Privacy Policy

Last Updated: 17/07/2025

Sparkum (“we,” “our,” or “us”) is owned and operated by ONYX Labs LLC, a company registered in the State of New York. We respect your privacy and are committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, store, and disclose your information when you access or use our services, including our website, platform, and related features (collectively, the “Service”), available at https://sparkum.net.


1. Information We Collect

We collect the following categories of personal information when you use Sparkum:


a. Account Information


  • Email address (required to create and access your account)

  • Name (first and last, collected during onboarding)

  • Profile picture (optional and customizable)


b. Team & Brand Information


  • Team or brand name and associated metadata (e.g., industry, team size, purpose)

  • User roles and permissions within a team


c. Connected Social Accounts


  • Social media handles and platform identifiers

  • OAuth tokens or access tokens (used to enable posting, analytics, engagement features, and related services)


d. Technical Information


  • IP address (automatically logged for security and diagnostics)

  • Browser type, device type, operating system, and access times

  • Referrer URLs and platform usage data


e. Cookies & Local Storage


We use cookies and similar technologies to support functionality and improve performance:

  • Session cookies for login, authentication, and security

  • Analytics cookies to monitor platform usage and improve service (via Vercel Analytics)

  • Local storage for invite tokens, temporary UI state, and session continuity


f. Payment Information


All payments are processed securely via Stripe. Sparkum does not store or have access to your full payment details. Stripe handles all billing and payment operations in accordance with their own privacy policy.

2. How We Use Your Information

We use the information we collect to operate, maintain, and improve Sparkum, including:

  • Account management – Creating and maintaining your account and profile

  • Team and brand organization – Managing teams, brand assets, and permissions

  • Social media management – Enabling post scheduling, analytics, engagement tools, and account integrations

  • Performance monitoring – Diagnosing issues, improving speed and reliability

  • Analytics and insights – Understanding platform usage and content performance

  • Security – Protecting accounts, detecting abuse, and enforcing platform integrity

  • Support and communication – Responding to support requests or feature inquiries

  • Compliance – Fulfilling legal obligations and preventing fraud


We do not sell your personal information to third parties.

3. How We Store and Secure Your Information

We take the security of your data seriously and implement reasonable technical and organizational measures to protect it.


a. Data Storage


Your information is stored using the following services:

  • Supabase – used to store user accounts, team/brand data, social metadata, and analytics

  • Vercel – used to host the frontend and may log IP addresses and access metadata

  • Stripe – handles all billing and payment data (Sparkum does not store any payment information)


b. Data Security


  • In transit – All data is encrypted using HTTPS (TLS) while moving between your browser and our servers

  • At rest – Data stored in Supabase is encrypted at rest

  • Authentication – We use secure authentication protocols, including OAuth (e.g., Google login) and hashed tokens

  • Access control – Team-level access is managed by role-based permissions; only authorized team members can view or manage shared data


c. Payment Security


All payment-related data is processed by Stripe. Sparkum does not store or process your credit card or payment credentials. Stripe’s systems are PCI-DSS compliant and independently audited.

4. Data Retention

We retain your data only for as long as it is needed to provide our services or fulfill legal obligations.


a. While Your Account is Active


We store your data for the duration of your account usage. This includes:

  • Your personal account data (email, name, etc.)

  • Connected social media metadata

  • Team and brand configurations

  • Cached and historical analytics, if applicable


Social data is cached and refreshed regularly while your account remains active.


b. After Account Deletion


If you delete your account:

  • Your account data will be retained for up to 30 days in case you change your mind or need to recover it.

  • After 30 days, your personal and associated data will be permanently deleted from our systems, except where required by law or for legitimate business purposes (e.g., fraud prevention, tax records).


c. Data Deletion Requests


You may:

  • Delete your account at any time from within the app settings

  • Request data deletion by contacting our support team. These requests may take up to 30 days to process.


d. Social Account Removal


If you disconnect a social media account from your team:

  • All non-cached data for that platform will be deleted

  • Cached data may persist temporarily to support features like historical analytics or audit logs

5. Your Rights and Choices

You have control over your personal data, and we’re committed to making that control as clear and accessible as possible.


a. Access and Updates


You can view and update your account details, connected platforms, and team information at any time from your account settings.


b. Delete Your Account


You may delete your account at any time. Once deleted:

  • Your data is retained for up to 30 days before being permanently removed

  • After that window, recovery is no longer possible


c. Request Data Export or Deletion


While we do not currently offer a self-serve data export, you can request:

  • A copy of the personal data associated with your account

  • Deletion of your data

    These requests can be made by emailing us at [insert support email]. Requests are generally processed within 30 days.


d. Manage Social Connections


You can disconnect individual social media accounts from your team at any time. This will remove all associated data (excluding cached information used for historical analytics).


e. Cookies & Tracking Preferences


You may choose to block or delete cookies through your browser settings. Note that disabling session cookies may affect core platform functionality such as login or authentication.

6. Data Sharing and Third-Party Services

We do not sell or share your personal information with third parties for marketing or advertising purposes. Any data we share is solely for the operation and improvement of Sparkum.


a. Third-Party Services We Rely On


We use a limited number of trusted services to help run Sparkum, including:

  • Supabase – User accounts, database storage, analytics, team and brand data

  • Vercel – Frontend hosting and performance logging

  • Stripe – Payment processing (we never store your payment details)

  • OAuth Providers (e.g., Google) – Used for secure login and account linking

These third-party services only receive the data necessary to perform their function, and they are bound by their own privacy and security practices.


b. Legal Compliance & Safety


We may disclose your information if required to:

  • Comply with legal obligations (e.g., subpoenas, court orders, or lawful requests)

  • Prevent fraud, abuse, or violations of our Terms of Service

  • Protect the rights, safety, or property of Sparkum, its users, or others

c. Team-Level Sharing


If you're part of a team:

  • Authorized team members may see your name, email, social accounts connected to the team, and your contributions (e.g., scheduled posts)

  • Team admins can manage team membership and connected accounts


Your data is never shared between teams unless you explicitly join multiple workspaces.

7. International Data Transfers

Sparkum is based in the United States, but we may process and store your information using third-party services and infrastructure that operate in other countries.


a. Where Your Data May Be Stored

Your data may be stored or processed in the United States and other countries where our service providers (e.g., Supabase, Vercel, Stripe) operate. These locations may not have the same data protection laws as your country of residence.


b. How We Protect Your Data Across Borders


Whenever we transfer your data internationally, we ensure that appropriate safeguards are in place, such as:

  • Encrypting data in transit and at rest

  • Using services that comply with GDPR, CCPA, and similar regulatory standards

  • Limiting data access to only what’s necessary for platform functionality


By using Sparkum, you consent to the transfer of your information to the United States and other jurisdictions where we or our providers maintain facilities.

8. Changes to This Policy

We may update or modify this Privacy Policy at any time, at our sole discretion. When we do, we will update the “Effective Date” at the top of this page.


We reserve the right to make changes without prior notice, though we may provide optional notifications (e.g., in-app notices or email) if the changes are significant.


Your continued use of Sparkum after any changes constitutes your acceptance of the revised policy. If you do not agree to the updated terms, you should stop using the Service and delete your account.

9. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or your personal data, you can contact us at:


ONYX Labs LLC

New York, USA

📬 sparkum.support@onyxlabs.tech

Blog

About Us

Onyx Labs, LLC © 2025