Legal
Privacy Policy
Last updated: February 16, 2026
1. Introduction
SparkerAI, LLC (“Sparker,” “we,” “us,” or “our”) operates the Sparker platform, an AI-powered marketing automation service accessible at sparkerai.com and through our mobile applications (collectively, the “Service”).
This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the Service. It also describes your rights regarding your personal data and how you can exercise them.
By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.
2. Data Controller
SparkerAI, LLC is the data controller responsible for your personal information. You can contact us at:
- Email: support@sparkerai.com
3. Information We Collect
3.1 Information You Provide Directly
- Account Information: When you sign up via Google OAuth, we receive your name, email address, profile picture URL, and Google account identifier. We do not collect or store passwords.
- Brand & Business Data: Brand name, tagline, description, industry, website URL, target audience, voice and tone guidelines, value propositions, competitor information, and brand guidelines you provide.
- Brand Assets: Logos, product images, and other visual assets you upload or that we discover from your website during brand setup.
- AI Session Inputs: Prompts, instructions, creative briefs, and other content you provide to our AI agents during sessions.
- Support Communications: Messages and attachments you send when contacting our support team.
3.2 Information Generated Through the Service
- AI-Generated Content: Ad copy, marketing text, images, campaign recommendations, and other outputs produced by our AI agents based on your inputs.
- Session Data: Conversation history between you and AI agents, including messages, tool invocations, generated files, and session metadata (duration, token usage, tool usage counts).
- Usage & Billing Data: Number of sessions used, token consumption, tool invocations (e.g., image generation, web search), and spending within each billing cycle.
3.3 Information Collected Automatically
- Device & Browser Information: Browser type, operating system, device type, screen resolution, and language preferences.
- IP Address: Your IP address, which may be used to derive approximate geolocation.
- Usage Analytics: Pages visited, features used, click patterns, session duration, and navigation paths.
- Error & Performance Data: Error logs, stack traces, and performance metrics collected for debugging and service reliability.
- Cookies & Similar Technologies: See Section 9 (Cookies & Tracking Technologies) below.
3.4 Information from Third Parties
- Google OAuth: Profile information (name, email, profile picture) provided by Google during authentication.
- Connected Ad & Analytics Platforms: When you connect third-party accounts (such as Facebook Ads, Google Ads, TikTok Ads, LinkedIn Ads, Google Analytics, or CRM platforms), we receive account metrics, campaign performance data, audience insights, and other data you authorize us to access through those platforms' APIs.
- Stripe: Payment verification data and subscription status. We do not store your full credit card number—Stripe handles payment card data directly.
4. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing the Service (AI content generation, brand management, session management) | Performance of contract |
| Authenticating your identity via Google OAuth | Performance of contract |
| Processing payments and managing subscriptions via Stripe | Performance of contract |
| Connecting and syncing data from your social media and analytics accounts | Performance of contract / Consent |
| Generating AI-powered content, recommendations, and analysis based on your inputs and brand data | Performance of contract |
| Tracking usage, enforcing billing limits, and preventing abuse | Legitimate interest |
| Improving the Service, debugging errors, and analyzing platform performance | Legitimate interest |
| Fraud prevention, security monitoring, and protecting against unauthorized access | Legitimate interest |
| Sending transactional communications (account updates, billing receipts, security alerts) | Performance of contract |
| Sending marketing communications (product updates, tips) | Consent |
| Complying with legal obligations (tax records, law enforcement requests) | Legal obligation |
| Analytics and conversion tracking (Meta Pixel, server-side events) | Consent / Legitimate interest |
5. AI Data Processing Disclosures
Sparker uses artificial intelligence extensively. We believe in transparency about how AI processes your data.
5.1 How AI Processes Your Data
When you interact with Sparker's AI agents, your inputs (prompts, brand context, creative briefs) are sent to our AI provider, Anthropic, for processing. The AI generates outputs (ad copy, marketing recommendations, images, analysis) based on your inputs combined with your brand context and guidelines.
5.2 AI Provider
We use Anthropic's Claude AI models to power our agents. Your inputs are transmitted to Anthropic's API for processing. Anthropic's data handling is governed by their own Privacy Policy and API Terms of Service. Under Anthropic's API terms, inputs and outputs sent through the API are not used to train their models.
5.3 AI Training
We do not use your inputs, outputs, or session data to train or fine-tune AI models. Your data is used solely for providing the Service to you.
5.4 AI-Generated Image Services
For image generation features, we use Google's Gemini API. Image prompts and generated images are processed by Google in accordance with their Cloud Privacy Notice.
5.5 Automated Decision-Making
Sparker uses automated processing for billing enforcement (e.g., determining whether you have remaining sessions or budget in your plan). These decisions are based on objective usage metrics and do not involve profiling. You may contact us to request human review of any automated decision that significantly affects you.
5.6 Limitations of AI Content
AI-generated content may be inaccurate, incomplete, or unsuitable for your specific use case. You are responsible for reviewing all AI outputs before use. AI-generated content should not be relied upon as legal, financial, medical, or professional advice.
6. Data Sharing & Third Parties
We do not sell your personal data. We share information only as described below:
6.1 Service Providers & Processors
| Provider | Purpose | Data Shared |
|---|---|---|
| Anthropic | AI content generation (Claude API) | Session prompts, brand context, conversation history |
| Google Cloud Platform | Infrastructure hosting, file storage, image generation | All data stored and processed on the platform (hosted in GCP data centers) |
| Stripe | Payment processing & subscriptions | Name, email, billing address, payment card details (handled directly by Stripe) |
| Google OAuth | User authentication | Authentication tokens; receives name, email, profile picture |
| Sentry | Error tracking & performance monitoring | Error logs, stack traces, user context (ID, email, name), performance traces |
| LogRocket | Session replay & debugging | DOM interactions, console logs, network requests, IP address (auth tokens and sensitive fields are redacted before transmission) |
| Meta (Facebook) | Conversion tracking (Meta Pixel & Conversions API); ad account data sync via Marketing API (when you connect your Facebook Ads account) | Pixel: Hashed email, user ID, IP address, user-agent, page view and conversion events. Marketing API: OAuth tokens (encrypted at rest), campaign structure, ad creative metadata, and performance metrics (impressions, clicks, spend, conversions) |
6.2 Connected Platforms (User-Authorized)
When you connect third-party accounts (Facebook Ads, Google Ads, TikTok Ads, LinkedIn Ads, Google Analytics, HubSpot, Salesforce, Klaviyo, Mixpanel, Amplitude, or others), data flows between Sparker and those platforms based on the permissions you grant. You can disconnect these integrations at any time from your account settings.
6.3 Legal & Safety Disclosures
We may disclose your information if required to:
- Comply with applicable law, regulation, or legal process
- Respond to valid requests from law enforcement or government authorities
- Protect the rights, property, or safety of Sparker, our users, or the public
- Enforce our Terms of Service and investigate potential violations
6.4 Business Transfers
If SparkerAI, LLC is involved in a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
7. International Data Transfers
Sparker is operated from the United States. Your data is stored and processed on Google Cloud Platform infrastructure located in the United States.
If you are accessing the Service from the European Economic Area (EEA), United Kingdom, or other regions with data transfer restrictions, your personal data will be transferred to the United States. We rely on the following mechanisms to ensure adequate protection:
- EU-U.S. Data Privacy Framework: Where applicable, our processors (including Google and Stripe) participate in the EU-U.S. Data Privacy Framework.
- Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses with our processors to provide appropriate safeguards for international transfers.
8. Data Retention
| Data Category | Retention Period |
|---|---|
| Account information (name, email, Google ID) | While your account is active, plus 30 days after account deletion |
| Brand data & assets | Until you delete the brand, or upon account deletion |
| AI session data (conversations, generated content) | Until you delete the session, or upon account deletion |
| Connected platform data (ad campaigns, metrics, OAuth tokens) | Until you disconnect the account or delete your Sparker account. OAuth tokens are deleted immediately upon disconnection. |
| Billing & transaction records | 7 years after the transaction (as required by tax and financial regulations) |
| Tool usage audit logs | Duration of your subscription plus 12 months |
| Usage metrics (per billing cycle) | Reset each billing cycle; aggregates retained for 24 months |
| Error logs & performance data (Sentry) | 90 days (Sentry default) |
| Session replay recordings (LogRocket) | Per LogRocket's retention policy |
| Server logs | 30 days |
When data is no longer needed, we delete it or anonymize it so it can no longer be associated with you.
9. Cookies & Tracking Technologies
We use cookies and similar technologies to operate the Service and analyze usage. Here is a summary of the types we use:
9.1 Strictly Necessary
Required for authentication (JWT session tokens), security, and basic functionality. These cannot be disabled without breaking the Service.
9.2 Functional
Remember your preferences such as selected brand and workspace settings. Data is stored in your browser's local storage (key: sparker-root, sparker-selected-brand-id).
9.3 Analytics & Performance
- Sentry: Captures error reports and performance traces to help us debug issues and improve reliability. Sample rate: 10% of transactions in production.
- LogRocket: Records session replays of user interactions to help us understand and fix usability issues. Sensitive data (auth tokens, password fields, form values) is automatically redacted before transmission.
9.4 Marketing & Advertising
- Meta Pixel: Tracks page views and conversion events (e.g., registration) for advertising analytics. Uses advanced matching with hashed email. We also use Meta's server-side Conversions API for events such as registration completion.
9.5 Managing Your Preferences
You can manage or disable non-essential cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the Service. Most browsers allow you to:
- View and delete existing cookies
- Block third-party cookies
- Block cookies from specific sites
- Block all cookies
- Delete all cookies when you close your browser
10. Data Security
We implement commercially reasonable technical and organizational measures to protect your data, including:
- Encryption: Data is encrypted in transit (TLS/HTTPS) and at rest on Google Cloud Platform. Third-party OAuth tokens are additionally encrypted at the application level using AES-256-GCM before storage.
- Multi-Tenant Isolation: PostgreSQL Row-Level Security (RLS) ensures your data is isolated from other tenants at the database level. File system workspaces are isolated per tenant with path validation.
- Access Controls: Role-based access control (Owner, Admin, Member, Viewer) with principle of least privilege.
- Secure Authentication: Google OAuth eliminates password-related risks. JWT tokens are used with appropriate expiration.
- Payment Security: Credit card data is processed directly by Stripe (PCI DSS Level 1 certified). We never store your full card number.
- Monitoring: Automated error tracking and performance monitoring via Sentry.
- Sensitive Data Redaction: Authorization headers and authentication tokens are automatically redacted before transmission to session replay services.
No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
11. Your Privacy Rights
11.1 Rights for EEA, UK, and Swiss Residents (GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data (“right to be forgotten”).
- Restriction: Request that we limit processing of your data in certain circumstances.
- Portability: Receive your data in a structured, commonly used, machine-readable format.
- Objection: Object to processing based on legitimate interests, including direct marketing.
- Automated Decision-Making: Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
- Withdraw Consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
- Lodge a Complaint: File a complaint with your local data protection supervisory authority.
To exercise these rights, contact us at support@sparkerai.com. We will respond within 30 days.
11.2 Rights for California Residents (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (as amended by the CPRA):
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
- Right to Delete: Request deletion of personal information we have collected from you, subject to certain exceptions.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt-Out of Sale or Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
- Right to Limit Use of Sensitive Information: Request that we limit the use of sensitive personal information to what is necessary to provide the Service.
- Right Regarding Automated Decision-Making Technology: Request information about and opt out of automated decision-making technology used in decisions that produce legal or similarly significant effects.
- Non-Discrimination: We will not discriminate against you for exercising any of these rights.
To submit a request, email support@sparkerai.com or use the request form in your account settings. We will verify your identity and respond within 45 days.
CCPA Categories of Personal Information Collected: Identifiers (name, email, Google ID, IP address); commercial information (subscription plan, transaction history); internet or electronic network activity (usage data, session replays, error logs); geolocation data (approximate, from IP address); and inferences (AI-generated recommendations based on your inputs).
12. Children's Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will promptly delete that information. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@sparkerai.com.
13. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (as required by GDPR Article 33). If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay.
14. Third-Party Links & Services
The Service may contain links to or integrations with third-party websites and services (including social media platforms, Stripe, and Google). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party service you interact with through Sparker.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the “Last updated” date at the top of this page
- Notify you by email or through a prominent notice in the Service
Your continued use of the Service after the changes take effect constitutes your acceptance of the revised Privacy Policy. If you do not agree with any changes, you should discontinue use of the Service and delete your account.
16. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: support@sparkerai.com
- Mailing address: SparkerAI, LLC, 1111B S Governors Ave STE 97763, Dover, DE 19904, US