Privacy Policy

Sparke ("we", "us", or "our") operates mysparke.com (the "Service"). This Privacy Policy explains what personal information we collect, how we use it, and the choices you have. By using the Service you agree to the practices described here.

We collect the minimum data required to provide the Service:

• Google Account data — when you sign in with Google OAuth we receive your email address, display name, and profile picture. We use these solely for authentication and to identify your workspace.
• Google API access — if you connect Gmail, Google Calendar, or Google Meet, we store encrypted OAuth tokens (refresh and access tokens) on our servers so the Service can send emails, sync replies, and create calendar events on your behalf. We never read emails beyond what is needed to sync outreach replies you initiated through Sparke.
• Workspace configuration — information you enter during setup: company name, product description, pricing, and your ideal customer profile (ICP). This is used exclusively to power your outreach workflows.
• Usage data — standard server logs (IP address, browser type, pages visited, timestamps) for security monitoring and debugging. These are not sold or shared.

We do not collect payment information directly. We do not use cookies for advertising. We do not build advertising profiles.

• To authenticate you and maintain your session securely.
• To send outreach emails and sync replies through your connected Gmail account.
• To generate AI-powered ideal customer profiles and outreach drafts based on the product information you provide.
• To display your pipeline metrics, lead data, and conversation history within your dashboard.
• To maintain an audit log of actions taken through the Service so you can review them.
• To diagnose errors and improve the reliability of the platform.

We do not use your data for any purpose beyond operating and improving the Service.

We do not sell, rent, or share your personal information with third parties for marketing or commercial purposes.

We may share data only in these limited circumstances:

• Sub-processors — we use Supabase (database hosting) and may use AI model providers (Google Gemini, Anthropic Claude) to generate content on your behalf. These providers process data solely to deliver the Service and are bound by their own privacy commitments.
• Legal requirements — if required by law, court order, or to protect the rights and safety of users or the public.

We retain your data for as long as your account is active. If you request deletion, we will remove your personal information from our systems within 30 days, except where retention is required by law or legitimate security purposes.

We take reasonable technical and organisational measures to protect your data:

• Google OAuth tokens are encrypted at rest using AES-256-GCM before storage.
• All traffic is encrypted in transit via HTTPS/TLS.
• Session cookies are HttpOnly, Secure, and signed with HMAC-SHA256.
• API routes are protected by session verification on every request.

No system is completely secure. If you discover a vulnerability, please report it to richardadamik02052011@gmail.com.

You have the right to:

• Access — request a copy of the personal data we hold about you.
• Correction — ask us to correct inaccurate data.
• Deletion — request that we delete your account and all associated personal data.
• Portability — request your data in a machine-readable format.
• Revoke Google access — you can disconnect your Google account at any time from the Settings page, which revokes our access to your Gmail and Calendar.

To exercise any of these rights, email us at richardadamik02052011@gmail.com. We will respond within 30 days.

The Service is not directed at anyone under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently done so, please contact us and we will delete that information promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.

Questions about this policy? Reach us at richardadamik02052011@gmail.com.