Privacy Policy

Last updated: August 15, 2025 • Talos Automata, Inc.

Talos Automata, Inc. ("Spec," "we," "our," or "us") provides an AI assistant that operates locally on your Mac with optional integrations to your communications and productivity accounts. This Privacy Policy explains what data we collect, how we use it, how we process and protect it, and your choices. If you do not agree with this Policy, please do not use Spec.

1. Scope

This Policy applies to: (a) the Spec macOS application and companion services; (b) our websites and support channels; and (c) integrations you authorize. It does not apply to third-party services that maintain their own policies.

2. Data We Collect

2.1 Account and Profile Data

• Contact information (name, email, phone) you provide when creating or managing your Spec account or contacting support.
• Minimal account metadata used for sign-in (via Google Firebase Authentication).
• Billing data if you subscribe to paid services (handled by our payment processor).

2.2 Device and Technical Data

• Device identifiers, OS version, app version, crash logs, and diagnostics to maintain and improve functionality.
• Local configuration files and preferences.

2.3 Content and Integrations You Authorize

With your explicit permission, Spec can access and process data from your connected apps and accounts (e.g., Messages, Email, WhatsApp, Slack, calendars, files, notes, and meeting notes providers). By design, Spec reads only the content necessary to perform requested tasks and features.

2.4 Usage and Telemetry Data

Interactions with Spec features, prompts, actions taken, and performance metrics. Non-essential telemetry is opt-in by default.

2.5 User-Provided Content

Files, notes, and instructions you provide to Spec for processing. We never use your personal content for advertising and we do not sell your data.

3. How We Use Data

• Provide, operate, and improve Spec's features and services.
• Personalize assistance and automate authorized tasks.
• Maintain safety, security, abuse prevention, and integrity.
• Communicate service updates and respond to support requests.
• Research and development, including quality assurance and model improvement subject to your preferences.

4. Local‑First Processing and Data Residency

• On-device by default: We do not store personal user content off device. The only personal data we may transmit to third parties is the minimal data necessary for LLM processing to fulfill your explicit requests.
• Cloud components: We use Google Firebase Authentication for sign-in and minimal account metadata. We may use secure cloud infrastructure for account management and updates; this does not include your personal content from connected accounts.

5. Sharing and Disclosure

We do not sell your personal data. We share data only with service providers under contract (e.g., Firebase auth; LLM API providers strictly to fulfill your requests), with integrations you explicitly connect, for legal reasons, or in connection with corporate transactions subject to appropriate safeguards.

6. Sub‑Processors and LLM Providers

7. Data Retention

We retain data only as long as necessary for the purposes described or as required by law. Local caches and logs exist on your device; you can clear these using in-app controls or by uninstalling Spec. We do not keep copies of your personal content off device.

8. Your Choices and Rights

• Permissions: You control which accounts and data sources Spec can access. You can revoke access at any time.
• Access, correction, deletion, and export: Request a copy, correction, deletion, or portability at support@withspec.com.
• Telemetry: Non-essential telemetry is opt-in; you can opt out at any time.
• Regional rights: Additional rights may apply depending on your location (GDPR/UK GDPR, CCPA/CPRA).

9. Security

We use administrative, technical, and physical safeguards appropriate to the nature of the data, including encryption in transit and at rest for cloud components, strict access controls, secret management, and security reviews. No system is 100% secure; please notify us promptly of any suspected incident.

10. Children's Privacy

Spec is not directed to children under 13 (or older minimum age in your jurisdiction). We do not knowingly collect personal data from children.

11. International Data Transfers

Where personal data is transferred across borders, we rely on Standard Contractual Clauses or other approved safeguards.

12. Controller and Processor Roles

We act as an independent controller for account, billing, and telemetry data; and as your processor/service provider for personal content you direct Spec to process from your connected accounts.

13. Jurisdiction‑Specific Disclosures

EEA/UK: Legal bases include contract performance, legitimate interests, consent, and compliance with legal obligations. You have rights to access, rectify, erase, restrict, object, and data portability. California: We do not sell or share personal information as defined by CPRA and honor GPC signals where applicable.

14. Data Subject Requests

Submit requests to support@withspec.com. We will verify identity and respond within applicable timelines.

15. Incident Response

We maintain incident response procedures, including breach notification processes consistent with applicable laws.

16. On‑Device Permissions Summary

In-app we present macOS permissions (Accessibility, Automation, Full Disk Access, Contacts, Calendars, Reminders, Screen Recording, etc.) with explanations and how to revoke.

17. Contact

Talos Automata, Inc.
2261 Market Street, STE 22735
San Francisco, CA 94114, United States
support@withspec.com

18. Changes

We may update this Policy from time to time. Material changes will be communicated via the app or email. Continued use after changes means you accept the revised Policy.