Privacy Policy

Last Updated: December 26, 2024

Effective Date: December 26, 2024

1. Introduction

Welcome to Spencer, the project management system by Housty Designs ("we," "us," or "our"). We are committed to protecting your privacy and being transparent about how we collect, use, and share your information.

This Privacy Policy explains our practices regarding the collection, use, and disclosure of information that we receive through our project management platform, including our use of artificial intelligence (AI) features powered by third-party services.

Important: AI Features and Third-Party Data Processing

Spencer includes AI-powered features that use Anthropic's Claude AI service. When you use AI features, your data (including project information, tasks, and messages) is sent to Anthropic for processing. Please review the AI Data Processing section below carefully before using AI features.

2. Information We Collect

2.1 Information You Provide

Account Information: Full name, email address, password (hashed), and role
Project Data: Project names, descriptions, notes, goals, due dates, and priorities
Task Data: Task names, descriptions, checklists, assignments, and due dates
Client Data: Client names, contact information, and email addresses
Communications: Project updates, messages, and activity logs

2.2 Automatically Collected Information

Usage Data: Pages visited, features used, and interaction timestamps
Security Logs: Login attempts, IP addresses, CSRF validation events, and authorization failures
Session Data: Authentication tokens and session duration
AI Audit Logs: When AI features are used, what actions were performed, and user confirmations

3. AI Features and Third-Party Data Processing

3.1 AI Service Provider

Spencer uses Anthropic's Claude AI to provide intelligent project management assistance. Anthropic is a third-party AI company located in the United States.

3.2 Data Sent to Anthropic

When you use AI features (such as the AI project assistant), the following data is sent to Anthropic:

Your name and role
Project information (names, descriptions, notes, goals, due dates)
Task information (names, descriptions, assignments, due dates)
Client information (names and contact details)
Your messages and queries to the AI assistant
Context about your current work and project status

3.3 How Anthropic Uses Your Data

According to Anthropic's policies, your data is:

Processed: To generate AI responses and perform requested tasks
Not Used for Training: Anthropic does not use your data to train their AI models (as of December 2024)
Retained Temporarily: Data may be retained for up to 30 days for trust and safety purposes

For complete details, please review Anthropic's Privacy Policy.

3.4 Your Control Over AI Features

AI features are opt-in - you must provide consent to use them
You can withdraw consent at any time in your account settings
When AI consent is withdrawn, no data will be sent to Anthropic
You can use all non-AI features without providing AI consent

4. How We Use Your Information

4.1 Core Platform Features

Provide project management functionality (tasks, projects, clients)
Enable collaboration between team members
Send notifications about project updates and deadlines
Display activity timelines and project history

4.2 Security and Compliance

Authenticate users and maintain secure sessions
Protect against unauthorized access and security threats
Audit and log security events (login attempts, authorization failures)
Detect and prevent fraud or abuse

4.3 Service Improvement

Analyze usage patterns to improve features
Debug errors and fix technical issues
Develop new features and functionality

5. Data Security

We implement industry-standard security measures to protect your data:

Encryption: HTTPS/TLS encryption for data in transit
Password Security: Bcrypt hashing with automatic salting
Session Security: Secure, httponly, and samesite cookie flags
CSRF Protection: Token validation on all state-changing operations
Rate Limiting: Protection against brute-force attacks
Input Validation: Sanitization and validation of all user inputs
Security Headers: CSP, X-Frame-Options, HSTS, and other protective headers
Access Control: Role-based authorization for all resources

6. Data Retention

Account Data: Retained while your account is active
Project Data: Retained until you delete projects or close your account
Security Logs: Retained for 90 days for security and compliance purposes
AI Audit Logs: Retained for 1 year for transparency and accountability
Deleted Account Data: Permanently deleted within 30 days of account closure

7. Your Rights (GDPR/CCPA)

You have the following rights regarding your personal data:

7.1 Access and Portability

Right to Access: Request a copy of all data we hold about you
Right to Data Portability: Receive your data in a machine-readable format

7.2 Correction and Deletion

Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your personal data

7.3 Consent and Objection

Right to Withdraw Consent: Revoke consent for AI features at any time
Right to Object: Object to processing of your data for specific purposes
Right to Restrict Processing: Request limitation on how we process your data

7.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at: privacy@houstydesigns.com

We will respond to your request within 30 days.

8. Data Sharing and Disclosure

8.1 Third-Party Services

We share data with the following third parties:

Anthropic (Claude AI): Only when you use AI features and have provided consent

8.2 Legal Requirements

We may disclose your information if required by law, court order, or government request.

8.3 Business Transfers

If Housty Designs is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

8.4 We Do NOT

Sell your personal data to third parties
Share your data with advertisers
Use your data for marketing purposes without consent

9. Cookies and Tracking

We use cookies for:

Authentication: Maintaining your logged-in session
Security: CSRF token validation
Functionality: Remembering your preferences

We do not use third-party tracking cookies or analytics services that track you across websites.

10. Children's Privacy

Spencer is not intended for use by children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. International Data Transfers

Your data may be transferred to and processed in the United States or other countries where our service providers (such as Anthropic) operate. These countries may have different data protection laws than your country of residence.

By using Spencer and providing consent for AI features, you acknowledge and consent to such transfers.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

Posting a notice in the application
Sending an email to your registered email address
Requiring re-acceptance of the updated policy upon login

The "Last Updated" date at the top of this policy indicates when it was last revised.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@houstydesigns.com
Company: Housty Designs
Product: Spencer Project Management System

14. Compliance

This Privacy Policy is designed to comply with:

GDPR: General Data Protection Regulation (EU)
CCPA: California Consumer Privacy Act (USA)
COPPA: Children's Online Privacy Protection Act (USA)

← Back to Spencer