Privacy Policy

Effective Date: April 3, 2026

Sparch, Inc. ("Sparch," "we," "us," or "our") operates the Sparch agentic AI platform, including our mobile applications and website at sparch.ai (collectively, the "Services"). This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and your choices regarding your information.

By using our Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

1. Information We Collect

1.1 Account Information

When you create a Sparch account, we collect:

  • Name and email address via your chosen sign-in method (Apple Sign-In, Google Sign-In, or email)
  • Profile preferences such as display name and selected theme

These are the only pieces of personally identifiable information (PII) we store directly.

1.2 Conversations and Inputs

When you interact with Sparch, we process the following types of input:

  • Text prompts and chat messages sent to AI models
  • Uploaded files and documents (PDFs, images, code files, text files) submitted for AI analysis
  • Audio recordings when you use voice input or dictation features
  • Images and media submitted for generation, editing, or analysis

Your conversation history is stored in your account to enable chat continuity across sessions. You can delete individual conversations or your entire history at any time.

1.3 AI-Generated Content

We store AI-generated outputs (text responses, images, videos) associated with your account so you can access them later. Generated media may be cached temporarily on our servers to facilitate delivery.

1.4 Browsing Data (Agentic Browser)

When you use Sparch's agentic browsing features, the AI agent may capture screenshots of webpages to understand visual context and take actions on your behalf. These snapshots are processed in real time and are not permanently stored on our servers beyond the active session.

1.5 Sparks Data

Sparks are user-installable AI extensions within Sparch. When you create or install Sparks:

  • Spark definitions (manifests, system prompts, configurations) are stored to enable functionality
  • Spark-specific storage may persist settings or data as defined by the Spark's permissions
  • Public Sparks you publish are visible to other users, including the Spark name, description, and manifest

1.6 Usage and Device Information

We automatically collect:

  • Usage metrics: features used, models selected, token consumption, and generation counts for subscription management
  • Device information: device type, operating system, and app version
  • Log data: IP addresses, access times, and error logs for service reliability

2. How We Use Your Information

  • Provide AI services: Route your prompts to the appropriate AI models (OpenAI, Anthropic, Google, Mistral, Cohere) and return responses
  • Enable agentic browsing: Process webpage context to allow the AI agent to navigate and interact with sites on your behalf
  • Generate and deliver media: Create images, videos, and other content using AI models based on your requests
  • Manage your subscription: Track usage against your plan limits (tokens, image generations, video generations, transcription minutes)
  • Improve the Services: Analyze aggregate usage patterns to improve performance, reliability, and features
  • Communicate with you: Send service updates, security alerts, and support responses
  • Prevent abuse: Detect and prevent fraudulent or malicious use of the platform
  • Comply with law: Meet legal and regulatory obligations

3. How Your Data Flows Through AI Models

When you send a message or upload content, your input is transmitted to third-party AI model providers to generate a response. The specific provider depends on which model you select:

  • OpenAI (GPT models, DALL-E)
  • Anthropic (Claude models)
  • Google (Gemini models, Veo)
  • Mistral AI (Mistral models)
  • Cohere (Cohere models)
  • Additional providers for specialized image and video generation (Flux, Stable Diffusion, Kling, Luma, Pika, and others)

Each provider processes your input under their own privacy policies and data handling practices. We transmit only the data necessary to fulfill your request. We do not share your account information or personal identity with these providers.

4. Data Minimization

We follow a data minimization approach:

  • We store only your email and name as PII
  • AI model inputs are sent to providers only as needed per request
  • Agentic browsing snapshots are ephemeral and not retained beyond the active session
  • Audio recordings for transcription are processed and not permanently stored
  • Financial credentials are handled entirely by our payment partners and never touch our servers

5. Third-Party Services

We integrate with the following services, each with their own privacy practices:

  • Firebase (Google): Authentication, data storage, and app integrity verification (App Check)
  • Stripe: Payment processing for subscriptions. We do not store full payment card details
  • Plaid: Financial account connections and identity verification when applicable. Sensitive financial data is handled by Plaid and accessed only via secure server-side calls
  • AI Model Providers: As described in Section 3, your prompts and inputs are sent to model providers to generate responses

6. Information Sharing and Disclosure

We do not sell your personal information. We may share data in these limited circumstances:

  • Service providers: Third-party vendors that help us operate the Services (hosting, payment processing, AI model providers)
  • Legal requirements: When required by law, regulation, or valid legal process
  • Safety and rights: To protect the rights, property, or safety of Sparch, our users, or the public
  • Business transfers: In connection with a merger, acquisition, or sale of assets
  • With your consent: When you explicitly choose to share, such as publishing a public Spark

7. Data Security

We implement industry-standard security measures:

  • Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Infrastructure: Our servers are protected by VPC whitelisting, WAF rules, and certificate-based authentication
  • Access controls: Role-based access control and least-privilege principles across all systems
  • Authentication: Multi-factor authentication and passkeys for administrative access
  • Secrets management: API keys stored in managed secret services with automated rotation
  • Client verification: Firebase App Check to validate requests from authentic app instances

8. Data Retention and Deletion

  • Account data: Retained while your account is active
  • Conversation history: Retained until you delete it or delete your account
  • Generated media: Retained while associated with your account
  • Usage logs: Retained for 90 days for operational purposes
  • Transaction records: Retained as required by applicable law

Account Deletion

You may request deletion of your account and all associated data at any time. Upon request:

  • Your account is deactivated immediately
  • A 30-day recovery window allows you to restore your account if the deletion was unintentional
  • After 30 days, all data is permanently deleted from our systems, including conversation history, generated content, and Spark data

9. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your data
  • Portability: Request a portable copy of your data
  • Opt-out: Opt out of certain data processing activities
  • Withdraw consent: Withdraw consent for data processing at any time

To exercise these rights, contact us at privacy@sparch.ai.

10. AI Training and Model Improvement

Sparch does not use your conversations, prompts, or generated content to train our own AI models. Your inputs are sent to third-party AI providers to generate responses per your requests. Each provider's use of data for their own model training is governed by their respective policies and our agreements with them.

11. Children's Privacy

Our Services are not intended for children under 13. We do not knowingly collect personal information from children under 13. Certain Sparks may carry age ratings (4+, 9+, 12+, 17+) to help users make informed choices, but the platform itself requires users to be at least 13 years old.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the CCPA:

  • The right to know what personal information is collected, used, shared, or sold
  • The right to delete personal information
  • The right to opt-out of the sale of personal information
  • The right to non-discrimination for exercising your rights

We do not sell personal information. To exercise your CCPA rights, contact privacy@sparch.ai.

13. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under the GDPR including access, rectification, erasure, restriction of processing, data portability, and the right to object. Our legal bases for processing include consent, performance of our contract with you, and legitimate interests in operating and improving the Services.

14. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States where our servers are located. We take appropriate safeguards to protect your data in accordance with this policy and applicable law.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy and revising the effective date. Continued use of the Services after changes constitutes acceptance of the updated policy.

16. Contact Us

If you have questions about this Privacy Policy or our data practices:

Sparch, Inc.
Email: privacy@sparch.ai
Website: https://sparch.ai