Legal
Privacy Policy
This Privacy Policy sits alongside and must be read together with the SparkRecall Terms and Conditions of Use and Cookie Policy. In the event of any conflict between this Policy and the Terms, the Terms shall prevail.
1. Who We Are and How to Contact Us
SparkRecall Limited ("SparkRecall", "we", "us", "our") is incorporated in Ireland and operates SparkRecall.com and related mobile applications (the "Platform").
SparkRecall Limited is the Data Controller for personal data collected through the Platform.
Email: team@sparkrecall.com
Registered Address: SparkRecall Ltd C/O LMS Accountants, Ecowise Building, Block 12, Ballybane Industrial Estate, Galway
2. Scope and Applicable Law
This Privacy Policy applies to all users of the Platform and governs the collection, use, storage, transfer, and deletion of personal data by SparkRecall.
We process personal data in accordance with:
- Regulation (EU) 2016/679 (GDPR)
- Irish Data Protection Act 2018
- UK GDPR (as retained in UK law by the European Union (Withdrawal) Act 2018) and the UK Data Protection Act 2018 — applicable to users accessing the Platform from the United Kingdom
- The ePrivacy Directive 2002/58/EC as implemented in Irish law
- Other applicable global data protection laws
For UK users, the Information Commissioner's Office (ICO) is the relevant supervisory authority in addition to the Irish Data Protection Commission (DPC).
3. What Data We Collect
⚠ STRICT PROHIBITION — Do Not Upload Sensitive Data
The Platform is not designed or intended for the storage of sensitive, special category, or confidential personal data. You are strictly prohibited from uploading such data.
Prohibited categories include: health/medical data, biometric data, financial credentials, passwords, government ID numbers, criminal records, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, or sexual orientation.
3.1 Data You Provide to Us
We collect the following categories of personal data that you actively provide:
- Account Information: name, email address, username, and encrypted password
- User-Generated Content: information you voluntarily input into the Platform for personal productivity purposes
3.2 Data We Collect Automatically
When you use the Platform, we automatically collect certain technical data:
- IP address and approximate location (country/region level)
- Device type, model, and operating system
- Browser type and version
- Pages visited, features used, and interaction timestamps
- Error logs and crash reports
3.3 Cookies and Tracking Data
We collect data via cookies and similar tracking technologies. Full details are set out in our Cookie Policy.
4. Special Category Data — Prohibition
SparkRecall does not intend to collect, and expressly prohibits the upload of, special category personal data as defined under Article 9 GDPR. This includes data revealing:
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Genetic or biometric data used for identification
- Health or medical data
- Sexual orientation or sex life
- Criminal convictions or offences (Article 10 GDPR)
5. How and Why We Use Your Data
We process personal data only for the following specific, explicit, and legitimate purposes:
| Purpose | Lawful Basis (GDPR Art. 6) | Details |
|---|---|---|
| Provide and maintain the Platform | Art. 6(1)(b) — Contract | Necessary to deliver the service you signed up for |
| User authentication & account management | Art. 6(1)(b) — Contract | Account creation, login, and session management |
| Platform security & fraud prevention | Art. 6(1)(f) — Legitimate Interests | Protecting Platform integrity and user accounts |
| Service improvement & analytics | Art. 6(1)(f) — Legitimate Interests | Aggregated, anonymised usage analysis |
| Legal compliance | Art. 6(1)(c) — Legal Obligation | Meeting obligations under Irish, EU, and UK law |
| Communications (service notices) | Art. 6(1)(b) — Contract | Notifications about your account or the Platform |
| Marketing (where opted in) | Art. 6(1)(a) — Consent | Only where you have given explicit consent; opt-out at any time |
We do not sell personal data to third parties. We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects on users.
6. Data Retention
We retain personal data only for as long as is necessary for the purposes described in this Policy:
- Account data: retained for the duration of your active account
- Legal hold data: retained for the period required by applicable law
- Inactive accounts: we reserve the right to delete accounts inactive for an extended period, with advance notice where reasonably practicable
- Deletion requests: actioned promptly, subject to any overriding legal hold obligations
⚠ No Guaranteed Retention
SparkRecall makes no guarantee that data will be stored, preserved, or retrievable. You are solely responsible for maintaining independent backups of any information you consider important.
7. Who We Share Data With
SparkRecall does not sell or rent personal data. We may share data only in the following limited circumstances:
7.1 Service Providers
We engage trusted third-party processors (e.g. hosting, analytics, email delivery) who act strictly on our instructions and are bound by data processing agreements meeting GDPR Article 28 requirements.
7.2 Legal Requirements
We may disclose data where required by applicable law, court order, or regulatory authority, including the Irish Data Protection Commission or Information Commissioner's Office.
7.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, personal data may be transferred to a successor entity, subject to the same level of data protection as set out in this Policy.
7.4 With Your Consent
We may share data with third parties where you have given explicit prior consent.
8. International Data Transfers
Data may be processed outside the European Economic Area (EEA) or United Kingdom. Where such transfers occur, we ensure appropriate safeguards are in place, including:
- EU Standard Contractual Clauses (SCCs) as approved by the European Commission
- UK International Data Transfer Agreements (IDTAs) or UK Addenda to SCCs, where applicable for UK data
- Adequacy decisions issued by the European Commission or UK Secretary of State
- Other lawful transfer mechanisms recognised under GDPR or UK GDPR
9. Your Rights
Depending on your location, you have the following rights regarding your personal data:
| Right | What It Means |
|---|---|
| Access (Art. 15) | Request a copy of the personal data we hold about you |
| Rectification (Art. 16) | Correct inaccurate or incomplete personal data |
| Erasure (Art. 17) | Request deletion of your personal data ("right to be forgotten") |
| Restriction (Art. 18) | Request that we limit how we process your data |
| Portability (Art. 20) | Receive your data in a structured, machine-readable format |
| Objection (Art. 21) | Object to processing based on legitimate interests |
| Withdraw Consent | Withdraw consent at any time where processing is consent-based |
| Complaint | Lodge a complaint with the DPC (EU/Ireland) or ICO (UK) |
To exercise any right, contact us at: team@sparkrecall.com. We will respond within one calendar month as required by GDPR Article 12.
10. Security
We implement appropriate technical and organisational measures to protect personal data, including:
- Encrypted data storage
- Access controls and multi-factor authentication where applicable
- Regular security assessments and penetration testing
- Staff training on data protection obligations
⚠ Security Limitation Notice
No method of electronic transmission or storage is 100% secure. This is a further reason why users must not upload sensitive, special category, or confidential data to the Platform.
11. Data Breach Procedures
In the event of a personal data breach, SparkRecall will:
- Promptly assess the nature, scope, and risk of the breach
- Notify the Irish DPC within 72 hours where required under GDPR Article 33
- Notify UK ICO within 72 hours where required under UK GDPR, for breaches affecting UK users
- Notify affected data subjects without undue delay where a high risk to their rights is identified (GDPR Article 34)
- Maintain an internal breach register in accordance with Article 33(5)
12. Children
The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that personal data from a minor has been collected, we will delete it without delay.
13. Links to Third-Party Services
The Platform may contain links to or integrations with third-party websites and services. SparkRecall is not responsible for the privacy practices of any third party. We encourage you to review the privacy policies of any third-party service you use.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Where changes are material, we will notify users via email or a prominent notice on the Platform prior to the changes taking effect. Continued use of the Platform following such notice constitutes acceptance of the revised Policy.
15. Supervisory Authorities and Complaints
You have the right to lodge a complaint with the relevant supervisory authority at any time:
EU / Ireland Users
Irish Data Protection Commission (DPC)
21 Fitzwilliam Square South, Dublin 2, D02 RD28
www.dataprotection.ie · +353 (0)761 104 800
UK Users
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
www.ico.org.uk · +44 (0)303 123 1113