Privacy Policy

Last Updated: November 10, 2025

1. Introduction

Spark ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect information when you use our Slack application for workplace celebrations.

By installing and using Spark, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you or your workspace administrators provide directly through:

  • Direct messages and interactions with the Spark bot
  • Celebration setup and configuration (channels, send times, message templates)
  • Employee data uploads (CSV files, manual entries)
  • Birthday dates (month and day only, not year unless provided)
  • Work anniversary dates (hire dates)
  • Custom celebration dates and descriptions

2.2 Slack Workspace Information

We automatically collect certain information from your Slack workspace:

  • Workspace ID, name, and team information
  • User profile information (names, email addresses, user IDs, profile photos)
  • Channel names and IDs where Spark is added
  • Slack join dates for anniversary detection

2.3 What We Do NOT Collect

Important: Spark does NOT:

  • Read or access your workspace's message history
  • Monitor conversations in channels
  • Access direct messages between users
  • Track user activity beyond interactions with Spark
  • Store credit card or payment information (handled securely by Stripe)

3. How We Use Your Information

We use the collected information solely to:

  • Deliver the Service: Send celebration messages on scheduled dates
  • Personalize Experience: Customize messages with employee names and milestones
  • Manage Your Account: Process subscription billing and account settings
  • Improve the Service: Analyze usage patterns to enhance features
  • Communicate: Send service updates, support responses, and important notices
  • Comply with Legal Obligations: Meet regulatory and compliance requirements

We will NEVER sell, exchange, transfer, or give your information to any other company for marketing or commercial purposes without your explicit consent.

4. Data Storage and Security

4.1 Storage Location

Your data is stored securely in Supabase (PostgreSQL) databases hosted on AWS infrastructure in the United States. Bot access tokens are encrypted at rest using industry-standard encryption.

4.2 Security Measures

  • All data transmission uses HTTPS/TLS encryption
  • Slack webhook requests are verified using cryptographic signatures
  • Access tokens are encrypted and stored securely
  • Database access is restricted to authorized service accounts only
  • Regular security audits and vulnerability scanning

4.3 Security Limitations

While we implement industry-standard security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

5. Third-Party Services

Spark integrates with the following third-party services:

  • Slack: For workspace integration and message delivery (Privacy Policy)
  • Stripe: For secure payment processing. We do not store credit card information (Privacy Policy)
  • OpenAI: For AI-powered conversational setup. No personally identifiable information is sent to OpenAI (Privacy Policy)
  • Supabase/AWS: For secure database hosting (Privacy Policy)

6. Data Retention and Deletion

6.1 Retention Period

We retain your data for as long as:

  • Your Slack workspace has Spark installed
  • You maintain an active subscription or are within your 14-day free trial period
  • Required by law for tax, accounting, or legal purposes

Note: If your trial expires without subscription, your configuration and employee data are preserved for 30 days to allow you to subscribe and resume service. After 30 days of inactivity, data will be automatically deleted.

6.2 Automatic Deletion

When you uninstall Spark from your workspace, all associated data (employee birthdays, anniversaries, celebration history, and workspace settings) will be automatically deleted within 30 days.

6.3 Manual Deletion Requests

You can request immediate deletion of your workspace data or individual employee data at any time by contacting support@usespark.work. We will process deletion requests within 7 business days.

7. Your Privacy Rights

7.1 GDPR Rights (EU Users)

If you are located in the European Economic Area (EEA), you have the following rights:

  • Right to Access: Request a copy of all data we have about you
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to certain data processing activities

7.2 Employee Opt-Out

Individual employees can opt out of birthday or work anniversary celebrations at any time through the Spark App Home in Slack. Opt-out preferences are private and not visible to workspace administrators.

7.3 Exercising Your Rights

To exercise any of these rights, contact us at privacy@usespark.work. We will respond within 30 days.

8. Cookies and Tracking

Spark uses minimal cookies for essential functionality:

  • Authentication cookies: To maintain your login session
  • Analytics cookies: To understand aggregate usage patterns (anonymized)

We do NOT use third-party advertising cookies or sell data to advertisers. You can disable cookies through your browser settings, though this may affect service functionality.

9. Children's Privacy

Spark is intended for workplace use only and is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected data from someone under 18, we will delete it immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using Spark, you consent to the transfer of your information to the United States and other jurisdictions where we operate.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Posting the updated policy on this page with a new "Last Updated" date
  • Sending a direct message to workspace administrators via Slack
  • Email notification to the workspace owner (for significant changes)

Continued use of Spark after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Email: privacy@usespark.work

Support: support@usespark.work

Response Time: Within 24 hours for urgent privacy matters

13. Compliance

Spark complies with:

  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • Slack App Directory Security Requirements
  • SOC 2 Type II standards (infrastructure provider)

This Privacy Policy is effective as of November 10, 2025.