This page describes how we honour rights that come from the EU General Data Protection Regulation (GDPR), the UK GDPR, the EEA equivalents, and similar comprehensive privacy laws such as the California Consumer Privacy Act (CCPA/CPRA), Brazil's LGPD, and Canada's PIPEDA.
We aim to give every user the same set of rights regardless of where you live, on the theory that if a right is good enough for an EU resident it's good enough for a Sri Lankan one. The list below applies to everyone with a Spectrum Connect account.
You can read what we collect and why in our Privacy Policy. The short answer: we collect what we need to run the platform, hold escrow, fight fraud, and meet our own legal obligations.
You can ask for a copy of the personal data we hold about you. The fastest way is the “Download my data” button in your account settings. It produces a JSON or CSV export. If you need a different format or there's data you can't see in the export, email privacy@spectrumconnect.co.
Anything you can edit yourself (name, bio, location, portfolio links, profile photo) is on your profile page. For things you can't edit yourself (a wrong field on a completed transaction, a misspelled name on a verification record), email us.
You can close your account from settings. Most of your data goes within 30 days. The exceptions are the ones we have to keep by law (transaction and tax records for up to 7 years; banned-account audit trails for repeat-offender prevention). When that retention clock runs out, the rest is deleted automatically.
If you want a stricter, faster deletion than the default flow allows, email us. We will tell you exactly what we can erase, what we have to keep, and the legal basis for each piece we keep.
While we're working through a complaint or a correction request, you can ask us to stop using the contested data for anything except storage. We'll do that and keep the data “parked” until the issue is resolved.
The export described under “access” above is also our portability export. It's structured, commonly used, and machine readable, so you can move it to a competing service if you want.
You can object to any processing we do based on legitimate interest. The most common version of this is: “please stop using my data for analytics or product improvement”. Toggle the relevant switch in your privacy settings, or tell us and we'll do it manually.
Spectrum Connect uses some automated systems (Smart Connect ranking, ETF Points calculation, basic fraud screens). None of them produces a decision that has a legal or similarly significant effect on you without a human in the loop. You can ask for a human review of any automated outcome that affects your account, and we'll do it within 14 days.
Where we rely on your consent (marketing email, non-essential cookies, featured collections), you can withdraw it at any time without affecting the rest of your account. The cookie banner and your email preferences both have a clear off switch.
If you think we're mishandling your data, please tell us first and give us a chance to fix it. You can also complain to your national data protection authority. EU/EEA residents can find theirs at edpb.europa.eu/members. UK residents can reach the ICO at ico.org.uk.
We respond to most data-rights requests within 30 days, faster for the simple ones. For complex requests (large exports, requests covering multiple jurisdictions) we may extend by up to 60 days; we'll tell you why if that happens.
We don't charge for any of this unless the request is “manifestly unfounded or excessive”, which is GDPR-speak for “the tenth time you've asked for the same export this month”.
We have to be sure a data request is genuinely from the account holder before we act. Most of the time, sending the request from the email address on file is enough. For sensitive operations (account closure, large exports), we may also send a confirmation link to your registered email or ask for two-factor verification.
We're a US company with infrastructure in India. We use the European Commission's Standard Contractual Clauses and equivalent UK mechanisms to make cross-border transfers lawful. If you'd like a copy of the SCCs, email privacy@spectrumconnect.co.
We're not legally required to appoint a DPO, but the role is filled informally by our Head of Legal. You can reach them at the privacy address above.
If we're required to appoint an Article 27 representative under GDPR, that appointment will be published here.
For any data-rights request: privacy@spectrumconnect.co.
For a security or breach disclosure: security@spectrumconnect.co.