Privacy Policy

We built Sparlo for R&D teams working on sensitive problems. If we could see your data, we would not be able to serve you.

Here is exactly what happens when you use Sparlo:

• Encrypted everywhere: Your data is encrypted in transit (TLS 1.3) and at rest (AES-256).
• We cannot access your content: Your queries and generated reports are stored in your account. Our team has no way to view them.
• Processed via third-party AI: Your queries are sent to a third-party AI API provider for processing. The results come back to your account.
• Not used for AI training: We use an enterprise API tier where the provider does not train on customer data. This is their policy, not just ours.
• Not sold or shared: Your data is never sold to advertisers, data brokers, or any other third parties.

We make no claims on anything you submit or anything we generate for you.

• No ownership claims: Your content and generated solutions belong entirely to you.
• Isolated processing: Your queries are processed in isolation. Nothing crosses between accounts.
• Full deletion: Request deletion anytime. We permanently remove everything.

Our team can see:

• Your email address and subscription status.
• Anonymized usage statistics (page views, feature usage).
• Technical logs for debugging (timestamped events, not content).

Our team cannot see:

• Your queries or prompts.
• Your generated reports.
• Your research data or uploaded content.
• Your payment details (Stripe handles this directly).

Any access to account data requires justification, approval, and audit logging.

• Infrastructure: Hosted on SOC 2 Type II certified cloud providers.
• Access controls: Strict authentication and authorization at every level.
• Regular audits: Security testing and vulnerability scanning.

We rely on third-party services to operate Sparlo:

• AI processing: Your queries are processed by a third-party AI API provider. We use their enterprise tier, which contractually prohibits training on customer data.
• Authentication: Account login handled by Supabase Auth.
• Payments: Payment processing handled by Stripe. We never see your card details.
• Analytics: PostHog for usage analytics (opt-in only, privacy-focused). PostHog Privacy Policy.

Account information

Email, authentication credentials, and basic profile info from social logins.

Usage data

Pages visited, features used, and timestamps. This helps us improve the product.

Content you submit

Your queries and research topics are processed to generate solutions. This data stays in your account.

Payment

Handled entirely by Stripe. We never see or store card numbers.

• Sell your data to anyone.
• Share your data with advertisers or data brokers.
• Share data between customers.
• Use your queries for AI training (our provider's enterprise terms prohibit this).
• Access your reports or research content.

• Active accounts: Data retained while active.
• Deletion: Permanently removed within 30 days of account deletion.
• Legal holds: May retain longer if required by law.

You can:

• Access a copy of your data.
• Correct inaccurate information.
• Delete your data and account.
• Export your data.
• Opt out of marketing.

Contact privacy@sparlo.ai to exercise these rights.

Data is processed in the United States. We maintain appropriate safeguards for international transfers.

We may update this policy. Material changes will be posted here and emailed to you. Continued use after changes means acceptance.

• Privacy: privacy@sparlo.ai.
• General: hello@sparlo.ai.