Privacy Policy

At Sparlo, we understand that R&D teams work with sensitive technical information and proprietary research. Protecting your intellectual property and maintaining the confidentiality of your data is fundamental to our service. This Privacy Policy explains how we collect, use, protect, and handle your information.

Key IP Protections

• No IP Claims: We make no claims to ownership of your submitted content or the solutions generated from it
• No Training on Your Data: Your proprietary data is not used to train our AI models or improve services for other customers
• Isolated Processing: Your queries and data are processed in isolation and are not shared across customer accounts
• Data Deletion: You can request deletion of your data at any time, and we will permanently remove it from our systems

Account Information

When you create an account, we collect your email address and authentication credentials. If you use social login providers, we receive basic profile information from those services.

Usage Data

We collect information about how you interact with our Service, including pages visited, features used, and timestamps. This helps us improve the user experience.

Technical Queries and Content

When you use our analysis features, we process the technical questions, research topics, and specifications you submit. This data is necessary to provide the Service and generate relevant solutions.

Payment Information

Payment processing is handled by Stripe. We do not store your credit card numbers or banking information on our servers. Stripe maintains PCI DSS compliance.

Data Encryption

• In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3
• At Rest: Data stored in our databases is encrypted using AES-256 encryption

Infrastructure Security

• Cloud Infrastructure: We use industry-leading cloud providers with SOC 2 Type II certification
• Network Security: Our infrastructure is protected by firewalls, intrusion detection systems, and regular security monitoring
• Access Controls: Strict authentication and authorization controls limit access to systems and data

Application Security

• Regular security audits and penetration testing
• Secure coding practices and code review processes
• Dependency monitoring and vulnerability scanning

What Our Team Cannot Access

• The specific content of your technical queries and research data
• Generated reports and solutions specific to your account
• Your payment card details (handled exclusively by Stripe)

What Our Team Can Access (When Necessary)

• Account information (email, subscription status) for customer support
• Aggregated, anonymized usage statistics for service improvement
• Technical logs for debugging critical issues (with strict access controls and audit logging)

Access to any customer data requires explicit justification, manager approval, and is logged for audit purposes.

We use collected information to:

• Provide, maintain, and improve the Service
• Process your technical queries and generate solutions
• Send important account notifications and updates
• Respond to customer support requests
• Analyze aggregated usage patterns to improve user experience
• Prevent fraud and ensure security

What We Do Not Do

• Sell your personal information to third parties
• Use your proprietary data for advertising purposes
• Share your data with other customers
• Train AI models on your specific queries without explicit consent

We use carefully selected third-party services that adhere to strict security and privacy standards:

• Authentication: Supabase Auth (SOC 2 compliant)
• Payment Processing: Stripe (PCI DSS Level 1 compliant)
• AI Processing: Anthropic Claude (enterprise security standards)
• Product Analytics: PostHog (privacy-focused, GDPR compliant). We use PostHog to understand how users interact with our Service, measure conversion funnels, and improve user experience. PostHog only collects data after you consent to analytics cookies. We do not use PostHog for advertising or share your data with advertisers. PostHog Privacy Policy

These providers are contractually bound to protect your data and use it only for the purposes specified.

We retain your data only as long as necessary to provide the Service:

• Active Accounts: Data is retained while your account is active
• Account Deletion: Upon account deletion, your data is permanently removed within 30 days
• Legal Requirements: Some data may be retained longer if required by law

You have the right to:

• Access: Request a copy of the data we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your data and account
• Export: Export your data in a portable format
• Opt-out: Unsubscribe from marketing communications

To exercise these rights, contact us at privacy@sparlo.ai.

Your data may be processed in the United States where our servers are located. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@sparlo.ai
• General inquiries: hello@sparlo.ai