Privacy Policy

Last updated: June 2, 2026

Who we are

Sparkio (gosparkio.com) is the data controller responsible for the personal data processed through this service. Contact: privacy@gosparkio.com.

What we collect

  • Account info: email, display name, avatar (via signup or Google OAuth)
  • VOD URLs and transcripts processed by the service
  • Generated titles, tags, and clip metadata
  • Usage analytics via PostHog (page views, feature usage, errors)
  • Billing information — handled by Paddle, our Merchant of Record. We never see or store card numbers.

How we use it and legal basis (GDPR Article 6)

  • To provide the service (account creation, VOD processing, quota enforcement) — legal basis: performance of a contract (Art. 6(1)(b)).
  • To send transactional emails (signup, billing, VOD-complete) — legal basis: performance of a contract (Art. 6(1)(b)).
  • To prevent fraud, abuse, and secure the service — legal basis: legitimate interests (Art. 6(1)(f)).
  • To improve the product via analytics and error logging — legal basis: legitimate interests (Art. 6(1)(f)).
  • Marketing emails — legal basis: consent (Art. 6(1)(a)); only if you opt in, and you can unsubscribe anytime.
  • To comply with tax, accounting, and legal obligations — legal basis: legal obligation (Art. 6(1)(c)).

Third-party processors

  • Lovable Cloud — hosting and database
  • Deepgram / AssemblyAI — VOD transcription
  • OpenAI / Google — AI title and clip selection
  • Paddle — Merchant of Record for all sales, subscription management, payments, tax compliance, invoicing, and refund handling
  • PostHog — product analytics
  • Resend — transactional email delivery

Security

We use appropriate technical and organisational measures to protect your data, including: TLS/HTTPS encryption in transit, encryption at rest for databases and backups, role-based access controls with least-privilege, row-level security on user data, secure password hashing, OAuth-based sign-in, and regular dependency and vulnerability monitoring. Payment data is handled exclusively by Paddle on PCI-DSS compliant infrastructure — we never receive card numbers. No method of transmission or storage is 100% secure, but we work to protect your data using industry best practices.

International transfers

Some processors (e.g. OpenAI, PostHog, Paddle) may process data outside the UK/EEA. Where this happens, transfers are protected by appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

Your rights (GDPR / CCPA)

  • Access, rectify, port, restrict, or object to processing of your data
  • Withdraw consent at any time (where processing is based on consent)
  • Delete your account from /settings — wipes all personal data within 30 days
  • Lodge a complaint with your local data protection authority
  • Exercise any right by emailing privacy@gosparkio.com — we respond within one month

Cookies

See our Cookie Policy.

Data retention

VOD transcripts: retained per your plan's history window (24h to 365 days). Account data: until you delete your account. Billing records: retained by Paddle and by us for the period required by applicable tax and accounting law.

Children

Not for users under 13 (under 16 in the EEA).

Contact

Sparkio — privacy@gosparkio.com