Privacy Policy

The short version

We collect what's needed to run Spark·OS, store it securely, and never sell it. No third-party ad pixels, no data brokers.

What we collect

• Account info: name, email, venue details you provide.
• Performer signups: data your performers submit through your venue page (name, contact, slot, optional uploads). You're the data controller for that content; we're the processor.
• Usage: basic logs (IP, browser, pages viewed) for security and debugging.
• Billing: handled by Stripe. We store the last 4 digits and plan; we never see your full card number.

How we use it

To run the service, send transactional emails (receipts, password resets), respond to support, and improve the product. We send marketing emails only if you opt in, and you can unsubscribe any time.

Who we share it with

Sub-processors we use to operate Spark·OS: Stripe (billing), Resend (email), Cloudflare (hosting/CDN), and Lovable Cloud / Supabase (database & auth). They are bound to confidentiality and security obligations. We do not sell or rent your data, and we do not share it with advertisers.

Cookies

We use first-party cookies for login sessions and a privacy-respecting analytics cookie (no cross-site tracking). No advertising cookies.

Your rights

You can access, export, correct, or delete your data from Settings, or by emailing us. EU/UK/CA residents have additional rights under GDPR/CCPA — same email, same response.

Retention

We keep Account data while your Account is active. After deletion, we wipe personal data within 30 days, except records we're legally required to keep (e.g., invoices for tax purposes).

Security

Data is encrypted in transit (TLS) and at rest. Access is limited to staff who need it. If there's ever a breach affecting you, we'll notify you within 72 hours of discovery.

Contact

Privacy questions: info@staticstudiosinc.com