Privacy Policy

Privacy Policies
Effective Date: 01/01/2025
Version: 1.0

1. Introduction
Ownership
Your Data, Your Control: You retain full ownership of your data.
No Default Training: Our models do not use your business data for training by default.
Property of Inputs and Outputs: Your inputs and outputs remain exclusively yours (in accordance with applicable law).
Data Retention: You determine the retention period for your data.
Control
Organizational Access: You decide who in your organization has access to your data.
Enterprise-Grade Authentication: Enjoy enterprise-level authentication with SAML SSO for both Enterprise and API users.
Granular Permissions: Benefit from fine-grained control over access levels and available features.
Exclusive Custom Models: Your custom models are for your exclusive use and are never shared with others.
Security
Robust Compliance: We adhere to comprehensive compliance standards.
Data Encryption: Your data is secured with AES-256 encryption both at rest and during transit—whether between you and us or between us and our service providers.
1.1 Purpose
This Privacy Policy outlines how DataSpark collects, processes, shares, and protects data across internal, external, and web-based environments.
1.2 Scope
This policy applies to:
Internal Privacy (Employees & Contractors): Handling of employee records, payroll data, access logs, and internal IT security.
External Privacy (Clients, Vendors, & Third Parties): Customer data handling, partner interactions, and contractual obligations with third-party service providers.
Web Privacy (Website & App Users): Collection of user data via cookies, analytics, web forms, and digital tracking.
1.3 Types of Data Collected
Category
Examples
Collection Methods
Business Data
Company name, tax information, payment details
Contracts, invoices, B2B transactions
Financial Data
Billing details, transaction history
Payment gateways, financial reports
Technical Data
IP addresses, device information, browser type
Cookies, analytics
Employee Data
HR records, payroll, access logs
Internal HR systems


2. Data Collection & Processing
2.1 How Data is Collected
Directly from users: Registration forms, customer inquiries, job applications.
Automatically via technology: Cookies, analytics tools (Google Analytics, AWS CloudWatch).
Third-party integrations: Payment processors, cloud storage providers, CRM systems.
2.2 Data Minimization & Lawful Basis for Processing
DataSpark follows data minimization principles, ensuring that only necessary data is collected. Processing is based on:
Contractual necessity: Data required for service agreements.
Legitimate interest: Analytics, fraud prevention, and product improvement.
Legal compliance: Regulatory obligations under GDPR, CCPA, etc.
User consent: Marketing communications, non-essential cookies.



3. Internal Privacy Policy (Employees & Internal Data Handling)
3.1 Employee Data Handling & Storage
HR records are stored in encrypted databases with access restrictions.
Payroll & financial data is processed in compliance with labor and tax laws.
Employee monitoring is conducted for security and compliance purposes.
3.2 Access Control & Security Measures
Role-Based Access Control (RBAC) ensures employees access only necessary data.
Encryption standards: AES-256 encryption for data at rest, TLS 1.2+ for data in transit.
Logging & Auditing: All access and modifications are logged for accountability.

4. External Privacy Policy (Customers, Vendors, & Third Parties)
4.1 Customer & Partner Data Handling
Data is used only for providing contracted services, with transparency on processing activities.
Customers have full rights to access, modify, or delete their personal data upon request.
4.2 Data Sharing & Third-Party Compliance
DataSpark may share necessary data with trusted third-party service providers to facilitate our services. These include cloud hosting providers (e.g., AWS), payment processors, CRM systems, and analytics services. We ensure these providers adhere to strict data protection standards, often demonstrated through certifications like ISO 27001 and SOC 2. Our vendor agreements include robust data processing clauses requiring compliance with applicable regulations such as GDPR and CCPA, ensuring your data is handled securely and only for the specified purposes.

5. Web Privacy Policy
5.1 Cookies & Tracking Policies
Cookie Type
Purpose
Opt-Out
Essential Cookies
Authentication, security, session management
No opt-out (required for functionality)


DataSpark does not sell personal data to advertisers or third parties.

6. Data Security & Protection Measures
6.1 Security Controls
Encryption: AES-256 encryption for data at rest, TLS 1.2+ encryption for data in transit.
Multi-Factor Authentication (MFA) for accessing sensitive systems.
Access Restrictions based on Zero Trust Security Principles.
Automated Threat Detection via AWS GuardDuty & CloudTrail.
6.2 Incident Response & Data Breach Protocols
Security incidents are logged and monitored through AWS CloudWatch.
Breach notification within 72 hours (as required under GDPR).
Containment & mitigation through rapid response protocols.

7. Data Retention & Deletion
7.1 Retention Periods
Data Type
Retention Period
Customer Accounts
Retained for 5 years post-termination
Financial Transactions
7 years (legal compliance)
Web Analytics Data
14 months
Employee Records
7 years post-employment

7.2 Data Deletion & Modification
Users and employees may request:
Data Access via the DataSpark email support.
Correction or deletion of inaccurate or unnecessary data.
Permanent erasure if legally permitted.

8. Updates & Policy Changes
Policy updates occur annually or when regulations change.
Major updates are notified via email and posted on our website.
Users can track past versions of this policy in our Policy Archive.

9. Contact Information & Complaints Handling
9.1 Data Protection Contact
For inquiries or complaints regarding privacy practices, contact:
📧 Email: contact@dataspark.org




Web Personal Privacy Policy
1. Information Collected Automatically When You Use Our Services
When you visit or use our Services, we automatically collect certain technical information, including:
Log Data: Information that your browser or device sends automatically, such as your IP address, browser type and settings, date and time of your request, and details about your interactions with our Services.
Usage Data: Data regarding how you interact with our Services—including the types of content you view, the features you use, your time zone, country, and details about your device (user agent, version, device type, etc.).
Device Information: Information about the device you use to access our Services, including the device name, operating system, unique identifiers, and browser type.
Location Information: We may infer your general location from your IP address for security purposes and to enhance your experience. In some cases, if you allow it, your device may provide more precise location data (e.g., from GPS).
Cookies and Similar Technologies: We use cookies and similar tools to help operate, administer, and improve our Services. Even if you do not have an account, certain information (like your preferences) may be stored via cookies. For more details, please review our Cookie Notice.
2. Information from Third Parties
We may also receive data from trusted partners—for example, security services to help prevent fraud and abuse or marketing partners to learn more about potential users. Additionally, we may gather publicly available information online to help improve and develop our Services.

3. How We Use Your Personal Data
We use your Personal Data for various purposes, including to:
Provide, operate, and maintain our Services, including responding to your inquiries.
Improve and develop our Services, including creating new features and conducting research.
Communicate with you about updates, offers, and events related to our Services.
Detect, prevent, and address fraud, abuse, and security issues.
Comply with legal obligations and protect the rights, privacy, safety, or property of our users, our company, and others.
Where possible, we aggregate or de-identify your Personal Data so that it no longer directly identifies you. De-identified information may be used for analytical or research purposes without further notice.
Note: Some content you provide may be used to enhance our platform’s performance. If you do not wish for your content to be used in this way, please review our settings and opt-out options where available.

4. Disclosure of Your Personal Data
We may share your Personal Data under the following circumstances:
Vendors and Service Providers: We may disclose your Personal Data to essential third-party vendors and service providers who perform functions on our behalf. This includes cloud infrastructure and hosting providers (e.g., AWS), payment processing services, customer support platforms, communication tools, and analytics services (e.g., Google Analytics). These providers are contractually obligated to protect your data, use it solely for the purposes we specify, and comply with relevant data protection laws. We conduct due diligence to ensure our vendors meet high security and privacy standards.
Business Transfers: In connection with any merger, acquisition, bankruptcy, or sale of assets, your Personal Data may be disclosed during due diligence and transferred to a successor or affiliated entity.
Legal and Safety Reasons: We may share your Personal Data with law enforcement or other governmental bodies if required by law or when we believe it is necessary to protect the security or rights of our users or others.
Affiliates: Your Personal Data may be shared with our affiliated companies, which are required to adhere to practices consistent with this Privacy Policy.
Business Account Administrators: For business or enterprise accounts, designated administrators may have access to account-related Personal Data in order to manage and support your account.
Third-Party Interactions: Some features allow you to share information with other users or third-party applications. Please be aware that when you share information in these contexts, it is governed by the privacy policies of those third parties.

5. Retention of Personal Data
We retain your Personal Data only as long as necessary to provide our Services or to comply with legal obligations, resolve disputes, and enforce our agreements. The retention period may vary based on:
The purpose for which the data is processed.
The nature and sensitivity of the information.
The risk of harm from unauthorized use or disclosure.
Any applicable legal requirements.
For example, certain temporary data (such as session or chat logs) might be retained for a limited period to ensure service safety and functionality.

6. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your Personal Data:
Access: Request details about the personal data we hold about you and how it is processed.
Correction: Request the correction or update of your Personal Data.
Deletion: Ask for the deletion of your Personal Data.
Data Portability: Request to receive your Personal Data in a structured, commonly used format for transfer.
Restriction: Request restrictions on how we process your Personal Data.
Consent Withdrawal: Withdraw consent where we have relied on your consent as the basis for processing.
Objections: Object to the processing of your Personal Data for direct marketing or based on our legitimate interests.
You can exercise many of these rights through your account settings. If you cannot do so online, please contact us at contact@dataspark.org. If you believe your rights have been violated, you may also lodge a complaint with your local data protection authority.

7. Children's Privacy
Our Services are not directed to children under 13, and we do not knowingly collect Personal Data from children under this age. If you believe that a child under 13 has provided us with Personal Data, please contact us at contact@dataspark.org. We will promptly investigate and take appropriate measures, including deletion of the data if necessary. Users under 18 should have parental or guardian consent to use our Services.

8. Security Measures
We take commercially reasonable measures—both technical and organizational—to protect your Personal Data from unauthorized access, alteration, disclosure, or destruction. However, please note that no method of data transmission over the Internet or electronic storage is 100% secure. We encourage you to be mindful of the information you share and to use caution when transmitting Personal Data over the Internet.

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at contact@dataspark.org.