Privacy Policy

Last Updated: December 2025

Sparch, Inc. ("Sparch," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our agentic browsing platform, mobile applications, and related services (collectively, the "Services") available at sparch.ai.

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Services.

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when using our Services:

  • Account Information: When you create an account, we collect your email address and name. These are the only pieces of personally identifiable information (PII) we store directly.
  • Profile Information: You may optionally provide additional information such as a username, profile picture, or preferences.
  • Communications: When you contact us for support or feedback, we collect the information you provide in those communications.

1.2 Information Collected Automatically

When you use our Services, we automatically collect certain information:

  • Usage Data: Information about how you interact with our Services, including features used, actions taken, and time spent.
  • Device Information: Device type, operating system, browser type, and unique device identifiers.
  • Log Data: IP addresses, access times, and referring URLs.

1.3 Information from Third-Party Services

We integrate with trusted third-party services to provide functionality:

  • Plaid: When you connect financial accounts, Plaid handles identity verification (IDV) and financial data. We retrieve this information via secure server-side calls only when needed and do not store sensitive financial credentials.
  • Stripe: Payment processing is handled by Stripe. We do not store full payment card details on our servers.
  • Firebase/Google: Authentication services and secure data storage.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve our Services
  • To process transactions and send related information
  • To send you technical notices, updates, security alerts, and support messages
  • To respond to your comments, questions, and customer service requests
  • To communicate with you about products, services, and events offered by Sparch
  • To monitor and analyze trends, usage, and activities in connection with our Services
  • To detect, investigate, and prevent fraudulent transactions and other illegal activities
  • To personalize and improve your experience
  • To comply with legal obligations

3. Data Minimization

Sparch is committed to collecting only the minimum amount of personal data necessary to provide our Services. We do not store personally identifiable information (PII) beyond your email address and name. Sensitive information such as financial credentials and identity verification data is handled by our trusted partners (Plaid, Stripe) and accessed only when necessary through secure, server-side connections.

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

  • Service Providers: We share information with third-party vendors who perform services on our behalf, such as payment processing (Stripe), authentication (Firebase), and financial services (Plaid).
  • Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Protection of Rights: We may disclose information to protect the rights, property, or safety of Sparch, our users, or others.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as a business asset.
  • With Your Consent: We may share information with your consent or at your direction.

5. Data Security

We implement comprehensive security measures to protect your information:

  • Encryption: All data is encrypted in transit using TLS 1.2 or higher, and at rest using AES-256 encryption.
  • Infrastructure Security: Our Google Cloud servers are protected by an AWS proxy layer with VPC whitelisted IPs, WAF rules, and certificate-based authentication.
  • Access Controls: We implement role-based access control (RBAC) and the principle of least privilege across all systems.
  • Authentication: All administrative accounts are protected with multi-factor authentication (MFA) and passkeys.
  • Secrets Management: API keys and secrets are stored in GCP Secrets Manager with automated rotation—never hardcoded.
  • Vulnerability Management: We maintain zero-vulnerability Docker deployments and regularly patch all systems.

6. Data Retention and Deletion

We retain your information only for as long as necessary to provide our Services and fulfill the purposes described in this Privacy Policy:

  • Account Data: Retained while your account is active.
  • Usage Logs: Retained for 90 days for operational purposes.
  • Transaction Records: Retained as required by applicable law.

6.1 Account Deletion

You may request deletion of your account and associated data at any time. Upon receiving a deletion request:

  • Your account will be deactivated immediately.
  • A 30-day recovery period allows you to restore your account if the deletion was accidental.
  • After 30 days, all your data is permanently deleted from our systems.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate personal information.
  • Deletion: Request deletion of your personal information.
  • Portability: Request a portable copy of your data.
  • Opt-Out: Opt out of certain data processing activities.
  • Withdraw Consent: Withdraw consent for data processing at any time.

To exercise these rights, please contact us at privacy@sparch.ai.

8. Consent

We obtain explicit consent from users before collecting, processing, or storing their data. When connecting to third-party services or accessing features like location data, we request permission through clear, understandable prompts. You may withdraw consent at any time through your account settings or by contacting us.

9. Children's Privacy

Our Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy.

11. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you access.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information is collected, used, shared, or sold.
  • The right to delete personal information held by businesses.
  • The right to opt-out of the sale of personal information.
  • The right to non-discrimination for exercising your CCPA rights.

We do not sell personal information. To exercise your CCPA rights, contact us at privacy@sparch.ai.

14. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including the rights to access, rectify, erase, restrict processing, data portability, and object to processing. Our legal bases for processing include consent, contract performance, and legitimate interests.

15. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Sparch, Inc.
Email: privacy@sparch.ai
Website: https://sparch.ai