Privacy Policy

1. Introduction

Spectify ("we", "us", "our") is committed to protecting your privacy and complying with the Protection of Personal Information Act (POPIA) of South Africa. This policy explains how we collect, use, store, and protect your personal information.

2. Information We Collect

Practice Account Information:

• Business name, contact person, email address, phone number
• Physical address, city, province, postal code
• VAT registration number
• Payment and subscription details (processed securely via PayFast)

Customer Analysis Data:

• Customer name (optional, entered by practice staff)
• Demographic information: age range, gender
• Style preferences: personality traits, frame goals, profession
• Lens type requirements
• AI analysis results: face shape, skin tone, frame rankings

Photos:

• Customer photos of eyewear frames are captured during analysis
• Photos are processed in real-time by our AI service and are not stored on our servers or in our database
• Photos are transmitted securely to our AI providers for analysis only

3. How We Use Your Information

• To provide AI-powered eyewear frame comparison and recommendations
• To maintain your practice account and subscription
• To generate and send invoices
• To improve our AI analysis quality
• To communicate important service updates

4. Third-Party AI Processing

Customer photos are sent to third-party AI services (Google Gemini and/or OpenAI) for frame analysis. These services are based in the United States. By using Spectify, the practice acknowledges and consents to this international data transfer for the purpose of AI-powered styling analysis.

Photos are processed in real-time and are not retained by these AI services beyond the immediate analysis request, in accordance with their respective data processing agreements.

5. Data Retention

• Photos: Not stored. Processed in real-time and immediately discarded.
• Analysis sessions: Retained for the duration of the practice's active subscription to provide session history. Deleted upon account closure.
• Account data: Retained for the duration of the subscription and for a reasonable period thereafter for invoicing and legal compliance.

6. Your Rights Under POPIA

As a data subject under POPIA, you have the right to:

• Access your personal information held by us
• Request correction of inaccurate personal information
• Request deletion of your personal information
• Object to the processing of your personal information
• Lodge a complaint with the Information Regulator

To exercise any of these rights, contact us at [email protected].

7. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

• Encrypted data transmission (TLS/SSL)
• Row-level security on database records
• Authenticated API access with JWT tokens
• Secure payment processing via PayFast (PCI DSS compliant)
• No storage of customer photos

8. Cookies and Local Storage

We use browser local storage to maintain your login session and store non-sensitive preferences. We do not use third-party tracking cookies.

9. Customer Consent

It is the responsibility of the subscribing practice to obtain appropriate consent from their customers before capturing photos and demographic information for frame analysis. Spectify provides the technology platform; the practice is the responsible party for customer data under POPIA.

10. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated to subscribers via email. Continued use of Spectify after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related enquiries or to exercise your POPIA rights:

Email: [email protected]