Legal

Privacy Policy

Effective date: 2 May 2026 · Spark AI

Spark AI is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains what we collect, why, and your rights.

1. Who we are

Spark AI ("we", "us", "our") is the data controller for the personal data you provide when using our AI scheduling and productivity platform (the "Service"). Our registered address and ICO registration details are available on request at privacy@spark.ghangal.com.

2. What data we collect

We collect the following categories of personal data:

Account data — name, email address, and password (hashed) when you register.
Scheduling and task data — natural language inputs you provide to the AI, tasks, goals, calendar events, and scheduling preferences you create within the Service.
Calendar integration data — if you connect an external calendar (e.g. Google Calendar, Apple Calendar), we access event titles, times, and availability. We do not read the contents of your existing calendar events beyond what is needed to schedule around them.
Usage analytics — page views, feature interactions, and session recordings collected via PostHog to help us improve the product.
Error and performance data — crash reports and stack traces collected via PostHog Error Tracking to help us identify and fix bugs.
Payment data — billing is handled by our payment processor (Stripe). We do not store your full card details; we only receive a payment token and confirmation status.
Communications — any messages you send us via email or support channels.

3. How we use your data

We use your personal data for the following purposes:

Providing, operating, and improving the Service.
Processing your AI scheduling requests and personalising your experience.
Sending transactional emails (e.g. account confirmation, billing receipts).
Identifying and fixing technical issues via error monitoring.
Understanding how the product is used to guide feature development.
Complying with legal obligations.

4. Legal basis for processing

We rely on the following legal bases under UK GDPR:

Contract (Article 6(1)(b)) — processing necessary to provide the Service you've signed up for, including AI scheduling and calendar management.
Legitimate interests (Article 6(1)(f)) — product analytics, error monitoring, and fraud prevention, where your rights do not override our interests.
Legal obligation (Article 6(1)(c)) — where we are required to retain data for tax, accounting, or regulatory purposes.
Consent (Article 6(1)(a)) — for any optional communications or processing not covered above. You may withdraw consent at any time.

5. Third-party processors

We share data with the following trusted third-party processors:

PostHog — product analytics, session replay, and error tracking. Data is processed in the United States under standard contractual clauses (SCCs). See PostHog's Privacy Policy.
Google Analytics 4 (via Google Tag Manager) — marketing analytics for advertising attribution. See Google's Privacy Policy.
Stripe — payment processing. See Stripe's Privacy Policy.
Google / Apple — if you use calendar integration, subject to their respective privacy policies.

All processors are bound by data processing agreements and are required to handle your data in accordance with UK GDPR.

6. International transfers

Some of our processors (e.g. PostHog, Google) are based outside the UK. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA) or equivalent standard contractual clauses.

7. Cookies

We use the following types of cookies:

Strictly necessary cookies — required for authentication and session management.
Analytics cookies — set by PostHog to help us understand how visitors interact with the site. PostHog session replay may capture anonymised interaction data (typed input is captured to help diagnose UX confusion; passwords and payment fields are automatically masked).

You can control cookies through your browser settings. Disabling analytics cookies will not affect your ability to use the Service.

8. Data retention

We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required by law to retain it (e.g. financial records, which we keep for 7 years as required by HMRC).

9. Your rights under UK GDPR

You have the following rights regarding your personal data:

Right of access — request a copy of the personal data we hold about you.
Right to rectification — ask us to correct inaccurate data.
Right to erasure — request deletion of your data ("right to be forgotten"), subject to legal retention requirements.
Right to restriction — ask us to restrict how we process your data in certain circumstances.
Right to data portability — receive your data in a structured, machine-readable format.
Right to object — object to processing based on legitimate interests, including profiling.
Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@spark.ghangal.com. We will respond within one month as required by UK GDPR.

10. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection supervisory authority:

Website: ico.org.uk
Helpline: 0303 123 1113

We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first.

11. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), hashed passwords, and access controls. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

12. Children

The Service is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us so we can delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice in the Service. The "Effective date" at the top of this page indicates when it was last revised. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact us

For any privacy-related queries, please contact our data team at privacy@spark.ghangal.com.