Privacy Policy
Last updated: June 2, 2026
Who we are
Sparkio (gosparkio.com) is the data controller responsible for the personal data processed through this service. Contact: privacy@gosparkio.com.
What we collect
- Account info: email, display name, avatar (via signup or Google OAuth)
- VOD URLs and transcripts processed by the service
- Generated titles, tags, and clip metadata
- Usage analytics via PostHog (page views, feature usage, errors)
- Billing information — handled by Paddle, our Merchant of Record. We never see or store card numbers.
How we use it and legal basis (GDPR Article 6)
- To provide the service (account creation, VOD processing, quota enforcement) — legal basis: performance of a contract (Art. 6(1)(b)).
- To send transactional emails (signup, billing, VOD-complete) — legal basis: performance of a contract (Art. 6(1)(b)).
- To prevent fraud, abuse, and secure the service — legal basis: legitimate interests (Art. 6(1)(f)).
- To improve the product via analytics and error logging — legal basis: legitimate interests (Art. 6(1)(f)).
- Marketing emails — legal basis: consent (Art. 6(1)(a)); only if you opt in, and you can unsubscribe anytime.
- To comply with tax, accounting, and legal obligations — legal basis: legal obligation (Art. 6(1)(c)).
Third-party processors
- Lovable Cloud — hosting and database
- Deepgram / AssemblyAI — VOD transcription
- OpenAI / Google — AI title and clip selection
- Paddle — Merchant of Record for all sales, subscription management, payments, tax compliance, invoicing, and refund handling
- PostHog — product analytics
- Resend — transactional email delivery
Security
We use appropriate technical and organisational measures to protect your data, including: TLS/HTTPS encryption in transit, encryption at rest for databases and backups, role-based access controls with least-privilege, row-level security on user data, secure password hashing, OAuth-based sign-in, and regular dependency and vulnerability monitoring. Payment data is handled exclusively by Paddle on PCI-DSS compliant infrastructure — we never receive card numbers. No method of transmission or storage is 100% secure, but we work to protect your data using industry best practices.
International transfers
Some processors (e.g. OpenAI, PostHog, Paddle) may process data outside the UK/EEA. Where this happens, transfers are protected by appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.
Your rights (GDPR / CCPA)
- Access, rectify, port, restrict, or object to processing of your data
- Withdraw consent at any time (where processing is based on consent)
- Delete your account from /settings — wipes all personal data within 30 days
- Lodge a complaint with your local data protection authority
- Exercise any right by emailing privacy@gosparkio.com — we respond within one month
Cookies
See our Cookie Policy.
Data retention
VOD transcripts: retained per your plan's history window (24h to 365 days). Account data: until you delete your account. Billing records: retained by Paddle and by us for the period required by applicable tax and accounting law.
Children
Not for users under 13 (under 16 in the EEA).
Contact
Sparkio — privacy@gosparkio.com
