SparkVault

Privacy Policy

Last updated: December 12, 2025

SparkVault, LLC ("SparkVault," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cryptographic storage platform and related services.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Company name (optional)
  • Account credentials (hashed, never stored in plaintext)

1.2 Payment Information

Payment processing is handled by Stripe, Inc. We do not store credit card numbers, bank account details, or other sensitive payment information on our servers. Stripe's privacy policy governs the collection and use of payment data. We receive only transaction confirmations and partial card information (last 4 digits) for your records.

1.3 Usage Data

We automatically collect certain information when you use our services:

  • IP address
  • Browser type and version
  • Operating system
  • Access times and dates
  • Pages viewed and features used
  • API call metadata (endpoints, timestamps, response codes)

1.4 Your Encrypted Data

Important: The content you store in Sparks, Vaults, and Ingots is encrypted using our Triple Zero-Trust architecture. We cannot access, read, or decrypt your stored data. Your encryption keys are split across multiple independent systems, and for Vaults, your passphrase (VMK) never leaves your device. Even under legal compulsion, we are technically unable to provide decrypted content.

2. How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain our services
  • Process transactions and send billing notifications
  • Send administrative information (service updates, security alerts)
  • Respond to inquiries and provide customer support
  • Monitor and analyze usage patterns to improve our services
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

3. Information Sharing and Disclosure

We do not sell your personal information. We may share information only in these circumstances:

3.1 Service Providers

We share information with third-party vendors who perform services on our behalf, including:

  • Amazon Web Services (AWS) - Cloud infrastructure and key management
  • Stripe - Payment processing
  • Cloudflare - CDN and DDoS protection

3.2 Legal Requirements

We may disclose information if required by law, subpoena, or court order. However, due to our encryption architecture, we can only provide account metadata and usage logs—never the encrypted content of your Sparks, Vaults, or Ingots.

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or prominent notice on our website before your information becomes subject to a different privacy policy.

4. Data Retention

  • Sparks: Automatically deleted after read or TTL expiration (max 24 hours)
  • Vaults and Ingots: Retained until you delete them or close your account
  • Account data: Retained while your account is active and for 30 days after deletion
  • Usage logs: Retained for 90 days for security and debugging purposes
  • Billing records: Retained for 7 years as required by tax regulations

5. Data Security

We implement industry-leading security measures including:

  • AES-256-GCM encryption for all stored data
  • ML-KEM-1024 post-quantum cryptography for key encapsulation
  • FIPS 140-2 Level 3 validated hardware security modules (HSMs)
  • TLS 1.3 encryption for all data in transit
  • SOC 2 Type II compliance
  • Regular third-party security audits

6. Your Rights and Choices

6.1 Access and Portability

You can access your account information and download your data at any time through your account dashboard.

6.2 Correction

You can update your account information directly in your account settings.

6.3 Deletion

You can delete your account at any time. Upon deletion, we will remove your personal information within 30 days, except for data we are required to retain for legal purposes.

6.4 California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to delete, and the right to opt-out of sales (we do not sell personal information). To exercise these rights, contact us at [email protected].

7. International Users

SparkVault is based in the United States, and our servers are located in AWS US regions. If you access our services from outside the United States, your information will be transferred to and processed in the United States. By using our services, you consent to this transfer.

8. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website at least 30 days before the changes take effect. Your continued use of our services after such notice constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

SparkVault, LLC
Email: [email protected]
Website: sparkvault.com