Privacy Policy

Last updated September 2024

Thank you for choosing to be part of our community at AEC Systems Ltd, doing business as Speckle ("Speckle", "we", "us", "our"). We are committed to protecting your personal information and your right to privacy. We will process your data strictly in accordance with applicable data protection laws and we have not and will not sell your personal data. If you have any questions or concerns about this privacy notice, or our practices with regards to your personal information, please contact us at office[at]speckle.systems. You can also contact our data privacy officer at dpo[at]speckle.systems.
Furthermore, you can contact our representative in the European Union:

Moritz Henschel
Goethestr. 17 10625 Berlin
moritz[at]speckle.systems

When you visit our websites:

https://speckle.systems
https://speckle.community
https://speckle.guide
https://speckle.xyz
https://speckle.works
https://app.speckle.systems/

(the "Websites"), and more generally, use any of our services (the "Services", which include the Websites), we appreciate that you are trusting us with your personal information. We take your privacy very seriously. In this privacy notice, we seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it. We hope you take some time to read through it carefully, as it is important. If there are any terms in this privacy notice that you do not agree with, please discontinue the use of our Services immediately.

This privacy notice applies to all information collected through our Services (which, as described above, includes our Websites), as well as, any related services, sales, marketing or events.

Please read this privacy notice carefully as it will help you understand what we do with the information that we collect.

1. VISITING OUR WEBSITES

Short version: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Websites.

We automatically collect certain information when you visit, use or navigate the Websites.
The information we collect includes:

Log and Usage Data. Log and usage data is service-related, diagnostic, usage and performance information our servers automatically collect when you access or use our Websites and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type and settings and information about your activity on the Websites (such as the date/time stamps associated with your usage, pages and files viewed, searches and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called 'crash dumps') and hardware settings).

Device Data. We collect device data such as information about your computer, phone, tablet or other device you use to access the Websites. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system and system configuration information.

We process your data to enable your use and the failure-free operation of our Websites, to provide information on our company, products, and services, and to protect our IT-systems from attacks and misuse. The processing is based on our and our website visitors’ legitimate interest in the provision and safe use of our website and systems (Art. 6 para. 1 lit. f UK GDPR).

For the provision of our Websites, we use DigitalOcean, LLC (101 6th Ave New York, NY 10013) with the data being hosted in their UK datacenter if not agreed otherwise, as a hosting provider (“Hosting Provider”). To ensure the safety of your data, we have entered into a data processing agreement with this Hosting Provider which will only process your data in accordance with our instructions.

When you share personal information (for example, by posting comments, contributions or other content to the Websites) or otherwise interact with public areas of the Websites, such personal information may be viewed by all users and may be publicly made available outside the Websites in perpetuity. If you interact with other users of our Websites, these users will see your name, profile photo, and descriptions of your activity. Similarly, other users will be able to view descriptions of your activity, communicate with you within our Websites, and view your profile.

Your data will be deleted after 5 years, unless we are under a legal obligation to further store your data.

2. CONTACTING US

Short version: We process the data you provide when you contact us to answer your request

If you have any questions or requests, please do not hesitate to contact us. When you contact us, e.g. via the contact form on our Website, we will process the following personal data that you have provided when contacting us:
Your contact details (e.g., email address, name, telephone number) and
Other data, depending on the type of information provided by you in your request.
We process your data to answer your questions, to respond to your request and to process your matter. While you are under no statutory or contractual obligation to provide us with your data, we will not be able to respond to your request or to process your matter without it.

We process your data to pursue our legitimate interests in handling your request and to provide you with the best possible service (Art. 6 (1) lit. f UK GDPR).

We will delete your personal data two years following the completion of your enquiry, unless we are legally obliged to store it for a longer period.

3. REGISTERING ON OUR WEBSITE; USER ACCOUNTS

Short version: We process your data to enable you to open a user account with us. You can also use a social media account to log in.

When you register on our Websites and create a user account, we will process the following data:

  • Name
  • email address
  • password

Alternatively, we may provide you with the option to register with us using your existing social media account details, like your Google, Github or other social media account. If you choose to register in this way, we will collect the information described in the section called "HOW DO WE HANDLE YOUR SOCIAL LOGINS" below.

To verify your user account, we use a double opt-in procedure. You will receive an email requesting confirmation of your request to create a user account. As soon as we receive your confirmation, we will verify your account.

We process your data to enable you to facilitate account creation and logon process (Art. 6 (1) lit. b UK GDPR).

While you are under no statutory or contractual obligation to provide us with your data, we will not be able to offer you a registration without it.

We will keep your data for as long as you have an active user account with us. If you decide to delete your account, we will delete your personal data, including login and project data unless we are legally obliged to further store it.  

4. PROVISION OF OUR PRODUCT

If you are working on a project using one of our products, certain personal data of you can be linked to this project. This might include:

  • Name
  • Username
  • Email address
  • Company
  • Job title
  • Log and Usage Data (as described above)
  • Device Data (as described above)
  • IP-Address

We process your data to be able to provide you with our product if you enter into a contract with us as an individual (Art. 6 (1) lit. b UK GDPR). In all other cases, e.g., if you enter into a contract with us on behalf of a company, like your employer, we process your data based on our legitimate interest to provide our products and the interest of third parties to purchase and use our products (Art. 6 (1) lit. f UK GDPR).

While you are under no statutory or contractual obligation to provide us with your data, we will not be able to offer you a registration without it.

Please note that we provide some components of our product as the controller under data protection law (e.g. when we process your data for licence management) and others as the data processor (e.g. if we store or create project data on your behalf). Details can be found in our data processing agreement.

For the provision of our product, we use DigitalOcean, LLC (101 6th Ave New York, NY 10013) with the data being hosted in their UK datacenter if not agreed otherwise as a hosting provider. Furthermore, we use Mailjet (by Mailgun Technologies, Inc., 112 E Pecan St #1135, San Antonio, TX 78205) as a service provider for sending transactional email (i.e. emails regarding your user account, for example for a password reset).

We will keep your data for as long as you have an active user account with us. If you decide to delete your account, we will delete your personal data, including project data unless we are legally obliged to further store it. If multiple users are assigned to a project, we will only delete project data if all relevant users delete their accounts. Apart from that, we delete database backups after 7 days, log messages after 10 days and critical log messages after 30 days.

5. TRACKING THE USE OF OUR PRODUCT

If you use our products, we use Mixpanel by Mixpanel, Inc (Ferry Plaza, San Francisco, CA 94105, USA) to track the usage of our products and the user itself. In such case, we will process the following data:

  • Name of user
  • E-mail
  • Use of product and product settings
  • Manager installed
  • Connectors used
  • User interface settings
  • Actions taken incl. timestamps
  • Operating systems
  • Browser and browser version
  • User role
  • Country
  • Region
  • City
  • Company
  • Time zone
  • Server used

We process your data to identify defects, and to constantly improve and enhance our product offering. We process your data to pursue our legitimate interests in handling your request and to provide you with the best possible service (Art. 6 (1) lit. f UK GDPR).

Your data will be deleted after 5 years, unless we are under a legal obligation to further store your data.

6. NEWSLETTER

Short version: We process your personal data only with your consent to provide you with information on our company and our products and Services

If you express an interest in obtaining information about us or our products and Services, you can subscribe to our newsletter on our Websites. In such case, we will process the following data about you to provide you with information about us or our products and Services:

  • Email address

We will only process your data if you have given us your consent (Art. 6 (1) lit. a UK GDPR). You can withdraw your consent at any time by sending us an email to office@speckle.systems or clicking the unsubscribe link included in every newsletter. Please note that the withdrawal shall only be effective for the future. Processing that occurred before the withdrawal shall not be affected.

To confirm your subscription of our newsletter, we use a double opt-in procedure. You will receive an email requesting confirmation of your request to receive our newsletter. As soon as we receive your confirmation, we will start providing you with our newsletter.

While you are under no statutory or contractual obligation to provide us with your data and your consent, we will not be able to provide our newsletter without it.

We delete your data if you withdraw your consent, unless we are legally obliged to further store it.

For sending our newsletters, we use Mailchimp (by Intuit Inc. 7 rue de la Paix 75002 Paris, France) as a service provider. To ensure the safety of your data, we have concluded a data processing agreement with this provider which will only process your data in accordance with our instructions.

7. CUSTOMER AND BUSINESS PARTNER RELATIONSHIPS

Short version: We process your personal data to establish and maintain a business relationship with you or the company you work for.

To establish and maintain our business relationships with our business partners (e.g., suppliers and other service providers) and to establish and fulfil contracts we process personal data of our business partners and their employees and representatives.

The personal data our business partners provide to us can include, e.g.,

  • Title;
  • Name;
  • Email address;
  • (Business) Address;
  • Phone number;
  • Information on professional tasks, company affiliation and position
  • Bank details

We process such personal data to establish and maintain a relationship with our business partner. We base the processing on our and our business partners’ legitimate interest in establishing and maintaining business relationships (Art. 6 (1) lit. f UK GDPR).

Furthermore, we might process your data to conclude and enforce contracts with you or the company you work for. If you enter into a contract with us as an individual, or we take steps at your request prior to entering into a contract, the legal basis for the data processing is Art. 6 (1) lit. b UK GDPR.
In all other cases, e.g. if we enter into a contract with the company you are working for, we process your data pursuing our legitimate interests and those of our business partners in concluding and fulfilling contracts (Art. 6 (1) lit. f UK GDPR).

While you are under no statutory or contractual obligation to provide us with your data, we will not be able to establish or maintain a business relationship or enter and perform contracts with you or your company without it.

We will store your data for the duration of our business relationship / the contractual term and for additional four years, unless we are legally obliged to store it for a longer period.

8. COMMUNITY FORUMS

Short version: We process your personal data to provide you with a platform for discussions and ensure the safety of our forums

We are happy when our customers, future customers, and all other interested visitors use the forums on our Websites to discuss our products, Services and other topics. When using our forums, we will process the following data about you:

  • Username
  • Job title
  • IP-Address
  • Email Address
  • Communication content
  • Profile picture

We process your data to pursue our and our customers’ and other parties’ legitimate interest in providing a platform for the exchange of expertise and discussions (Art. 6 (1) lit. f UK GDPR).
Furthermore, we process your data in our and our customers' and other interested parties' legitimate interest in ensuring the security of our forums and compliance with the forum rules (Art. 6 (1) lit. f UK GDPR).

While you are under no statutory or contractual obligation to provide us with your data, your will not be able to engage in our forums without it.

For providing our forums, we use Discourse by (Civilized Discourse Construction Kit, Inc., 8 The Green, Suite #8383 Dover, Delaware 19901 United States) as a service provider. To ensure the safety of your data, we have concluded a data processing agreement with this provider which will only process your data in accordance with our instructions.

We will store your data for as long as you have an active user account with us and delete or anonymise them afterwards unless we are legally obliged to store it for a longer period.

9. SURVEYS AND FEEDBACK

We may use the following information to request feedback and to contact you about your use of our Websites:

  • Date
  • URL
  • Device
  • Operating system
  • Contact details

We use your feedback to improve our products and Services. We will only reach out to you to collect your feedback if you have given us your consent (Art. 6 (1) lit. a UK GDPR). You are free to withdraw your consent at any time by sending an email to office@speckle.systems. Please note that the withdrawal shall only be effective for the future. Processing that occurred before the withdrawal shall not be affected.

If you don’t provide us with your consent, this will not have any negative consequences for you.

For sending and analysing surveys and feedback, we use Survicate S.A. (Warsaw 02 – 786, Zamiany 8 LU2 Street) as a service provider. To ensure the safety of your data, we have concluded a data processing agreement with this provider which will only process your data in accordance with our instructions.

We store your data for 12 months unless we are legally obliged to store it for a longer period.

10. COOKIE, PIXELS OR BEACON INFORMATION.

On our Websites, we might use Cookies, Pixels, or comparable technology to provide our Websites and analyse your use of our websites. For more information please see our Cookie Policy.

11. LEGAL REQUESTS AND COOPERATION WITH AUTHORITIES

We might process your data if this is necessary to comply with legal requests, e.g. by courts or authorities (for example if we receive a subpoena or other legal request). In such a case, we may need to inspect the data we hold to determine how to respond to such a request.

Which data we process depends on the specific request, it could potentially be all data we hold about you as set out in this privacy notice. We will, however, of course only process your data to the extent necessary to respond to the respective requests.

Legal basis for such processing is compliance with legal obligations (Art. 6 (1) lit. c UK GDPR). Furthermore, we process your data to pursue our legitimate interests to comply with legal requests and cooperate with authorities and for the establishment, exercise or defence of legal claims (Art. 6 (1) lit. f UK GDPR).

Depending on the relevant request, we might share your data with courts, authorities, parties to lawsuits and/or legal advisors.

We will store your data for the duration of the respective proceeding unless we are legally obliged to store it for a longer period.

12. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

Short version: If you choose to register or log in to our services using a social media account, we may have access to certain information about you.

Our Websites offers you the ability to register and login using your third-party social media account details (like your Google or Github logins). Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, profile picture as well as other information you choose to make public on such social media platforms.

We will use the information we receive only for the purposes that are described in this privacy notice or that are otherwise made clear to you on the relevant Websites. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review their privacy notice to understand how they collect, use and share your personal information, and how you can set your privacy preferences on their sites and apps.

13. HOW DO WE KEEP YOUR INFORMATION SAFE?

Short version: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Websites is at your own risk. You should only access the Websites within a secure environment.

14. DO WE COLLECT INFORMATION FROM MINORS?

Short version: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly solicit data from or market to children under 18 years of age. By using the Websites, you represent that you are at least 18. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at office@speckle.systems.

15. WHAT ARE YOUR PRIVACY RIGHTS?

Short version: In some regions, such as the United Kingdom and the European Economic Area, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time.

You have the right as an individual to access your personal data we hold about you and make corrections if necessary. You also have the right to withdraw any consent you have previously given to us and ask us to erase information we hold about you. You can also object to us using your personal information (where we rely on our business interests to process and use your personal information). Please note, however, that this will not affect the lawfulness of the processing before its withdrawal or objection, nor will it affect the processing of your personal information conducted in reliance on other lawful processing grounds.

You have a number of rights in relation to your personal information under data protection law. In relation to most rights, we will ask you for information to confirm your identity and, where applicable, to help us search for your personal information. Except in rare cases, we will respond to you within 1 month after we have received any request (including any identification documents requested).

In the UK and the European Economic Area these rights include:

You have the right to:

  • Ask for a copy of the information that we hold about you;
  • Correct and update your information;
  • Withdraw your consent (where we rely on it);
  • Object to our use of your information (for direct marketing, or where we rely on our legitimate interests to use your personal information) provided we do not have any continuing lawful reason to continue to use and process the information. When we do rely on our legitimate interests to use your personal information for direct marketing, we will always comply with your right to object;
  • Erase your information (or restrict the use of it), provided we do not have any continuing lawful reason to continue to use and process that information;
  • Transfer your information in a structured data file (in a commonly used and machine readable format), where we rely on your consent to use and process your personal information or need to process it in connection with your contract.
  • You also have the right not to be subject to purely automated decisions (including profiling) where this has a significant effect on you. We do not envisage that any decisions will be taken about you in this way, however we will update this statement if this changes.

If you are a resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

If you are a resident in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html.

If you are a resident in the UK, the contact details for the data protection authorities are available here: https://ico.org.uk/global/contact-us/.

If you have questions or comments about your privacy rights, you may email us at office@speckle.systems.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can:

Contact us using the contact information provided.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, there may be exceptions in which we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or comply with applicable legal requirements.

Opting out of email marketing: You can unsubscribe from our marketing email list at any time by clicking on the unsubscribe link in the emails that we send or by contacting us using the details provided below. You will then be removed from the marketing email list — however, we may still communicate with you, for example to send you service-related emails that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes. To otherwise opt-out, you may:

  • Contact us using the contact information provided.

Exercise of rights: You can exercise the above rights and/or manage your information by contacting us using the details below:

AEC Systems Ltd
20-22 Wenlock Road, London, England, N1 7GU, United Kingdom

Email: office@speckle.systems

16. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. We currently respond to DNT browser signals that automatically communicate your choice not to be tracked online.

If you do not have a DNT feature enabled on your browser or mobile device you can opt out from tracking at the bottom of this page.

17. DO WE MAKE UPDATES TO THIS NOTICE?

Short version: Yes, we will update this notice as necessary to stay compliant with relevant laws and to reflect amendments to our business model and Services.

We may update this privacy notice from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

18. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at office@speckle.systems or by post to:

AEC Systems Ltd
20-22 Wenlock Road, London, England, N1 7GU, United Kingdom

19. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it in some circumstances. To request to review, update, or delete your personal information, please submit a request form by contacting us. We will respond to your request within 30 days.