription. Deleted 30 days after subscription ends.
- Guest records: 90 days after checkout, then archived. Deleted 30 days after subscription ends.
- Staff records: Duration of the hotel's subscription. Deleted 30 days after subscription ends.
- Website enquiries: 12 months, then deleted.
- Payment records: As required by UK tax law (typically 6 years).
7. Your Rights
Under UK GDPR, you have the right to:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Ask us to correct inaccurate data.
- Erasure: Ask us to delete your data ("right to be forgotten").
- Restrict processing: Ask us to temporarily stop processing your data.
- Data portability: Receive your data in a structured, machine-readable format.
- Object: Object to processing based on legitimate interests.
To exercise any of these rights, email hello@specterai.co.uk. We will respond within 30 days.
For hotel guests: Your hotel is the Data Controller. We recommend contacting the hotel first. If you contact us, we will coordinate with the hotel to fulfil your request.
8. Security
We protect your data with:
- Encryption in transit (TLS 1.2+) and at rest (AES-256)
- Access controls and authentication on all systems
- Row-level database security isolating each hotel's data
- Webhook signature verification to prevent data spoofing
- Regular security reviews and access audits
No system is 100% secure. If we discover a data breach affecting your personal data, we will notify the relevant hotel and, where required, the Information Commissioner's Office within 72 hours.
9. Children's Data
The Specter AI platform is not directed at children under 16. If a child sends a message to a hotel via WhatsApp, it will be processed in the same way as any other message. We do not knowingly collect additional information from children. If you believe a child's data has been processed inappropriately, contact us at hello@specterai.co.uk.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will post changes on this page with an updated "Last updated" date. For material changes affecting hotel clients, we will also send email notification.
11. Complaints
If you have concerns about how we handle your data, please contact us first at hello@specterai.co.uk. We will work to resolve your concern.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk
Phone: 0303 123 1113
For any privacy questions, contact us at hello@specterai.co.uk.