SparkFrame

Privacy Policy

Last updated: 8 June 2026

We do not sell your data to anyone, ever. We apply GDPR standards to every SparkFrame user, use a small set of reputable providers under strict data-protection agreements, and let you delete your account and content permanently at any time. The details are below.

1. Who we are & the scope of this policy

This Privacy Policy explains how SPARKABLE DIGITAL SOLUTIONS (OPC) PRIVATE LIMITED, a company incorporated in India that operates SparkFrame (“SparkFrame”, “we”, “us”), collects and uses personal data when you use the Service. For this data, we act as the data controller. We apply the standards of the EU General Data Protection Regulation (GDPR) to all of our users, wherever they are.

2. What we collect

  • Account data: handled through our authentication provider, Clerk, covering your email address, your name and profile image (if you provide them), and identifiers from any sign-in provider you choose.
  • Content data: the prompts, brand information (such as brand colours, tone, and audience), images you upload, the images and posts the Service generates for you, your saved ideas, and your agent/chat history.
  • Limited technical data: basic information needed to run the app reliably and securely, plus the functional storage described in the Cookies section. We do not currently run third-party advertising or tracking on the Service.
  • Payment data: when paid plans are available, payments are handled by Dodo Payments as our Merchant of Record. Your card details go to Dodo Payments, not to us, and we do not store them.

3. How we use your data & our legal bases

We use your data to:

  • provide the Service and generate the content you ask for (legal basis: performance of our contract with you);
  • keep the Service secure, prevent abuse, and improve how it works (legal basis: our legitimate interests);
  • send you essential service communications and, where required, ask for your consent (legal basis: consent, where applicable);
  • comply with our legal obligations (legal basis: legal obligation).

4. Analytics

We do not currently use third-party analytics on the Service. If we add analytics in future, we will use privacy-respecting, GDPR-compliant tools, and we will use the data strictly to understand and improve the product. We will never sell it or use it for cross-site advertising. If that ever requires your consent, we will ask for it first.

5. How AI processing works

To generate content, your prompts, brand context, and any images you include are sent to AI model providers through the Vercel AI Gateway. These providers process your request only to return the result to us, which we then deliver to you. The categories of model providers we use include Google (Imagen and Gemini), Anthropic, Perplexity, Black Forest Labs (Flux), Recraft, MiniMax, and Moonshot. We disclose this so you understand that creating content necessarily involves sharing the relevant inputs with these third-party AI services.

6. Who we share data with

We share data only with the service providers (sub-processors) we need to run SparkFrame, each under a data-protection agreement. These include:

  • Clerk: authentication and account management;
  • Convex: our application database;
  • Cloudflare R2: storage for your uploaded and generated images;
  • Vercel AI Gateway and the AI model providers listed above, for content generation;
  • Railway: application hosting;
  • Dodo Payments: payment processing (as Merchant of Record).

We do not sell your personal data, and we never will.

7. A note on third-party access

Our providers are bound by contract (data-processing agreements) to use your data only to deliver their service to us, and not for their own purposes. We do not authorise any third party to harvest your data, and we deliberately choose privacy-respecting vendors. For example, we route AI requests through the Vercel AI Gateway specifically to keep tighter control over how your inputs are handled. At the same time, we want to be honest: large providers operate complex systems, and we cannot fully audit every internal practice of every vendor. If we learn that a provider falls short of our standards, we will act, including by changing providers.

8. International data transfers

We operate from India and use reputable global providers, so your data may be processed outside the European Economic Area (EEA), including in India and in countries where our providers operate. Where data leaves the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses and the data-protection commitments in our agreements with these providers.

9. Data retention & deletion

We keep your data while your account is active so we can provide the Service.

When you delete your account, we permanently erase all of your content immediately. This includes your profile, brand presets, preferences, credit balance, ideas, posts, sparks, generated images, uploaded attachments, and your full agent/chat history, removed both from our database (Convex) and from image storage (Cloudflare R2). There is no recovery after account deletion. Account information held by Clerk is removed through Clerk’s own deletion process.

Separately, items you move to Trash inside the app are soft-deleted and then permanently purged after 14 days.

We do not currently retain analytics data about you. If in future we hold aggregated or anonymised data that can no longer identify you, we may keep it to improve the product. For any question about your data, or to make a specific deletion request, contact our founder at sudu@sparkable.dev.

10. Your rights

Subject to applicable law, you have the right to access your personal data, to correct it, to delete it, to restrict or object to certain processing, to data portability, and to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with your local data-protection supervisory authority. To exercise any of these rights, email sudu@sparkable.dev and we will respond within the timeframes required by law.

11. How we protect your data

We use reputable infrastructure and managed services, including Clerk-managed authentication and encryption of data in transit, and we limit access to personal data to what is needed to run the Service. No online service can be guaranteed perfectly secure, but we take protecting your data seriously and continually work to improve our safeguards.

12. Children

SparkFrame is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us and we will delete it.

13. Cookies & local storage

We use only functional storage that is necessary to run the app: a cookie that remembers whether your sidebar is open or closed, and a browser localStorage value that remembers your light/dark theme preference. We do not use advertising or cross-site tracking cookies. If this ever changes, we will update this policy and, where required, ask for your consent.

14. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last updated” date above and, where appropriate, notify you.

15. Contact

For any privacy question or request, reach out to our founder, Sudharsan Ananth, at sudu@sparkable.dev.