Privacy Policy

Effective Date: June 12, 2026

Sparch, Inc. ("Sparch," "we," "us," or "our") operates the Sparch agentic AI platform, including our mobile applications and website at sparch.ai (collectively, the "Services"). This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and your choices regarding your information.

By using our Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

1. Information We Collect

1.1 Account Information

When you create a Sparch account, we collect:

  • Name and email address via your chosen sign-in method (Apple Sign-In, Google Sign-In, or email)
  • Profile preferences such as display name and selected theme

These are the only pieces of personally identifiable information (PII) we store directly.

1.2 Conversations and Inputs

When you interact with Sparch, we process the following types of input:

  • Text prompts and chat messages sent to AI models
  • Uploaded files and documents (PDFs, images, code files, text files) submitted for AI analysis
  • Audio recordings when you use voice input, dictation, voice-memo, or music and audio practice features
  • Images and media submitted for generation, editing, or analysis

Your conversation history is stored in your account to enable chat continuity across sessions. You can delete individual conversations or your entire history at any time.

1.3 AI-Generated Content

We store AI-generated outputs (text responses, images, videos) associated with your account so you can access them later. Generated media may be cached temporarily on our servers to facilitate delivery.

1.4 Widget Content

Sparch includes a suite of built-in widgets (tools) for creativity, learning, daily life, travel, and money. Content you create or save in a widget is stored with your account so the widget can function. Depending on which widgets you use, this may include:

  • Journal entries and mood selections you write in the journaling widget
  • Voice memos and their transcripts you capture, until you delete them
  • Documents you scan or paste for filing, summarization, or tracking
  • Photos you choose to submit — for example garments for wardrobe styling, food or ingredients for recipe suggestions, or reference images for design and avatar features
  • Workout, meal, and wellness entries you log in fitness, kitchen, and mindfulness widgets
  • Notes, links, watchlists, and trip details (including booking confirmations you paste) you save
  • Learning progress such as language lessons, music practice, courses, scripture reading and memorization, and quiz scores
  • Creative projects such as designs, edited video, stories, scripts, slide decks, and 3D models

Widget content is used only to provide the relevant feature and the personalization described below. You can delete widget content from within each widget, and all of it is removed when you delete your account.

Personalization across widgets: Some features — such as your daily brief and the personalized start screen — read data you have already stored in your other widgets to assemble summaries and suggestions for you. This processing happens within your own account and is never shared with other users.

Images that include people: When you submit a photo as a reference for avatar or character generation, it is processed at your direction by the AI providers described in Section 3 to create the artwork you request. We do not use facial recognition to identify people and we do not build biometric databases from your photos.

1.5 Browsing Data (Agentic Browser)

When you use Sparch's agentic browsing features, the AI agent may capture screenshots of webpages to understand visual context and take actions on your behalf. These snapshots are processed in real time and are not permanently stored on our servers beyond the active session.

1.6 Sparks Data

Sparks are user-installable AI extensions within Sparch. When you create or install Sparks:

  • Spark definitions (manifests, system prompts, configurations) are stored to enable functionality
  • Spark-specific storage may persist settings or data as defined by the Spark's permissions
  • Public Sparks you publish are visible to other users, including the Spark name, description, and manifest

1.7 Usage and Device Information

We automatically collect:

  • Usage metrics: features used, models selected, token consumption, generation counts, and credit balances (including credit top-up history) for subscription and billing management
  • Device information: device type, operating system, and app version
  • Log data: IP addresses, access times, and error logs for service reliability

2. How We Use Your Information

  • Provide AI services: Route your prompts to the appropriate AI models (OpenAI, Anthropic, Google, Mistral, Cohere) and return responses
  • Enable agentic browsing: Process webpage context to allow the AI agent to navigate and interact with sites on your behalf
  • Generate and deliver media: Create images, videos, and other content using AI models based on your requests
  • Power your widgets: Store and process the content you save in widgets (Section 1.4) so each tool works and stays in sync across your devices
  • Personalize your experience: Build features like your daily brief and personalized start screen from data already in your account
  • Manage your subscription and credits: Track usage against your plan limits (tokens, image generations, video generations, transcription minutes) and apply credits from any top-up packs you purchase
  • Improve the Services: Analyze aggregate usage patterns to improve performance, reliability, and features
  • Communicate with you: Send service updates, security alerts, and support responses
  • Prevent abuse: Detect and prevent fraudulent or malicious use of the platform
  • Comply with law: Meet legal and regulatory obligations

3. How Your Data Flows Through AI Models

When you send a message or upload content, your input is transmitted to third-party AI model providers to generate a response. The specific provider depends on which model you select:

  • OpenAI (GPT models, DALL-E)
  • Anthropic (Claude models)
  • Google (Gemini models, Veo)
  • Mistral AI (Mistral models)
  • Cohere (Cohere models)
  • Additional providers for specialized image, video, and audio generation and analysis (Flux, Stable Diffusion, Kling, Luma, Pika, and others), in some cases accessed through model aggregators such as fal.ai and Replicate

Widget features that use AI follow the same flow: for example, asking for recipe ideas from a photo, generating a story or design, separating a song into instruments, or summarizing a scanned document sends the relevant content to a model provider to produce the result you requested.

Each provider processes your input under their own privacy policies and data handling practices. We transmit only the data necessary to fulfill your request. We do not share your account information or personal identity with these providers.

4. Data Minimization

We follow a data minimization approach:

  • We store only your email and name as PII
  • AI model inputs are sent to providers only as needed per request
  • Agentic browsing snapshots are ephemeral and not retained beyond the active session
  • Audio used purely for transcription or voice input is processed and not permanently stored; audio you deliberately save — such as voice memos or practice recordings — is retained until you delete it
  • Widget content is stored only for the widgets you actually use, and you can delete it per item at any time
  • Financial credentials are handled entirely by our payment partners and never touch our servers

5. Third-Party Services

We integrate with the following services, each with their own privacy practices:

  • Firebase (Google): Authentication, data storage, and app integrity verification (App Check)
  • Amazon Web Services (AWS): Cloud storage for media and project files you create or upload
  • Apple App Store: Billing for subscriptions and credit top-ups purchased inside the iOS app. Apple handles the payment; we receive purchase receipts, not your payment details
  • Stripe: Payment processing for purchases made outside the App Store. We do not store full payment card details
  • Plaid: Financial account connections and identity verification when you choose to link a bank account in the finance widget. Sensitive financial data is handled by Plaid and accessed only via secure server-side calls. If you ask for spending insights or budget analysis, relevant transaction summaries may be processed by AI models at your direction to produce them
  • AI Model Providers: As described in Section 3, your prompts and inputs are sent to model providers to generate responses
  • Siri and Apple Shortcuts: If you invoke Sparch actions through Siri or app shortcuts, Apple processes your voice request under Apple's privacy policy; Sparch receives only the action to perform

We do not control and are not responsible for the privacy practices, data handling, or security of these third-party services. Once your data is transmitted to a third-party provider, it is subject to that provider's privacy policy. We encourage you to review the privacy policies of any third-party services accessed through Sparch.

6. Information Sharing and Disclosure

We do not sell your personal information. We may share data in these limited circumstances:

  • Service providers: Third-party vendors that help us operate the Services (hosting, payment processing, AI model providers)
  • Legal requirements: When required by law, regulation, or valid legal process
  • Safety and rights: To protect the rights, property, or safety of Sparch, our users, or the public
  • Business transfers: In connection with a merger, acquisition, or sale of assets
  • With your consent: When you explicitly choose to share, such as publishing a public Spark or joining a shared activity (for example, a game joined by invite code), in which case the content of that shared activity is visible to its participants

7. Data Security

We implement industry-standard security measures:

  • Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Infrastructure: Our servers are protected by VPC whitelisting, WAF rules, and certificate-based authentication
  • Access controls: Role-based access control and least-privilege principles across all systems
  • Authentication: Multi-factor authentication and passkeys for administrative access
  • Secrets management: API keys stored in managed secret services with automated rotation
  • Client verification: Firebase App Check to validate requests from authentic app instances

8. Data Retention and Deletion

  • Account data: Retained while your account is active
  • Conversation history: Retained until you delete it or delete your account
  • Widget content (journal entries, voice memos, scanned documents, logs, projects, and similar): Retained until you delete the item or delete your account
  • Generated media: Retained while associated with your account
  • Usage logs: Retained for 90 days for operational purposes
  • Transaction records: Retained as required by applicable law

Account Deletion

You may request deletion of your account and all associated data at any time. Upon request:

  • Your account is deactivated immediately
  • A 30-day recovery window allows you to restore your account if the deletion was unintentional
  • After 30 days, all data is permanently deleted from our systems, including conversation history, widget content, generated content, and Spark data

9. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your data
  • Portability: Request a portable copy of your data
  • Opt-out: Opt out of certain data processing activities
  • Withdraw consent: Withdraw consent for data processing at any time

To exercise these rights, contact us at privacy@sparch.ai.

10. Agentic Browsing and Third-Party Website Data

When you use the agentic browser, the AI agent accesses and processes content from third-party websites at your direction. You should be aware that:

  • The agentic browser may access publicly available information on websites you direct it to visit
  • Any data you provide to third-party websites through the agentic browser (such as form submissions, login credentials, or search queries) is transmitted directly to those websites and governed by their privacy policies
  • We do not control what data third-party websites collect about you or the AI agent during browsing sessions
  • It is your responsibility to ensure that directing the AI agent to access any website complies with that website's terms and privacy requirements

Sparch does not accept responsibility for any data collected by third-party websites accessed through the agentic browser, or for any consequences arising from the AI agent's interactions with those websites.

11. AI Training and Model Improvement

Sparch does not use your conversations, prompts, or generated content to train our own AI models. Your inputs are sent to third-party AI providers to generate responses per your requests. Each provider's use of data for their own model training is governed by their respective policies and our agreements with them.

12. Children's Privacy

Our Services are not intended for children under 13. We do not knowingly collect personal information from children under 13. Certain Sparks may carry age ratings (4+, 9+, 12+, 17+) to help users make informed choices, but the platform itself requires users to be at least 13 years old.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the CCPA:

  • The right to know what personal information is collected, used, shared, or sold
  • The right to delete personal information
  • The right to opt-out of the sale of personal information
  • The right to non-discrimination for exercising your rights

We do not sell personal information. To exercise your CCPA rights, contact privacy@sparch.ai.

14. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under the GDPR including access, rectification, erasure, restriction of processing, data portability, and the right to object. Our legal bases for processing include consent, performance of our contract with you, and legitimate interests in operating and improving the Services.

15. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States where our servers are located. We take appropriate safeguards to protect your data in accordance with this policy and applicable law.

16. Limitation of Liability for Data Practices

While we implement reasonable security measures and data handling practices, we cannot guarantee the absolute security of your information. To the fullest extent permitted by law, Sparch shall not be liable for any unauthorized access to, alteration of, or destruction of your data, or for any data processing conducted by third-party AI model providers or other service providers. Your use of the Services and the transmission of your data is at your own risk. For full details on liability limitations, please refer to our Terms of Service.

17. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy and revising the effective date. Continued use of the Services after changes constitutes acceptance of the updated policy.

18. Contact Us

If you have questions about this Privacy Policy or our data practices:

Sparch, Inc.
Email: privacy@sparch.ai
Website: https://sparch.ai