SparkzyBack to home

Privacy Policy

Last updated: 24 April 2026

Sparkzy Media Ltd (“Sparkzy”, “we”, “us”) is the data controller for personal data collected through our platform. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.

1. Data We Collect

Account data

  • Full name and email address (provided at signup)
  • Password (stored as a secure one-way hash — we never see your plain-text password)
  • Profile information you choose to add

Brand & content data

  • Website URLs and brand assets you upload or link
  • Brand voice preferences, niche, and tone settings
  • AI-generated content created within your account
  • Scheduled and published post history

Social platform tokens

  • OAuth access tokens for connected platforms (Instagram, LinkedIn, X/Twitter, etc.)
  • These tokens are encrypted at rest and used solely to publish on your behalf

Usage & technical data

  • IP address, browser type, device type, and operating system
  • Pages visited, features used, and time spent in the platform
  • Error logs and performance data
  • Cookies and similar tracking technologies (see Section 7)

Billing data

  • Subscription tier and billing history
  • Payment card details are processed directly by our payment provider (Stripe) and are never stored on our servers

2. How We Use Your Data

  • Providing the Service — operating your account, generating content, scheduling and publishing posts
  • AI processing — your brand data and prompts are sent to AI model providers to generate content (see Section 5)
  • Account communications — onboarding emails, product updates, billing receipts
  • Safety & security — detecting fraud, abuse, or policy violations
  • Product improvement — aggregated, anonymised analytics to improve features (never individual content)
  • Legal compliance — where required by law or regulatory authority

3. Legal Bases for Processing (UK GDPR)

  • Contract — processing necessary to deliver the Service you signed up for
  • Legitimate interests — security monitoring, fraud prevention, and aggregated analytics
  • Consent — marketing emails (you can withdraw consent at any time)
  • Legal obligation — retaining financial records as required by HMRC

4. Data Sharing & Disclosure

We do not sell your personal data. We share data only:

  • With social platforms — your posts and captions are sent to the relevant platform API when you publish
  • With our infrastructure providers — Supabase (database & auth, hosted in EU), Vercel (hosting)
  • With our payment provider — Stripe processes billing; governed by their own privacy policy
  • With AI model providers — see Section 5 below
  • If required by law — e.g. a valid court order or regulatory request
  • In a business transfer — if Sparkzy is acquired or merged, data may transfer subject to the same protections

5. AI Model Providers & Your Content

To generate content, Sparkzy sends prompts (derived from your brand settings and your instructions) to the following third-party AI providers:

  • Anthropic (Claude) — text generation; governed by Anthropic’s API usage policy
  • OpenAI (GPT-4, DALL·E) — text and image generation; governed by OpenAI’s API usage policy

We do not permit these providers to use your data for model training under our enterprise API agreements. Prompts may include your brand name and content style preferences but will never include personal data about your customers.

6. Data Retention

  • Account data is retained for as long as your account is active
  • Generated content and post history are retained for 24 months, then automatically deleted
  • Billing records are retained for 7 years as required by UK tax law
  • After account deletion, residual data is purged within 30 days, except where legal retention obligations apply

7. Cookies

We use the following cookies:

  • Essential cookies — required for authentication and session management (cannot be disabled)
  • Analytics cookies — anonymised usage tracking to improve the product (you can opt out in your account settings)

We do not use advertising or third-party tracking cookies.

8. International Transfers

Your data is primarily stored in the EU (Supabase). When data is processed by AI providers (Anthropic, OpenAI), it may be transferred to the United States. These transfers are covered by Standard Contractual Clauses (SCCs) approved by the UK ICO.

9. Your Rights (UK GDPR)

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your data (“right to be forgotten”)
  • Restriction — ask us to limit how we process your data
  • Portability — receive your data in a machine-readable format
  • Object — object to processing based on legitimate interests
  • Withdraw consent — at any time, for any consent-based processing

To exercise any of these rights, email us at privacy@sparkzystudio.com. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

10. Security

We take security seriously. Measures include: TLS encryption in transit, AES-256 encryption at rest for sensitive tokens, row-level security on our database, and regular security reviews. No system is perfectly secure — if you discover a vulnerability, please disclose it responsibly to security@sparkzystudio.com.

11. Children

Sparkzy is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has created an account, please contact us and we will delete the account promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you by email and in-app notice at least 14 days before material changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.

13. Contact & Data Controller

Sparkzy Media Ltd
London, United Kingdom
privacy@sparkzystudio.com

For general support: support@sparkzystudio.com