Last updated: 2026-05-07. Version 1.1.
1. Controller
NETSPECTRA LTD (Company No. 17186417), a private limited company registered in England and Wales, with registered office at 49 St. Pauls Avenue, London, NW2 5SY, United Kingdom ("we", "us"), is the data controller for this website and the NetSpectra service.
2. Data we collect
NetSpectra processes traffic metadata at the edge: IP address, TLS fingerprint (JA3/JA4), HTTP headers, geo/ASN derived from IP. We do not log request bodies or response payloads.
For dashboard access: cert serial, session metadata, audit log of admin actions. For paid plans: billing identifiers from our payment processor (we do not store full card numbers).
3. Why we process it (lawful basis)
To detect and block automated traffic on protected sites. Lawful basis under UK GDPR / EU GDPR Art. 6(1)(f) — legitimate interest of site operators in preventing fraud, scraping, and credential stuffing. For account registration and billing: Art. 6(1)(b) — performance of contract.
4. Retention
Connection logs: 90 days hot, 365 days archive. Audit logs: 365 days. Billing records: 7 years (statutory requirement under UK accounting law). After retention period, records are permanently dropped via partition rotation.
5. Sharing & subprocessors
We do not sell or rent personal data. Subprocessors are limited to infrastructure and payment providers (datacenter, DNS, Stripe for card processing) and operate under written DPA. Current list available at /dpa or on request to privacy@netspectra.org.
6. Your rights (UK / EU GDPR)
You have the right to access, rectification, erasure, portability, restriction, objection, and to lodge a complaint with a supervisory authority (in the UK — Information Commissioner's Office, ico.org.uk). Contact us at privacy@netspectra.org.
7. International transfers
Edge nodes operate in EU and UK regions. EU/UK client data is routed exclusively through EU/UK edge unless explicitly opted into multi-region routing. Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum apply for any cross-border transfer.
8. Security
mTLS for admin/operator access, TLS 1.3 for traffic, formally verified (Ada/SPARK) crypto core, audit logs of every mutating operation. Detailed security overview at /trust.
9. Cookies
We use only strictly-necessary cookies: a session cookie for the dashboard (after authentication) and a CSRF token cookie. No analytics cookies, no advertising cookies, no third-party tracking. Marketing pages set no cookies until you sign up.
10. Contact
Privacy / data requests: privacy@netspectra.org Postal: NETSPECTRA LTD, 49 St. Pauls Avenue, London, NW2 5SY, United Kingdom