Privacy
Why SparkScore Is Private
Chats are personal. Below is how SparkScore handles them—no buried clauses, just what we actually do.
1. Conversation history: processed, not kept
We process uploads to produce your analysis; we do not keep the raw conversation on our servers afterward. Content is used in memory for scoring, then discarded—not archived for later reuse or as a training corpus.
2. PII stripped before any AI or scoring runs
Before models or algorithms run, text goes through PII redaction on our side. Typical items removed include:
- Names of people in the thread
- Credit card numbers
- Bank details and bank-related addresses
- Physical addresses (home, work, mailing)
- Phone numbers and email addresses
- SIN and SSN
- SWIFT, BIC, IBAN
- ZIP/postal codes in identifying contexts
What reaches analysis is pattern-level signal (tone, pacing, reciprocity, themes)—not identifiers that tie the thread back to real people or accounts.
3. Stored results: AES-256, salt, SOC 2—and you hold the key
Finished reports are stored encrypted (AES-256) with a cryptographic salt, not in plain text. Infrastructure aligns with SOC 2 Type II expectations for security and handling of customer data.
If you lose your password, we cannot decrypt your stored results. The design assumes only you have the key; without it, ciphertext is not recoverable—not by us, not by a third party who might obtain a copy.
4. No model training on your inputs or outputs
LLMs and related services are used in configurations where your inputs and outputs are not retained for training. We do not feed your conversations into an opt-in “improve the model” loop.
5. We don’t monetize or weaponize your data
We do not sell data, broker it, use it for ad targeting, build cross-site behavioral profiles, or hand content to analytics vendors for their own use. We do not share with insurers, employers, or partners for their secondary products.
Examples of practices we avoid:
- Reselling or aggregating profiles for third parties
- Ad/behavioral targeting from your uploads
- Profiling moods or habits for unrelated commercial use
- Loosely scoped “insights” or marketing tool sharing
- Feeding content into underwriting or opaque risk scores
- Cross-app identity stitching without clear consent
- Licensing usage patterns to train or benchmark outside models
- Legal requests: we comply only with a valid legal order and notify you when the law allows. Anything producible on our side remains encrypted with your password—only you know it, so nobody can read the substantive report without you.
6. Delete from the app
You can delete stored analyses in the product. That removal is meant to drop retained encrypted material—we’re not relying on a hidden “soft delete” story for your explicit delete action.
7. Contact
Privacy questions: hey@sparkscore.me — we read and reply.
| Topic | What SparkScore does |
|---|---|
| Raw conversation history | Processed for your report, not stored long-term on our servers. |
| PII | Redacted before AI or scoring (names, financial IDs, addresses, phones, emails, SIN/SSN, SWIFT/BIC/IBAN, identifying postal codes, etc.). |
| Stored reports | AES-256 + salt; infrastructure aligned with SOC 2 Type II. Lost password = we cannot decrypt your data. |
| Model training | Your inputs and outputs are not used to train models. |
| Resale / tracking / sharing | We don’t sell, broker, ad-target, or profile your data; no handoffs to insurers, employers, or vague “insights” partners. Valid legal orders only; we notify when allowed; whatever exists is still encrypted with your password—only you can read it. |
| Your control | Delete stored analyses from the app; meant as real removal of retained encrypted data. |
| Questions | hey@sparkscore.me |