Platform Security Policy

1. Purpose and Scope

This Security Policy describes the technical and organisational measures Spectatr.ai (operated by Fanbuff Technology India Private Limited, "Spectatr.ai", "we", "our") applies to safeguard customer data, video assets, user accounts and platform infrastructure across our products PULSE (AI Highlights), AXIS (Media Management), BRAND GAUGE (Sponsor Analytics) and JORDY (AI Sports Agent).

This Policy applies to all customer-facing environments, all employees and contractors who access Spectatr.ai systems, and all data processed through the platform, including live and recorded video feeds, generated highlights, metadata, sponsor analytics outputs and user account information.

2. Data Classification

Spectatr.ai classifies the data it processes into the following categories:

• Customer Content: live feeds, recorded video, generated highlights, metadata, sponsor analytics outputs. Owned by the Customer; processed by Spectatr.ai on the Customer's behalf.
• Account Data: usernames, hashed credentials, role assignments, organisation membership, access logs.
• Contact Data: names, business email addresses, phone numbers submitted via demo or contact forms.
• Operational Data: server logs, system telemetry, aggregated usage metrics.

3. Infrastructure and Hosting

4. Encryption

5. Access Control and Authentication

6. Personnel

• All Spectatr.ai personnel are bound by confidentiality obligations as a condition of engagement.
• Personnel are required to follow internal security and acceptable-use practices when accessing Spectatr.ai systems.

7. Sub-processors

Spectatr.ai engages a limited number of sub-processors strictly to deliver the service. Each is bound by a written agreement containing confidentiality obligations. Current categories of sub-processor are:

• Cloud infrastructure providers (compute, storage, networking).
• Email and notification delivery providers.
• Customer support and CRM tooling.
• Analytics tooling for aggregated, non-personal usage metrics.

8. Incident Response

Spectatr.ai maintains an internal process for identifying, containing and resolving security incidents. In the event of a confirmed security incident affecting Customer data, Spectatr.ai will notify the affected Customer without undue delay, including the nature of the incident, the data categories affected, the steps taken in response, and a point of contact for further information.

9. Data Retention and Deletion

• Customer Content is retained for the term of the engagement and deleted following written request after contract termination, unless a longer retention period is agreed in writing.
• Account Data is retained for the term of the engagement and for a reasonable period thereafter for audit purposes, then deleted.
• Customer-initiated data export is available throughout the engagement in the formats supported by the platform.

10. Customer Responsibilities

The security of the platform is a shared responsibility. Customers are expected to:

• Keep portal credentials confidential and not share login details across multiple users.
• Promptly remove access for users who no longer require it.
• Notify Spectatr.ai immediately at the contact below if a credential is suspected to be compromised.
• Ensure that any feeds or content delivered to the platform are owned by the Customer or that the Customer holds the necessary rights to process them.

11. Policy Review

This Policy is reviewed periodically and updated as required to reflect changes in the platform and applicable law. The current version is available on request.

12. Contact

Security-related questions and incident reports may be directed to:

Spectatr.ai (Fanbuff Technology India Private Limited)

• Email: contact@spectatr.ai
• Postal: 4th Floor, Building 82, Sector 44, Gurgaon, Haryana 122003, India