Legal

Privacy Policy

Effective date: January 1, 2025 · Last updated: January 1, 2025

Summary: Sparkal does not sell your data. Your photos stay on your device. We only collect what's needed to run the app and improve your experience.

1. Introduction

Welcome to Sparkal ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application Sparkal (the "App"), available on the Apple App Store and Google Play Store.

Please read this policy carefully. If you disagree with its terms, please discontinue use of the App.

2. Information We Collect

2.1 Information You Provide Directly

Account information: When you sign in with Apple or Google Sign In, we receive your name and email address from the identity provider. We use this solely to create and identify your account.
Liked/saved templates: Template IDs you save or like within the App are stored in our cloud database (Supabase) associated with your account so you can access them across devices.

2.2 Information Collected Automatically

Device information: Device type, operating system version, and unique device identifiers (used for crash reporting and analytics).
Usage data: General information about how you interact with the App (e.g., which template categories you browse, export frequency). This data is aggregated and anonymised.
Crash reports: If the App crashes, diagnostic data is automatically collected to help us fix bugs.
Purchase information: Subscription status and transaction identifiers are processed by Apple (App Store) and RevenueCat. We do not receive or store your payment card details.

2.3 Information We Do NOT Collect

Your photos or images — they are processed entirely on-device and never uploaded to our servers.
Your location data.
Microphone or camera data beyond what is needed for photo selection within the App.
Contact lists or social network data.

3. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain the App and its features.
Sync your liked and saved templates across devices when you are signed in.
Verify your subscription status and unlock Pro features.
Diagnose and fix technical issues and crashes.
Understand aggregate usage patterns to improve the App (no individual profiling).
Comply with legal obligations.

We do not use your information for targeted advertising, and we do not sell your personal data to any third party.

4. Legal Bases for Processing (GDPR / UK GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, our legal bases for processing your personal data are:

Contract performance: Processing necessary to deliver the App and subscription services you have requested.
Legitimate interests: Crash reporting and aggregate analytics to improve stability and user experience, provided these do not override your fundamental rights.
Legal obligation: Where required by applicable law.

5. Data Sharing and Disclosure

We share your information only in the following limited circumstances:

Supabase: Our cloud database and authentication provider. Data is stored on infrastructure in accordance with Supabase's privacy and security standards. See supabase.com/privacy.
RevenueCat: Our in-app subscription management provider. They receive subscription identifiers to validate your Pro access. See revenuecat.com/privacy.
Apple / Google: Authentication and payment processing are handled by Apple (Sign In with Apple, App Store) and Google (Google Sign In, Google Play). Their respective privacy policies apply.
Legal requirements: We may disclose information if required by law, court order, or governmental authority, or to protect the rights and safety of users or the public.

We do not share your personal data with advertisers, data brokers, or any other third parties not listed above.

6. Data Retention

We retain your account data (email, saved template preferences) for as long as your account is active. If you delete your account, your personal data will be deleted from our systems within 30 days, except where retention is required by law.

Aggregated, anonymised analytics data (which cannot identify you) may be retained indefinitely for product improvement purposes.

7. Data Security

We implement industry-standard security measures including:

TLS/HTTPS encryption for all data transmitted between the App and our servers.
Row-level security policies in our Supabase database so users can only access their own data.
Authentication via trusted providers (Apple, Google) — we never store raw passwords.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Correction: Request that inaccurate data be corrected.
Deletion: Request that your personal data be deleted ("right to be forgotten").
Portability: Request your data in a structured, machine-readable format.
Objection: Object to processing based on legitimate interests.
Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at the email address in Section 12. We will respond within 30 days.

9. Children's Privacy

The App is not directed to children under the age of 13 (or under 16 in the EEA). We do not knowingly collect personal information from children under these ages. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete it promptly. If you believe we may have collected information from a child, please contact us.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers operate. We ensure that any such transfers comply with applicable data protection laws, including through the use of Standard Contractual Clauses where required by GDPR.

11. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect, disclose, or sell; the right to request deletion; and the right to non-discrimination for exercising these rights. As stated above, we do not sell personal information. To make a request, contact us at the address below. We do not respond to Do Not Track signals as there is no uniform industry standard.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the App after changes constitutes acceptance of the revised policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Sparkal
Email: support@sparkal.app
Website: sparkal.app