Privacy Policy
Last updated: April 21, 2026
This Privacy Policy explains how Spark Dev Community ("we", "us") collects, uses and protects personal data when you use our websites and apps — Spak, Spak Creators, Spirit, SUN_SET and Spaki VPN (the "Services"). We comply with the EU General Data Protection Regulation (GDPR) and Ukraine's Law on Personal Data Protection.
1. Controller and contact
The data controller is Spark Dev Community. You can reach our privacy team at spark.dev.sup@gmail.com.
2. What we collect and why
| Category | Examples | Purpose | Legal basis |
|---|---|---|---|
| Account data | Email, display name, avatar, password hash, auth provider id (Google/Firebase) | Create and secure your account | Contract |
| Usage data | Tracks played, likes, playlists, listening history, device type, language, approximate region (from IP) | Personalise recommendations, sync across devices, fix bugs | Contract / legitimate interest |
| Creator data | Uploaded audio, artwork, lyrics, payout details | Publish your work, pay royalties | Contract |
| Technical logs | IP address, user-agent, request timestamps, crash traces | Security, abuse prevention, debugging | Legitimate interest |
| Payment data | Transaction id, amount, last 4 of card (handled by Stripe) | Process payments and payouts | Contract / legal obligation |
| Analytics (privacy-friendly) | Page views, session duration, referer — aggregated, no personal identifiers | Understand overall usage | Legitimate interest |
We do not sell your personal data, and we do not run third-party advertising trackers on our websites.
3. How we store it
- Account and usage data is stored in Google Firebase (Firestore + Auth), hosted in the EU/US regions.
- Static assets and server logs live on our VPS at Hetzner / hosting partners in the EU.
- Payments are processed by Stripe, Inc. — we never see your full card number.
- Error telemetry (if enabled) is sent to Sentry. It strips request bodies and cookies.
4. How long we keep it
- Account data — while your account is active, plus up to 90 days after deletion to complete removal and back-out.
- Server/access logs — up to 30 days.
- Payment records — up to 7 years where required by tax law.
- Creator uploads — until you remove them or close your account.
5. Sharing
We share personal data only with:
- Infrastructure processors acting on our instructions: Google Firebase, Stripe, our VPS provider, Sentry, Plausible (analytics).
- Law-enforcement or courts where legally required.
- Other users — only what you choose to make public (display name, uploaded tracks, public playlists).
6. International transfers
Some of our processors (Google, Stripe, Sentry) operate in the United States. Transfers rely on Standard Contractual Clauses or equivalent safeguards under GDPR Chapter V.
7. Your rights
Under GDPR you have the right to:
- Access the personal data we hold about you.
- Request rectification of inaccurate data.
- Request erasure ("right to be forgotten") — available in-app under Settings → Delete account.
- Restrict or object to processing based on legitimate interest.
- Receive your data in a portable JSON format — use Settings → Export my data.
- Lodge a complaint with your local supervisory authority.
8. Cookies and local storage
We use cookies and browser localStorage to keep you signed in, remember language/theme, cache playback state and run privacy-friendly analytics. We do not set third-party advertising cookies.
9. Children
The Services are not directed to children under 13. If we learn we have collected personal data from a child under 13 without verified parental consent, we will delete it.
10. Security
We use HTTPS everywhere (with HSTS), hashed passwords, Firebase security rules scoped per-user, rate-limited public endpoints and limited admin access. No system is perfectly secure — if you suspect an incident please contact us immediately.
11. Changes to this policy
If we make material changes we will post the updated Policy at sp-a-rk.online/privacy and notify you in-app or by email. The "Last updated" date at the top will always reflect the current version.
12. Contact
Privacy questions or requests: spark.dev.sup@gmail.com. We respond within 30 days.