Privacy Policy

Sperotel Technologies LLP built the Sperotel Messaging, Sperotel Mobile Application, BlackOS and Juvo. This SERVICE is provided by Sperotel Technologies LLP and is intended for use as is.

Most Terms of Use and Privacy Policy documents are unreadable. They are written by lawyers and for lawyers and are not very effective.

Privacy is essential, and we want you to understand the issues involved. Therefore, we used plain English to make our terms as straightforward as possible.

Where you read ‘Sperotel’, ‘Sperotel Services’, ‘Sperotel Messaging’, ‘BlackOS’ or ‘’, it refers to all services made available at

Where you read 'sperotel server', 'sperotel servers , it refers to the services configured within Sperotel which store the user account and personal conversation history, provide additional functionality such as bots and integrations, and (where enabled by the Customer) communicate via the third-party application services.

Where you read ‘the Service’ in this document, it refers to the Sperotel Messaging app instances exposed on (or subdomains or customer’s domain) by Sperotel Technologies LLP. Where you read ‘Sperotel’ or ‘we’ or ‘us’ below, it refers to Sperotel Messaging, a trading name of Sperotel Technologies LLP and their agents.

The Scope

This document explains how we process personal data as it relates to:

  1. For a better experience, while using our Service, we may require you to provide us with certain personally identifiable information, including but not limited to Name, Email Address, Phone Number.
  2. The information that we request will be retained by us and used as described in this privacy policy.
  3. Sperotel Customers: Sperotel Customers use the Sperotel messaging app to connect to servers hosted by Sperotel on the cloud or self-hosted on customer premises. Apart from where otherwise noted, this document does not address data protection issues relating to the messaging and file data submitted by Users to the hosted server instances, as this is the customer’s legal responsibility.

This document does not cover the following:

  1. Your account details and preferences, messages, files and any other data you share via the Sperotel application are the user’s responsibility. It is the customer’s job to ensure that your data is handled appropriately and that you are well informed.

The Customer and the user

This document explains data protection issues relating to Sperotel Customers and Users. Simply put, you’re a Customer if you’re paying (or otherwise compensating) Sperotel to provide a dedicated hosted messaging service. If you have an account registered on a sperotel server that you use to send and receive messages or use the Sperotel Messaging application to connect any server within the Sperotel network, you are a User.

It is possible to be both a Customer and a User, but we encourage you to consider these roles separately when considering data protection concerns.

Legal Basis for Processing of your data

Sperotel Technologies has a different legal basis for processing based on which product you are using:

  1. Sperotel Messaging users: we collect your IP address when you request access to the Sperotel client from our web server. This data is collected under Legitimate Interest to support operational maintenance and to protect against malicious actions against our infrastructure.
  2. Sperotel customers: your data is processed under Performance of Contract under the lawful basis of processing under the GDPR act. This means that we process your information only as necessary to meet our contractual obligations to you or to engage with you to do something before entering into a contract.

Data Ownership - Messaging and File data hosted on Sperotel servers

The customer can use Sperotel Services to provision and manage hosted Sperotel servers. The customer owns and controls all messages and files submitted to their server by User accounts registered natively on their server. This ownership does not extend to messages and files submitted over federation or bridging.

This means that, in addition to the usual data access controls defined by the core protocol, all unencrypted messages and files can be accessed by the customer, and that access is retained even if no User account within the system retains access to the data.

What Information Do we collect and Why?

The information we collect is for the purpose of supporting your management of hosted servers through Sperotel Messaging Services or to support the operations of the Sperotel client. We do not profile server Users or their data. However, we might profile metadata pertaining to the configuration and management of hosted Sperotel servers to improve our products and services.

Information you provide to us:

We collect information about you when you input it into the Sperotel Dashboard or Sperotel apps or otherwise provide it directly to us.

Sperotel Dashboard Home Customer Account and Profile Information

We collect information when you register for an account. This information is kept to a minimum on purpose and is restricted to the following:

  1. Email Address
  2. Domain
  3. Billing Details

Your authentication identifier is used to authenticate your access to Sperotel Dashboard at and uniquely identify you.

Sperotel Account Transaction and Billing Information

Paying for hosted server services via Sperotel is handled entirely by our payment processor, Stripe. The processor stores your credit card information and billing contact information to process your monthly or annual automatic renewals or upgrade or downgrade your subscription without re-entering a credit card number.

We never have access to, nor store your full credit card information. The payment processor code we use also sets a cookie in your browser, to remember your info for future purchases. You can delete or block that cookie if you wish; our website will continue to work.

We require you to enter your billing information. This data, as well as the last four digits of your credit card, which is sent to us by our payment processor, is stored in our transaction database in order to maintain our financial records. This information appears on your invoice, which can be accessed by anyone who has been sent the url link to your invoice. We make the invoice links purposefully long and hard to guess for added security, and we prevent search engines from indexing them. The history of changes to the billing contact information on the invoice made by you or our team are logged and stored in our transaction database.

The data we collect in our transaction database, including Personal Data, is not shared with third parties, except for the purposes of determining the validity of payment. In this case, we may share the name and email address associated with the purchase with the credit card holder, your company’s accounting department, or with our payment processor when responding to a chargeback.

Lead generation and marketing information

We might collect information about you through adverts placed on third-party platforms such as LinkedIn, Twitter or Google. Whenever you click an advert on these platforms, you may be asked to provide details such as:

  1. Email Address
  2. Organisation
  3. Number of employees
  4. Job Title
  5. Phone Number

Within each of these adverts you will be notified of the legal basis under which your data will be processed. This information will be stored on our CRM provider Pipedrive, and will be processed in accordance with this policy.

Information we collect automatically as you use the service:

Connection Information

We log the IP addresses of everyone who accesses Sperotel Messaging and its services. This data is used in order to mitigate abuse, debug operational issues, and monitor traffic patterns.

Our logs are kept for:

  1. 30 days, for Sperotel Services and Products
  2. 180 days, for Sperotel Messaging application

Location Information

We may collect location data if you use the static or live location-sharing features within the Sperotel Messaging app. This includes your longitude, altitude and latitude data to calculate your precise location accurately. Location data is held within the room in which it is shared, so it will be encrypted in encrypted rooms and not encrypted in rooms where encryption is switched off.

All our clients use the third-party service Maptiler to provide the images used to display maps.

Sharing Data in Compliance with Law Enforcement Requests and Applicable Laws

In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to

  1. comply with any applicable law, regulation, legal process or governmental request,
  2. protect the security or integrity of our products and services (like security audit, compliance)
  3. protect Sperotel and our users from harm or illegal activities, or
  4. respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing serious bodily harm to any person.

Handling of Passwords

We never store passwords in plain text; they are stored hashed. Passwords sent to the server are encrypted using SSL.

It is your sole responsibility to keep your user name, password and other sensitive information confidential. Actions taken using your credentials shall be deemed to be actions taken by you, with all consequences including service termination and civil and criminal penalties.

If you become aware of any unauthorised use of your account or any other security breach, you must notify Sperotel immediately by emailing Users should manage good password hygiene (e.g. using a password manager) and change their password if they believe their account is compromised.

Children’s Privacy

These Services do not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do necessary actions.

Access to Information and Configuration

Data stored in Sperotel is accessible by the customer’s account and by Sperotel engineers (employees and contractors) under the conditions outlined below.

  1. What Are the Guidelines Sperotel Follows When Accessing Data?
  2. - We restrict who at Sperotel (employees and contractors) can access non-encrypted data to roles that require access to maintain the health of the Application and Services.

    We never share what we see with other users or the general public.

  3. Who Else Has Access to Data?
  4. We host our services on Amazon Web Services (AWS):

    1. Our dashboard server is hosted in an AWS data centre in Mumbai, India.
    2. Customer deployments have the option to select the geographical location which is the most convenient for them;

Amazon employees may have access to some of this data. Here’s Amazon’s privacy policy. Amazon controls physical access to their locations.

Physical access to our offices and locations uses typical physical access restrictions.

We use secure private keys when accessing servers via SSH, and protect our AWS console passwords locally with a password management tool. Nobody at Sperotel, or any of our processors, is able to access encrypted data.

How Is Data Protected from Another User’s Data?

All of the Sperotel user data resides within the same dedicated cluster or on a dedicated cluster, depending on the plan a customer is subscribed to. We use software best practices to guarantee that only the customer can access it. In other words, we segment User data via software. We do our best and are very confident we’re doing an excellent job at it, but, like every other service that hosts User data on the same database, we cannot guarantee that it is immune to a sophisticated attack.

What Should I Do If I Find a Security Vulnerability in the Service?

If you have discovered a security concern, please email us at We’ll work with you to ensure that we understand the scope of the issue and fully address your concern. Information security is our highest priority, and we work to address any issues that arise as quickly as possible.

Please act in good faith towards our users’ privacy and data during your disclosure. White-hat security researchers are always appreciated.

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention at if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page.

This policy is effective as of 2022-11-15

Contact Us

If you have any questions or suggestions about our Terms and Conditions, do not hesitate to contact us at