Privacy Policy
Effective Date: May 26th, 2026
Last Updated: May 26th, 2026
Spektt ("we", "our", or "us") is operated by Axlume Tech Limited, a company registered in the Federal Republic of Nigeria. We are committed to protecting your privacy. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and your rights regarding your data when you use the Spektt mobile application ("App") and related services at spektt.com. By creating an account or using the App, you agree to the collection and use of your information as described here.
Table of Contents
- 1. Who We Are
- 2. Information We Collect
- 3. How We Use Your Information
- 4. Sharing Your Information
- 5. Direct Messaging
- 6. Clusters (Community Groups)
- 7. Showdowns and Prize Payments
- 8. Children's Privacy
- 9. Your Rights
- 10. Data Retention
- 11. Data Security
- 12. International Data Transfers
- 13. Legal Basis for Processing
- 14. Third-Party Links
- 15. Changes to This Privacy Policy
- 16. Contact Us
1. WHO WE ARE
Spektt is a creative community platform built for photographers, videographers, 3D animators, sound engineers, digital artists, and other creatives.
- Legal Entity: Axlume Tech Limited
- Registration: Corporate Affairs Commission (CAC), Federal Republic of Nigeria
Contact:
- General: hello@spektt.com
- Support: support@spektt.com
- Privacy requests: legal@spektt.com (subject line: "Privacy Request")
- Website: spektt.com
2. INFORMATION WE COLLECT
2.1 Information You Provide Directly
Account & Identity
- Full name and username (unique handle)
- Email address and password (password is hashed by Firebase Authentication — we never store it in plain text)
- Profile photo (avatar)
- Date of birth (required for age verification, Showdown eligibility, and legal compliance)
- Creative category / role (e.g., photographer, videographer, 3D animator)
- Location display text (the city or region you choose to show on your profile)
- Country and region (ISO codes — derived from your GPS location during onboarding)
Creative Content
- Photos and videos you upload, including captions, descriptions, and tags
- Comments and replies you post on other users' uploads
- Collections and Spotlight selections
Contest & Showdown Participation
- Contest entries submitted to Showdowns
- Votes you cast on contest entries
- Judge scores (if you are assigned as a judge in a Premium Showdown)
- Prize payment details: If you win a cash-prize Premium Showdown, we collect your bank name, account number, account name, and optional Tax ID solely to pay your prize. This data is stored only as long as necessary to complete payment and comply with Nigerian financial and tax regulations.
Clusters
- Clusters you create or join, your role, and join date
- Posts you make within a Cluster
- Moderation actions you take as an admin or moderator (bans, suspensions, content removals)
Direct Messages
- The content of messages you send and receive
- The message request text (first message when initiating a conversation)
- Conversation metadata: participant identities, timestamps, read status, unread counts, and conversation status
Subscriptions
- Spektt Pro subscription status, start and expiry dates
- Payment processing is handled entirely by Apple (App Store) or Google (Google Play) and RevenueCat. We never receive or store your card number or billing address.
2.2 Information We Collect Automatically
Location Data
- Precise GPS coordinates collected during onboarding (with your permission), reverse-geocoded into a city/region/country. Raw coordinates are not stored.
- Public IP address — stored only as a SHA-256 hash for fraud detection and vote manipulation prevention. The raw IP is never stored.
Device & Technical Data
- Device type, operating system, OS version, app version, language preference
Gamification & Engagement Data
- XP earned, current level, tier, earned badges
- Weekly and monthly XP totals, total views, votes received and cast
Push Notification Tokens
- OneSignal Player IDs (per device, for delivering push notifications). Removed immediately upon logout or account deletion.
Error & Crash Data
- Crash reports sent to Sentry include error type, stack trace, app version, and device OS. They do not include your name, email, or message content.
3. HOW WE USE YOUR INFORMATION
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Creating and managing your account | Account data, profile info | Contract performance |
| Verifying your age for Showdown eligibility | Date of birth | Contract performance + Legal obligation |
| Delivering the feed and content discovery | Content, profile data, location/country | Contract performance |
| Delivering direct messages | Message content, metadata | Contract performance |
| Running Showdowns and paying cash prizes | Contest data, prize payment details | Contract performance |
| Fraud and vote manipulation prevention | Hashed IP, voting history, account activity | Legitimate interests |
| Safety moderation and Guidelines enforcement | Reports, content, message content (reported only) | Legal obligation + Legitimate interests |
| Sending push notifications | Player IDs, notification preferences | Consent (withdrawable in Settings) |
| Sending transactional emails (OTP, alerts) | Email address | Contract performance |
| Generating leaderboards and ranking data | XP, gamification data | Legitimate interests |
| Improving the App and fixing bugs | Crash data (Sentry), usage data | Legitimate interests |
| Complying with Nigerian financial and tax law | Bank details, Tax ID | Legal obligation |
What we do NOT do:
- We do not sell your personal data to any third party
- We do not read, scan, or analyse private message content for advertising or machine learning
- We do not use your private messages to train algorithms or personalise your feed
- We do not share your prize payment details beyond what is required by Nigerian law
- We do not retain raw GPS coordinates — location is captured once during onboarding, geocoded, and the raw coordinates discarded
4. SHARING YOUR INFORMATION
We do not sell your personal data. We share your information only in the following circumstances:
With other users (by design)
- Your profile (username, avatar, creative category, follower/following counts, XP tier) is visible to all signed-in users
- Your uploads, comments, and Cluster activity are visible according to each feature's scope
- Your Leaderboard rank, XP tier, and badge count are publicly visible on your profile
- Your username appears alongside contest entries during Showdowns
With our service providers
| Provider | Purpose | Data Processed |
|---|---|---|
| Google Firebase / Firestore | Primary database, authentication, real-time data | All user account and content data |
| Cloudflare Stream | Video hosting and HLS streaming | Videos you upload |
| Cloudflare Images | Image CDN and delivery | Photos you upload |
| RevenueCat | Subscription management and purchase validation | Subscription status, expiry date, purchase date |
| OneSignal | Push notification delivery | Player IDs; notification content |
| Resend | Transactional email delivery | Email address, OTP codes, alert content |
| Sentry | Error and crash monitoring | Crash reports, stack traces (no PII) |
| ipify.org | Public IP lookup (fraud detection) | Your device's public IP at time of request |
| Apple / Google | Payment processing for Spektt Pro | Subscription purchase data (Spektt never receives card data) |
With law enforcement or regulators
We may disclose your information if required by law, court order, or governmental authority, or to prevent fraud or protect the safety of our users.
In connection with a business transfer
If Axlume Tech Limited is acquired or transfers its assets, your data may be transferred to the acquiring entity. We will notify you before your data becomes subject to a different privacy policy.
5. DIRECT MESSAGING
5.1 How Messaging Works
To start a conversation, you must send a message request that the recipient must accept before a full conversation can begin. This protects all users from unsolicited contact.
5.2 What We Store
- The full content of messages you send and receive
- The request message text (the first message used to initiate a conversation)
- Conversation metadata: participant identities, timestamps, read status, unread counts, and conversation status
- Block and report actions taken within conversations
5.3 Who Can Read Your Messages
Your messages are accessible only to you and the other participant, and to authorised Spektt safety moderators only when a message has been reported. We do not proactively read or scan private conversations.
5.4 Push Notification Previews
If enabled, a short preview of new messages is included in the notification payload via OneSignal. You can disable this in your device Settings or in-app Notification Settings.
5.5 Anti-Spam Protection
A user whose message request you decline cannot contact you again for 30 days. This record is automatically purged after the 30-day cooldown. Blocked users cannot message you at all.
5.6 Message Deletion
Deleted messages are replaced with "This message was deleted" for both participants and permanently purged from our servers within 30 days. Deleted conversations are removed from your view immediately and purged within 30 days.
5.7 Minor Users
Users identified as minors have restricted access to direct messaging. Age determination is based on the date of birth entered during account setup.
6. CLUSTERS (COMMUNITY GROUPS)
When you join or create a Cluster, we collect and store your membership record, role, and join date. Posts you make within a Cluster are visible to all Cluster members. If you are banned from a Cluster, your membership record and ban reason are retained for moderation purposes.
If you are a Cluster admin, your username appears publicly as the administrator. Moderation actions (bans, suspensions, content removals) are logged in an immutable audit trail including the moderator's username, reason, and timestamp.
Admin inactivity is monitored — after 30 days of inactivity you receive a warning; after 45 days, ownership is automatically transferred to protect the community.
7. SHOWDOWNS AND PRIZE PAYMENTS
- Entry data: Your Showdown entry and username are visible to all participants during the Showdown. Vote counts are hidden until the Showdown ends.
- Judging: If you are assigned as a judge, your individual scores are private until results are announced.
- Results: Winner usernames and placements are publicly announced. Your bank details and Tax ID are never publicly disclosed.
- Prize claims: You have 14 days to submit your claim. A 10% withholding tax is deducted in line with Nigerian tax regulations. Cash prize payments are currently available to Nigerian bank account holders only.
- Retention: Prize payment details (bank info) are retained for the period required by Nigerian financial regulations after payment, regardless of account deletion.
8. CHILDREN'S PRIVACY
Spektt is intended for users aged 13 and above. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has created an account, we will delete that account and its associated data promptly.
For users aged 13–17 (minors), additional restrictions apply:
- Minors cannot enter any Showdown (Pulse or Premium)
- Direct messaging is restricted for minor users
- Cash prize participation requires the user to not be flagged as a minor
If you believe a child under 13 has created an account, contact us at legal@spektt.com.
9. YOUR RIGHTS
To exercise any of the rights below, contact us at legal@spektt.com with the subject line "Privacy Request."
9.1 Right to Access
You can request a copy of the personal data we hold about you.
9.2 Right to Correction
You can update most profile information directly in the App (Profile → Edit Profile or Settings). For data you cannot edit in-app, contact us.
9.3 Right to Deletion (Account Deletion)
Delete your account at any time from Settings → Delete Account.
- Grace period: Your account is immediately locked and scheduled for permanent deletion in 30 days
- Cancellation window: Log back in within 30 days to cancel the deletion and restore your account
- After 30 days: Profile info, uploads, DMs, and Cluster memberships are permanently deleted. Comments are anonymised. A minimal ghost record (user ID only, no PII) is retained solely to preserve audit log integrity.
9.4 Right to Opt Out
- Push notifications: Disable in device settings or in-app Notification Settings
- Leaderboard participation: Contact us to exclude your profile from public leaderboards
9.5 Nigerian Users (NDPA 2023 / NDPR)
Under the Nigeria Data Protection Act 2023 and the NDPR, you have the right to know what data we hold, correct inaccurate data, request deletion, withdraw consent, and lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.
9.6 Other International Users (GDPR and equivalents)
If you are located in the European Economic Area or a jurisdiction with equivalent data protection law, you additionally have the right to data portability and to lodge a complaint with your local supervisory authority.
10. DATA RETENTION
| Data Type | Retention Period |
|---|---|
| Account profile data | Until account deletion (permanently erased after 30-day grace period) |
| Uploads (photos / videos) | Until deleted by you, or on account deletion |
| Comments | Anonymised ("[deleted]") on account deletion — thread structure preserved |
| Direct messages | Until you delete them or your account is deleted |
| Deleted message content | Permanently purged within 30 days of deletion |
| Prize payment details (bank info) | Retained as required by Nigerian financial regulations (minimum 7 years) after payment |
| Contest entries (ended Showdowns) | Retained indefinitely as competition history |
| Gamification data (XP, badges, level) | Retained until account deletion |
| Moderation logs and reports | Retained indefinitely (audit trail integrity) |
| Push notification tokens (OneSignal Player IDs) | Cleared immediately on logout or account deletion |
| Declined message request data | Purged 30 days after the request was declined |
| Hashed IP address | Retained for the duration of the account |
| Crash data (Sentry) | Retained per Sentry's data retention policy (90 days by default) |
11. DATA SECURITY
We implement industry-standard security measures to protect your personal data:
- All data is stored in Google Firestore with strict security rules — clients can only read and write data they are explicitly authorised to access
- Passwords are handled entirely by Firebase Authentication and are never stored in plain text by Spektt
- API keys and credentials are stored as server-side environment variables and never exposed in the compiled App
- Media files are served through Cloudflare's CDN with DDoS protection and encrypted delivery (HTTPS/TLS)
- Admin and moderator actions are logged in an immutable audit trail in Firestore
- IP addresses used for fraud detection are stored only as SHA-256 hashes — the raw IP is never persisted
No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
12. INTERNATIONAL DATA TRANSFERS
Spektt is operated by Axlume Tech Limited in Nigeria. Your data is primarily stored on Google Firebase / Firestore servers, which may be located in the United States or European Union. Cloudflare's CDN distributes media globally. OneSignal, Resend, RevenueCat, and Sentry also process data on servers outside Nigeria.
By using the App, you consent to the transfer of your information to these servers. Where required by law, we implement appropriate safeguards for such transfers.
13. LEGAL BASIS FOR PROCESSING (NDPA 2023 / GDPR)
| Processing Activity | Legal Basis |
|---|---|
| Creating and maintaining your account | Contract performance |
| Delivering messages between users | Contract performance |
| Publishing uploads and content | Contract performance |
| Processing Showdown entries and paying prizes | Contract performance |
| Determining eligibility by country/age | Contract performance + Legal obligation |
| Safety moderation (reports, bans, suspensions) | Legal obligation + Legitimate interests |
| Preventing fraud and vote manipulation | Legitimate interests |
| Sending push notifications | Consent (withdrawable at any time in Settings) |
| Sending transactional emails (OTP, alerts) | Contract performance |
| Generating leaderboards and gamification rankings | Legitimate interests |
| Retaining prize payment details for tax compliance | Legal obligation (Nigerian financial regulations) |
| Retaining audit logs and moderation records | Legal obligation |
| Crash and error monitoring (Sentry) | Legitimate interests |
14. THIRD-PARTY LINKS
The App may contain links to external websites. This Privacy Policy applies only to the Spektt App and the spektt.com website. We are not responsible for the privacy practices of third-party websites.
15. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last Updated" date at the top of this document
- Post the updated policy at spektt.com/privacy
- Where required by law, notify you via in-app notification or email
Your continued use of the App after the updated policy is posted constitutes your acceptance of the changes.
16. CONTACT US
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
- Email: legal@spektt.com (subject: "Privacy Request")
- Website: spektt.com/contact
- Company: Axlume Tech Limited, Federal Republic of Nigeria
For Nigerian users, you may also contact the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng if you believe your rights under the Nigeria Data Protection Act 2023 have been violated.
