Privacy Policy

At Spark Ledger ("we", "us", or "our"), we are committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

1Information We Collect

1.1 Information You Provide

We collect information you provide directly to us, including:

• Account Information: Name, email address, password, company name, and contact details when you create an account
• Billing Information: Payment card details, billing address, and transaction history (processed securely through Stripe)
• Financial Data: Invoices, expenses, transactions, bank account information, and other financial records you enter or sync
• Communications: Messages, feedback, and support requests you send to us
• Business Information: Company details, tax information, vendor/customer data you store in the Service

1.2 Information Collected Automatically

When you use our Service, we automatically collect certain information:

• Device Information: IP address, browser type, operating system, and device identifiers
• Usage Data: Pages visited, features used, time spent, and interaction patterns
• Log Data: Server logs, error reports, and diagnostic information
• Cookies: We use essential cookies for authentication and functionality (see Section 7)

1.3 Information from Third Parties

We may receive information from third-party services you connect:

• Bank Connections (Plaid): Account balances, transaction history, and account details from linked financial institutions
• Payment Processors (Stripe): Payment confirmation and transaction status
• Authentication Providers: If you sign in via Google or other OAuth providers, we receive your basic profile information

2How We Use Your Information

We use the information we collect to:

• Provide Services: Operate, maintain, and deliver the features of our Service
• Process Transactions: Handle payments, invoicing, check printing, and ACH transfers
• Improve Our Service: Analyze usage patterns to enhance functionality and user experience
• Communicate: Send service-related notices, updates, security alerts, and support messages
• Security: Detect, prevent, and address fraud, unauthorized access, and technical issues
• Legal Compliance: Comply with applicable laws, regulations, and legal processes
• AI Features: Power features like automatic categorization and financial insights (processed securely)

3Data Sharing and Disclosure

We only share your information in the following limited circumstances:

3.1 Service Providers

We share data with trusted third-party service providers who perform services on our behalf, including:

• Plaid: Secure bank account connections and transaction syncing
• Stripe: Payment processing and subscription management
• Lob: Check printing and mailing services
• Cloud Infrastructure: Secure data hosting and storage
• Email Services: Transactional email delivery

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

3.2 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request.

3.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website.

4Data Security

We implement robust security measures to protect your data:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Strict role-based access controls limit who can access your data
• Infrastructure Security: We use enterprise-grade cloud infrastructure with SOC 2 compliance
• Regular Audits: We conduct regular security assessments and penetration testing
• Secure Authentication: Support for strong passwords and multi-factor authentication
• Data Isolation: Each organization's data is logically isolated from other customers

5Data Retention

We retain your data for as long as your account is active or as needed to provide you services. After account termination:

• You may request an export of your data within 30 days of termination
• We delete your data within 90 days of termination, except where retention is required by law
• Some anonymized, aggregated data may be retained for analytics and service improvement

6Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Export: Request a portable copy of your data in a machine-readable format
• Opt-Out: Unsubscribe from marketing communications at any time

To exercise these rights, please contact us at privacy@sparkledger.io. We will respond to your request within 30 days.

7Cookies and Tracking

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication, security, and core functionality
• Preference Cookies: Remember your settings and preferences
• Analytics: Understand how users interact with our Service (using privacy-focused analytics)

We do not use advertising cookies or tracking pixels. You can control cookies through your browser settings.

8California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by businesses
• Right to opt-out of the sale of personal information
• Right to non-discrimination for exercising CCPA rights

We do not sell personal information. We have not sold personal information in the preceding 12 months.

9Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us: