SparkedLink Privacy Policy
Effective Date: June 25, 2026 Last Updated: June 25, 2026
1. Introduction
SparkedLink ("SparkedLink," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, share, store, and protect information when you visit our website at sparkedlink.com, use any of our features, or otherwise interact with us (collectively, the "Service").
This Privacy Policy applies to all users of the Service. By accessing or using the Service, you confirm that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.
This Privacy Policy is incorporated by reference into the SparkedLink Terms of Service, available at sparkedlink.com/terms.
2. Who We Are
SparkedLink is a free AI-powered date planning platform operated from New York. You can reach us at:
SparkedLink Email: hello@sparkedlink.com Mailing address: 3180 Express Dr S, Suite E Islandia, NY 11749
For any privacy-related question, request, or complaint, email us at hello@sparkedlink.com with the subject line "Privacy."
3. Information We Collect
We collect information in three ways: directly from you, automatically when you use the Service, and from third parties when you choose to connect them.
3.1 Information You Provide Directly
When you create an account or use the Service, you may give us the following:
- Account information. Your email address, first name, last name, password (stored as a one-way hashed value we cannot read), and any profile preferences.
- Authentication information. If you sign in using Google or Apple, we receive your name, email, and a unique identifier from that provider, in accordance with the permissions you grant during sign-in.
- Questionnaire answers. When you generate a date plan, we collect the answers you provide, including the city, budget range, date type, vibe selections, relationship stage, food and activity interests, transportation preferences, availability, accessibility needs, items you want to avoid, and any free-text notes you write.
- Plans and content. The date plans we generate for you, any edits or revisions you make, plans you save, plans you choose to share, and the share links you create.
- Feedback. Star ratings, written feedback, bug reports, and feature requests you submit.
- Communications. Messages you send us by email or through any in-app contact form.
3.2 Information Collected Automatically
When you use the Service, we and our service providers automatically collect:
- Device and browser information. Device type, operating system, browser type and version, screen size, language preference, and referring URL.
- Usage information. Pages and screens visited, features used, buttons clicked, time spent, plans generated, plans saved or regenerated, and other actions you take inside the Service.
- Log data. IP address, access timestamps, error logs, and similar technical records used for security, debugging, and analytics.
- Cookies and similar technologies. Session identifiers, authentication tokens, and preference settings stored in your browser. See Section 8 for details.
- Inferred preferences. Based on the plans you save, share, or regenerate, we build a private "taste fingerprint" that helps the AI personalize future plans for you. This fingerprint is stored against your account and is described in detail in Section 7.
3.3 Information From Third Parties
We may receive information about you from third parties when:
- You sign in with Google or Apple (we receive your name, email, and a unique identifier).
- You allow a third-party integration to share data with the Service in the future.
- A trusted analytics or security provider sends us aggregated reports about how the Service is performing.
We do not buy personal information from data brokers.
4. How We Use Your Information
We use your information to operate, improve, personalize, and protect the Service. Specifically:
- To provide the Service. Create and maintain your account, generate date plans based on your inputs, save and retrieve your plans, render share links, and deliver notifications you opt into.
- To personalize your experience. Use your account history and inferred preferences to make AI-generated plans feel tailored to you over time.
- To improve the Service. Analyze usage patterns, identify bugs, measure feature performance, and inform product decisions. Where possible, we use aggregated or de-identified data for this purpose.
- To communicate with you. Send you transactional emails (account confirmations, password resets, plan-saved confirmations, security alerts), respond to your inquiries, and notify you of material changes to our Terms or this Privacy Policy.
- To send optional marketing communications. Only with your consent, and you can unsubscribe at any time from the link at the bottom of any marketing email.
- To protect the Service and our users. Detect and prevent fraud, abuse, security incidents, and violations of our Terms.
- To comply with the law. Respond to lawful requests from public authorities, enforce our Terms, and protect our rights and the rights and safety of others.
- For business operations. Maintain backups, conduct audits, plan for growth, and manage internal accounting.
5. The Legal Basis for Processing (EU/UK Users)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, the legal bases we rely on to process your personal data are:
- Performance of a contract with you, including providing the Service and responding to your requests.
- Legitimate interests in operating, improving, securing, and promoting the Service, where those interests are not overridden by your rights.
- Consent for optional uses such as marketing emails, where required. You may withdraw consent at any time.
- Legal obligation where processing is required to comply with applicable law.
6. How We Share Your Information
We do not sell your personal information. We share information only as described below.
6.1 With Service Providers
We use third-party service providers to operate the Service. These providers are bound by contract to use your information only to perform services for us and to protect it appropriately. Current providers include:
- Hosting and infrastructure. Vercel (web hosting and domain), Supabase (database, authentication, file storage).
- AI processing. OpenAI (large language model used to generate date plans). See Section 7 for full disclosure.
- Email delivery. Resend (transactional email such as password resets and plan-saved confirmations).
- Authentication. Google and Apple (only if you choose to sign in with their service).
- Analytics and error tracking. A privacy-respecting analytics provider, configured to collect only aggregated, non-identifying signals where possible.
When we add new providers, we update this list within a reasonable time after the change.
6.2 With Other Users (Only When You Choose)
When you create a share link for a plan, anyone with that link can view the contents of that plan. The shared view does not include your account information, email, or any other plan you have not chosen to share, but it does include any free-text or personalization you added that becomes part of the rendered plan. You can delete a share link at any time from your dashboard.
6.3 With Sponsored Content Partners (Future)
SparkedLink is free for users. In the future we may earn revenue by featuring restaurants, events, or venues in plans. When we display sponsored content, we will clearly label it. We may share aggregated and de-identified information with sponsors (for example, how many users viewed a sponsored placement), but we will not share your name, email, or any other directly identifying information with sponsors unless you explicitly opt in to do so.
6.4 For Legal and Safety Reasons
We may share information when we believe in good faith that doing so is necessary to:
- Comply with applicable laws, regulations, court orders, or other lawful requests by public authorities.
- Enforce our Terms of Service or other policies.
- Protect the rights, property, safety, or security of SparkedLink, our users, or any third party.
- Investigate and prevent fraud, abuse, or technical issues.
6.5 In Connection With a Business Transaction
If SparkedLink is involved in a merger, acquisition, financing, sale of assets, bankruptcy, or any similar transaction, your information may be transferred as part of that transaction. We will notify you of any such transfer and any choices you may have regarding your information.
6.6 With Your Consent
We may share your information for any other purpose with your explicit consent.
7. AI Processing and AI Training
This section explains in detail how your inputs interact with the AI system that powers SparkedLink, because this is the part of our service most likely to surprise users if not clearly disclosed.
7.1 What Gets Sent to the AI
When you generate a date plan, the following information is sent to our AI provider (OpenAI) to produce that plan:
- The structured answers you provided in the questionnaire (city, budget, vibe, etc.).
- Any free-text note you wrote.
- A non-identifying preference summary derived from your prior plans (so the AI can personalize without seeing your account).
- Contextual information such as the time of day, day of the week, and season.
We do not send your name, email address, password, payment information, IP address, or any other directly identifying information to the AI provider for this purpose.
7.2 What the AI Provider Does With It
OpenAI processes the information we send to generate your plan and returns the result to us. Under our agreement with OpenAI, content sent through their API is not used to train OpenAI's models by default. OpenAI retains API inputs and outputs for a limited period (typically up to 30 days) for abuse monitoring and then deletes them.
You can read OpenAI's enterprise privacy commitments at openai.com/policies/privacy-policy and openai.com/enterprise-privacy.
7.3 Whether We Use Your Data to Improve SparkedLink
We use information about how plans perform (for example, which plans get saved, shared, or regenerated) to improve our own algorithm. This improvement happens at the aggregated and de-identified level — we look at patterns across many users, not at any individual's identity. We do not currently use your individual content to train any AI model.
If we ever change this practice, we will update this Privacy Policy and, where required, ask for your consent before doing so.
7.4 Your Choices
You can:
- Delete an individual plan at any time from your dashboard, which removes it from your account history and from your taste fingerprint.
- Reset your taste fingerprint by emailing hello@sparkedlink.com with the subject line "Reset fingerprint." This wipes the learned preferences without deleting your account.
- Delete your account entirely, which deletes your fingerprint, your saved plans, and your inferred preferences. See Section 11.
8. Cookies and Similar Technologies
We use cookies and similar technologies (such as local storage tokens) to operate the Service. The categories we use are:
- Strictly necessary. Required for authentication, session management, and basic security. These cannot be disabled without breaking the Service.
- Functional. Remember your preferences such as theme or language.
- Analytics. Help us understand how the Service is used so we can improve it. We use a privacy-respecting analytics setup that minimizes individual tracking.
We do not currently use advertising or cross-site tracking cookies. If we add any in the future, we will update this Privacy Policy and present a cookie consent banner in regions where required.
Most browsers let you block or delete cookies. Doing so may disable features of the Service.
9. Do Not Track Signals and Global Privacy Control
Some browsers offer a "Do Not Track" (DNT) signal, and others offer a Global Privacy Control (GPC) signal. We honor recognized GPC signals from users in jurisdictions where this is required, including California. We do not currently respond to DNT signals because there is no industry consensus on how to interpret them, but as noted above we do not sell personal information or use cross-site advertising trackers.
10. Data Retention
We retain your information for as long as your account is active and for a reasonable period after, as follows:
- Account information. Kept while your account is active. Deleted within 30 days of account deletion, except where we are required by law to retain it longer.
- Saved plans and share links. Kept while your account is active or until you delete them. Public share links can be deactivated by you at any time.
- Taste fingerprint and venue history. Kept while your account is active. Deleted on account deletion or upon a "Reset fingerprint" request.
- Generation logs and audit records. Kept for up to 24 months for security, debugging, and product improvement, then aggregated or deleted.
- Backups. Stored for up to 90 days for disaster recovery and then overwritten.
- Communications. Kept for as long as needed to respond to your inquiry and for a reasonable period after.
If you delete your account, we will delete or de-identify your personal information within 30 days, except where we must retain it to comply with law, resolve disputes, prevent fraud and abuse, or enforce our agreements.
11. Your Rights and Choices
Depending on where you live, you may have the following rights. Regardless of where you live, SparkedLink honors the core rights below for all users as a matter of policy.
- Access. Request a copy of the personal information we hold about you.
- Correction. Ask us to fix inaccurate or incomplete information.
- Deletion. Ask us to delete your information. We will do so within 30 days, subject to the limited exceptions described in Section 10.
- Portability. Receive a copy of your information in a structured, machine-readable format (JSON).
- Opt-out of marketing. Unsubscribe from marketing emails at any time using the link in the email or by emailing hello@sparkedlink.com.
- Opt-out of automated decision-making. SparkedLink does not currently make automated decisions that produce legal or similarly significant effects about you, but if we ever do, you will have the right to opt out.
To exercise any of these rights, email hello@sparkedlink.com with the subject line "Privacy Request" and tell us which right you'd like to exercise. We may need to verify your identity by asking you to confirm details only you and your account would know. We will respond within 30 days, or sooner where required by law.
We will not discriminate against you for exercising any of your privacy rights.
12. Notice to California Residents (CCPA / CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA").
Categories of Personal Information We Collect
In the past 12 months we have collected the following categories of personal information, as defined by the CCPA:
- Identifiers (name, email, IP address, unique account identifier).
- Customer records (account credentials, contact information).
- Internet or other electronic network activity (usage data, log data, cookie data).
- Geolocation data (only the city or area you provide in the questionnaire; we do not collect precise GPS location).
- Inferences drawn from the above (your taste fingerprint).
We collect this information from you directly, from authentication providers (Google, Apple) if you use them, and automatically as you use the Service.
Categories of Personal Information We Disclose for Business Purposes
We disclose the categories above to our service providers (hosting, database, AI, email, authentication, analytics) strictly to operate the Service.
Sale and Sharing
We do not sell or share your personal information as those terms are defined in the CCPA. We do not engage in cross-context behavioral advertising. We have no actual knowledge of selling or sharing personal information of consumers under 16 years of age.
Sensitive Personal Information
We do not collect or use sensitive personal information for purposes that would require an opt-out right under CCPA. We do not infer characteristics about you from sensitive categories.
Your CCPA Rights
In addition to the rights in Section 11, California residents have the right to:
- Know what personal information we collect, use, disclose, and share.
- Delete personal information we have collected from you, subject to exceptions.
- Correct inaccurate personal information.
- Opt out of sale or sharing (not applicable, since we do neither).
- Limit the use of sensitive personal information (not applicable, since we do not use it for purposes requiring opt-out).
- Non-discrimination for exercising your rights.
To submit a CCPA request, email hello@sparkedlink.com with the subject line "California Privacy Request." You may also designate an authorized agent to make a request on your behalf, in which case we will require proof of the agent's authorization and verification of your identity.
Shine the Light
California Civil Code Section 1798.83 permits California residents to request information about a business's disclosures of personal information to third parties for the third parties' direct marketing purposes. We do not make such disclosures.
13. Notice to Residents of Other US States
Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Tennessee, Indiana, Iowa, Delaware, New Jersey, and other states with comprehensive consumer privacy laws have similar rights to those listed in Sections 11 and 12, including the right to access, correct, delete, and obtain a portable copy of their personal information, and to opt out of sale, targeted advertising, and profiling for decisions with legal effects.
SparkedLink does not sell personal information, does not engage in targeted advertising, and does not use profiling to make decisions that produce legal or similarly significant effects. To exercise any rights granted by your state's privacy law, email hello@sparkedlink.com with the subject line "Privacy Request" and your state of residence.
If we deny your request, you have the right to appeal by replying to our response. We will review the appeal and respond within 45 days, or such other period as required by your state's law.
14. Notice to EU, UK, and Swiss Residents (GDPR / UK GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation and equivalent laws:
- The right to access your personal data.
- The right to rectify inaccurate or incomplete data.
- The right to erase your data ("right to be forgotten").
- The right to restrict processing under certain conditions.
- The right to data portability in a structured, commonly used, machine-readable format.
- The right to object to processing based on legitimate interests.
- The right to withdraw consent at any time, where processing is based on consent.
- The right to lodge a complaint with your local data protection authority.
We process your data under the legal bases described in Section 5. The data controller for your information is SparkedLink, contactable at hello@sparkedlink.com.
If you are in the EU, UK, or Switzerland, the personal information we collect may be transferred to and processed in the United States, where our service providers are located. We rely on appropriate safeguards for these transfers, including Standard Contractual Clauses where applicable. By using the Service, you understand that your personal information will be transferred to and processed in the United States.
15. Notice to New York Residents (SHIELD Act)
SparkedLink is operated from New York and complies with the New York Stop Hacks and Improve Electronic Data Security ("SHIELD") Act. We maintain reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of private information. In the event of a data breach involving New York residents' private information, we will notify affected individuals and the appropriate New York authorities as required by law.
16. Data Security
We take the security of your information seriously and use industry-standard safeguards to protect it, including:
- Encryption in transit. All connections to sparkedlink.com use HTTPS (TLS).
- Encryption at rest. Sensitive data stored in our database is encrypted at rest by our infrastructure provider.
- Hashed passwords. Passwords are stored using one-way hashing; we cannot read or recover your password.
- Access controls. Only the SparkedLink operator has administrative access to user data, and access is logged.
- Row-level security. Each user's data is isolated at the database level so that one user cannot access another user's information.
- Regular updates. We keep dependencies and infrastructure up to date with security patches.
No security measure is perfect. You play an important role in keeping your information safe. Use a strong, unique password, do not share your credentials, and tell us immediately at hello@sparkedlink.com if you suspect unauthorized access to your account.
17. Children's Privacy
The Service is intended for users 18 and older, as stated in our Terms of Service. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete it as quickly as possible. If you believe a child under 13 has provided us with personal information, please contact us immediately at hello@sparkedlink.com.
18. International Data Transfers
SparkedLink operates from the United States. If you access the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States and other countries where our service providers operate. These countries may have different data protection laws than your country of residence. By using the Service, you consent to the transfer of your information to the United States and to its processing in accordance with this Privacy Policy.
19. Third-Party Services and Links
The Service references and links to third-party websites and services, including restaurants, venues, event listings, mapping providers, and ride-share apps. This Privacy Policy does not apply to those third parties. We are not responsible for their privacy practices. We encourage you to read the privacy policies of any third-party service before providing them with information.
20. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other reasons. When we make material changes, we will revise the "Last Updated" date at the top of this policy and, where appropriate, notify you by email or through the Service. Your continued use of the Service after changes take effect constitutes your acceptance of the revised policy.
We recommend reviewing this Privacy Policy periodically to stay informed about our practices.
21. Contact Us
If you have questions, concerns, or requests related to this Privacy Policy or your personal information, please contact us at:
SparkedLink Privacy Inquiries: hello@sparkedlink.com (subject line: "Privacy") Mailing address: 3180 Express Dr S, Suite E Islandia, NY 11749
We aim to respond to all privacy inquiries within 30 days. If you have an unresolved concern that we have not addressed satisfactorily, you may have a right to lodge a complaint with your local data protection authority (for EU, UK, and Swiss residents) or your state's attorney general's office (for US residents).