GDPR Compliance Statement
Effective Date: April 15, 2026
Spectre - Bluetooth Smart Glasses Detector
Data Controller: 6tSevn BV
Effective Date: April 15, 2026
Last Updated: April 15, 2026
1. Our Commitment
6tSevn BV is committed to protecting the privacy and personal data of all users of the Spectre app, in full compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable national data protection laws. Spectre is designed as a fully offline, privacy-first application. This statement explains how we uphold the principles and rights established by the GDPR.
2. Data Controller
Under the GDPR, the data controller is the entity that determines the purposes and means of processing personal data. For the Spectre app:
Data Controller: 6tSevn BV
Address: Gangboord 11, 3356 DG Papendrecht, The Netherlands
Email: privacy@6tsevn.com
Website: https://6tsevn.com
In practice, 6tSevn BV does not process any personal data from Spectre users. All data remains under the sole control of the user on their own device.
3. What Personal Data Is Processed
Spectre stores detection data and preferences that the app generates based on Bluetooth scans. This data is processed exclusively on the user's device and is never transmitted to 6tSevn BV or any third party.
Data categories stored locally on-device:
| Category | Examples | Legal Basis |
|---|---|---|
| Detection logs | Detected device type, brand, signal strength (RSSI), timestamp, manufacturer identifier | Performance of contract (Art. 6(1)(b)) |
| Location data (optional) | GPS coordinates of detection events, map annotations | Consent (Art. 6(1)(a)) — user grants "When In Use" permission |
| Preference data | Notification settings, display settings, scan preferences | Legitimate interest (Art. 6(1)(f)) |
| Biometric reference | Face ID / Touch ID authentication | Consent (Art. 6(1)(a)) — user opts in |
Data NOT collected by 6tSevn BV:
- Names, email addresses, or contact details
- Device identifiers or advertising identifiers (IDFA)
- Usage analytics or telemetry
- IP addresses
- Cookies or browser data
- Payment or credit card information
- Camera or photo library data
- User account credentials (no accounts exist)
4. Data Processing — Where and How
4.1 On-Device Processing
All data generated by Spectre is stored locally on the user's device using Apple's SwiftData framework. The data resides in an encrypted, sandboxed container that no other application can access. 6tSevn BV has no access to this data. The app makes zero network requests — it operates entirely offline with no server communication whatsoever.
4.2 Location Data
If the user grants "When In Use" location permission, Spectre uses Apple's CoreLocation framework to tag detection events with the geographic location where they occurred. This data is:
- Stored exclusively on the user's device using SwiftData.
- Used solely for displaying detection locations on a map within the app via Apple's MapKit framework.
- Never transmitted to 6tSevn BV or any third party.
- Entirely optional — the user can deny or revoke location access at any time, and the app will continue to function without location tagging.
4.3 Bluetooth Scanning
Spectre uses Apple's CoreBluetooth framework to scan for Bluetooth Low Energy advertisement broadcasts from smart glasses. The app operates in central mode only — it reads publicly broadcast advertisement data without establishing any pairing or connection with detected devices. All scan results are processed and stored locally on-device.
4.4 Local Notifications
Detection alerts are generated and delivered entirely on the user's device using Apple's UserNotifications framework. No notification data is transmitted to any external server. The user must grant explicit permission before notifications are enabled.
5. Data Export
Spectre allows users to export their detection logs in CSV and JSON formats. Export files are generated locally on the user's device and shared via the standard iOS share sheet. 6tSevn BV never receives a copy of exported data. The user has full control over where exported files are stored or shared.
6. Third-Party Data Sharing
6tSevn BV does not share any personal data with third parties. The Spectre app:
- Contains no analytics SDKs (no Firebase, Amplitude, Mixpanel, or similar)
- Contains no advertising networks or trackers
- Contains no crash reporting services (no Crashlytics, Sentry, or similar)
- Uses no third-party libraries — only Apple's native frameworks
- Makes no network requests to any server — the app works entirely offline
Apple frameworks used:
| Framework | Purpose | Data Handling |
|---|---|---|
| CoreBluetooth | BLE scanning for smart glasses | On-device only |
| SwiftData | Local storage | On-device only |
| CoreLocation | Detection location tagging (optional) | On-device only |
| MapKit | Detection map display | On-device rendering only |
| UserNotifications | Local detection alerts | On-device only |
| LocalAuthentication | Biometric app lock | Secure Enclave (Apple hardware) |
| Charts | Detection data visualization | On-device rendering only |
7. Data Transfers Outside the EEA
6tSevn BV does not transfer any personal data outside the European Economic Area. Spectre makes no network requests and does not use any cloud services. All data remains on the user's device within their physical control.
8. Data Retention
Since 6tSevn BV does not collect or store any user data, there is no data retention policy on our end. The user retains full control over their data:
- Detection logs persist on-device for as long as the app is installed.
- The user can delete individual detection entries at any time within the app.
- The user can clear all data using the "Clear All Data" option in settings.
- Uninstalling the app permanently removes all local data.
9. Your Rights Under the GDPR
As a data subject under the GDPR, you have the following rights. Because Spectre is designed as a local-first, offline application and 6tSevn BV holds no personal data, these rights are inherently fulfilled:
| Right | GDPR Article | How It Is Fulfilled |
|---|---|---|
| Right of access | Art. 15 | All your detection data is visible and accessible directly within the app at all times. |
| Right to rectification | Art. 16 | You can edit detection entries and preferences directly in the app. |
| Right to erasure ("right to be forgotten") | Art. 17 | You can delete individual entries or use "Clear All Data" to erase everything. Uninstalling the app removes all data. |
| Right to restriction of processing | Art. 18 | No processing occurs by 6tSevn BV. You control all processing on your device. You can stop scanning at any time. |
| Right to data portability | Art. 20 | Spectre provides CSV and JSON export of your detection data, which you can transfer to any service. |
| Right to object | Art. 21 | No profiling, automated decision-making, or direct marketing is performed. |
| Right to withdraw consent | Art. 7(3) | You can disable location access, notifications, biometric lock, or background scanning at any time in the app's settings or your device settings. |
10. Data Protection by Design and by Default (Art. 25)
Spectre is built according to the GDPR principles of data protection by design and by default:
- Data minimization: The app only stores detection data necessary for its core functionality. No metadata, device information, or behavioral data is collected.
- Purpose limitation: Detection data is used solely for the app's smart glasses detection functionality and is never repurposed.
- Storage limitation: Data exists only as long as the user chooses to keep it. No automatic retention occurs.
- Integrity and confidentiality: Data is stored in an encrypted, sandboxed container on-device, protected by iOS Data Protection. Biometric authentication uses Apple's Secure Enclave hardware.
- Privacy by default: The strictest privacy settings are active by default. Location access is off by default. Notifications are off by default. Biometric lock is off by default. Background scanning requires explicit user activation.
- Offline by design: The app makes no network requests whatsoever, eliminating any possibility of data exfiltration.
11. Data Protection Impact Assessment (DPIA)
Given that 6tSevn BV does not collect, process, or store any personal data from Spectre users, a formal DPIA under Article 35 GDPR is not required. The risk to data subjects is minimal as:
- No personal data leaves the user's device under any circumstances.
- No profiling or automated decision-making takes place.
- No special categories of personal data (Art. 9) are processed by 6tSevn BV.
- No large-scale data processing occurs on the part of 6tSevn BV.
- The app makes no network connections, eliminating remote data breach risk.
12. Biometric Data (Art. 9 — Special Categories)
Spectre offers an optional Face ID / Touch ID lock. This feature:
- Is entirely optional and disabled by default.
- Uses Apple's LocalAuthentication framework, which processes biometric data within the device's Secure Enclave hardware.
- 6tSevn BV never receives, processes, or stores biometric data. The biometric check is performed by the operating system, and only a success/failure result is returned to the app.
- Users can enable or disable this feature at any time.
13. Children's Data (Art. 8)
Spectre is rated 4+ on the App Store and contains no objectionable content. The app does not knowingly collect personal data from children. Since no personal data is transmitted to 6tSevn BV, no specific parental consent mechanism is required under Article 8 GDPR.
14. Security Measures (Art. 32)
Although 6tSevn BV does not process personal data from Spectre users, the app implements the following technical security measures to protect user data on-device:
- Encryption at rest: SwiftData stores data in an encrypted SQLite database within the app's sandboxed container, protected by iOS Data Protection.
- Biometric authentication: Optional Face ID / Touch ID lock prevents unauthorized access to the app and its detection logs.
- Secure Enclave: Biometric data is processed exclusively within Apple's hardware-level Secure Enclave.
- No network surface: The app makes zero network requests, completely eliminating the risk of server-side data breaches, man-in-the-middle attacks, or remote data exfiltration.
- App sandboxing: iOS sandboxing ensures no other application can access Spectre's stored data.
- No cloud storage: The app does not use iCloud or any cloud service, ensuring data exists solely on the user's physical device.
15. Breach Notification (Art. 33 & 34)
Since 6tSevn BV does not collect, store, or process personal data from Spectre users, a data breach at 6tSevn BV cannot expose Spectre user data. In the unlikely event of a breach affecting the app's security (e.g., a vulnerability in the app code), we will:
- Investigate and address the vulnerability promptly.
- Release an app update with a fix.
- Notify users through the App Store update notes.
- Report to the relevant supervisory authority within 72 hours if required under Article 33 GDPR.
16. Changes to This Statement
6tSevn BV reserves the right to update this GDPR Compliance Statement. Any material changes will be published on our website with an updated "Last Updated" date. We encourage users to review this statement periodically.
17. Contact & Complaints
If you have questions about this GDPR Compliance Statement or wish to exercise your data protection rights, please contact us:
6tSevn BV
Gangboord 11
3356 DG Papendrecht
The Netherlands
Email: privacy@6tsevn.com
Website: https://6tsevn.com
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority. For users in the Netherlands, this is:
Autoriteit Persoonsgegevens (Dutch Data Protection Authority)
Website: https://autoriteitpersoonsgegevens.nl
Phone: +31 (0)70 888 85 00
This GDPR Compliance Statement applies to the Spectre app (version 1.0.0 and later) available on the Apple App Store, developed and published by 6tSevn BV.