Privacy notice

Sprkla acts as the controller for account, billing, security, support, and product-operations data processed through this website and app.

The app processes account information, workspace and project content, uploaded wireframes, billing records, audit and usage events, and security signals used to protect the service.

We process personal data to create and secure accounts, provide workspace collaboration, store and analyse uploaded wireframes, deliver transactional emails, take payments, prevent abuse, and support users.

Depending on the activity, the lawful basis is contract performance, legitimate interests in running and securing the service, legal obligations, or consent where consent is explicitly requested.

Sprkla uses specialist processors to operate the service, including hosting and object storage providers, Cloudflare Turnstile for abuse prevention, Amazon SES for email delivery, Stripe for billing, and AI providers such as OpenAI and Anthropic when AI features are used.

These providers only receive data needed for the relevant service, such as email delivery, payment processing, wireframe storage, or AI generation.

Some processors may handle data outside the UK or EEA. Where that happens, transfers should be covered by appropriate safeguards such as adequacy decisions or standard contractual clauses.

Deployment owners are responsible for ensuring the configured providers, regions, and contracts match their compliance requirements.

Account, workspace, project, usage, and billing records are retained for as long as needed to provide the service and, where applicable, to meet legal, accounting, and dispute-resolution obligations. Usage records and billing-related records are currently retained for up to seven years before cleanup.

Short-lived operational and security records use shorter retention windows. Accepted invite records are retained for 30 days after acceptance, stale rate-limiting buckets are retained for 7 days, and expired verification and invite tokens are removed after expiry. Uploaded wireframes should be deleted when the related account or project data is erased, subject to any required retention.

Depending on your location, you may have rights to access, correct, erase, restrict, object to, or export your personal data, and to lodge a complaint with a supervisory authority.

If Sprkla relies on consent for a specific activity, you may withdraw that consent at any time without affecting earlier processing.