Legal Document

SparkColors Privacy Policy

Version 1.0.2Last updated: May 18, 2026

Last updated: May 18, 2026

1. Who We Are

SparkColors is a browser extension and online service for web reading annotations, thoughts, AI page understanding, knowledge organization, and related export and sharing features. This Privacy Policy explains how we collect, use, store, share, and protect your data.

If you do not agree with this policy, please do not register, sign in, or continue using SparkColors.

2. Data We Collect

We process data only as needed to provide, maintain, and improve user-facing features, including:

  • Account data: email address, nickname, avatar, password hash, registration time, login state, sessions, device information, invitation code, and account deletion status.
  • User content: annotation text, thoughts, public content, comments or feedback, imported content, export requests, content used to generate exported results that you actively request, reports, user settings, and preferences.
  • Web page related data: when you create annotations, view current-page data, use reading resume, use export features tied to page content, or use AI features, we may process page URLs, normalized URLs, page titles, favicons, meta descriptions, selected text, location data, scroll position, page snippets, or questions you provide.
  • AI and translation data: page snippets, questions, selected text, annotations, thoughts, context, outputs, model names, call status, usage, and error information submitted to AI or translation features.
  • Community and interaction data: public thoughts, likes, bookmarks, reports, dispute analysis results, user profile display data, and activity statistics.
  • Gamification and wallet data: energy balances, bills, rewards, streaks, levels, achievements, themes, skins, unlocks, and thought effect records.
  • Payment and subscription data: payment order records, payment status, subscription or membership status, product plan, amount, currency, transaction identifiers, checkout session identifiers, subscription identifiers, refund status, invoice or receipt references, timestamps, and related records needed to provide paid features, billing, refunds, support, accounting, fraud prevention, and compliance.
  • Technical and security data: browser type, extension version, language, device or session identifiers, IP address, User-Agent, captcha results, request logs, error logs, security audit records, and risk-control records.

We do not collect complete browsing history for advertising profiles or data sales. The extension may run on web pages because of site access permissions, but it processes page data only when needed for user-facing features.

We do not collect or store complete credit card numbers, debit card numbers, CVV codes, or full payment credentials. Payments are processed by our third-party payment provider, currently Creem. SparkColors stores only the payment, order, subscription, and transaction status information needed to provide and manage paid features.

3. Use of Chrome Extension Permissions

The SparkColors extension uses storage to save login state, local preferences, themes, disabled sites, and temporary state; tabs and activeTab to identify the current page, open or locate tabs, and communicate with content scripts; sidePanel to provide a side panel experience; downloads to save user-requested exported files, such as Daily Spark images, to the user's device; and site access to restore highlights, show toolbars, locate annotations, display the reading assistant, and read page content that you select or ask SparkColors to process.

We use the downloads permission only when you explicitly trigger an export or share action. SparkColors does not use that permission for background, unrelated, or bulk downloads.

Our use of data from Chrome extension APIs follows the Chrome Web Store User Data Policy, including the Limited Use requirements. We do not sell user data, use user data for personalized advertising, transfer user data to advertising platforms or data brokers, use it for creditworthiness or lending purposes, or use extension permissions for functionality unrelated to SparkColors' single purpose.

4. How We Use Data

We use data to:

  • Create and manage accounts, login sessions, captcha, password reset, and security protections.
  • Save, sync, display, search, restore, import, and export your annotations, thoughts, and document data, including generating and saving user-requested exported images or files.
  • Provide highlighting, location, privacy confirmation, overlap resolution, reading resume, side panel features, and other current-page experiences.
  • Provide AI page understanding, Q&A, translation, conflict detection, entity extraction, style suggestions, Daily Spark insights, and chat history.
  • Support community feeds, public content, likes, bookmarks, reports, dispute analysis, content governance, and user support.
  • Calculate statistics, heatmaps, reading reports, energy, achievements, rewards, and operational health.
  • Create payment orders, redirect users to checkout, receive payment status updates, activate or manage paid features, process refunds, provide billing and subscription support, prevent payment abuse, and maintain accounting or compliance records.
  • Prevent abuse, troubleshoot issues, maintain security, enforce our terms, respond to user requests, and comply with legal obligations.

5. Data Sharing

To provide the service, we may share data as needed with these categories of service providers:

  • Cloud hosting, database, object storage, networking, and security services used to run the backend, store data, and protect the system.
  • Email services used to send welcome, verification, notification, or account-related emails.
  • Payment providers, currently Creem, used to process checkout, payment orders, subscriptions, refunds, invoices, tax-related handling, fraud prevention, and payment status notifications.
  • AI providers and translation providers used to process AI, Q&A, translation, and page understanding requests that you actively trigger.
  • Captcha, logging, monitoring, error analysis, and risk-control services used for security, troubleshooting, and abuse detection.
  • Recipients required for legal, compliance, audit, dispute resolution, accounting, tax, or business transfer purposes.

We do not sell your personal data. We do not transfer user data to third parties except as needed to provide or improve the service, comply with law, protect security, handle abuse, process payments, manage subscriptions, provide support, or complete a business transfer with any required consent.

6. AI and Third-Party Models

When you use AI or translation features, relevant inputs and context may be sent to model or translation providers configured by us. We try to send only the content needed for the requested feature, and we record call status, model, usage, and error information for troubleshooting, cost statistics, and service improvement.

We do not use user AI inputs to train SparkColors-owned models. Third-party providers may process data under their own terms and privacy policies; we prioritize providers that can support our business purpose and data protection requirements.

7. Payments and Subscriptions

Paid features may be purchased through checkout pages provided by our payment provider, currently Creem. When you start a purchase, SparkColors may create an order and redirect you to the payment provider's checkout page.

The payment provider may collect payment details, billing details, order details, and other information needed to process the transaction under its own terms and privacy policy. SparkColors does not collect or store complete card numbers, CVV codes, or full payment credentials.

SparkColors may receive and store payment-related information from the payment provider, such as order identifiers, checkout session identifiers, transaction identifiers, subscription identifiers, product plan, amount, currency, payment status, refund status, invoice or receipt references, and timestamps. We use this information only to provide paid features, manage subscriptions, process refunds, provide support, prevent abuse, maintain accounting records, and comply with legal obligations.

8. Public Content, Moderation, and Administrator Access

If you make thoughts or content public, related content, nickname, avatar, interaction statistics, and context may be viewed, interacted with, reported, or bookmarked by other users.

Administrators do not casually review private content. Administrators may access relevant data only as needed for user support, report review, security incidents, abuse investigations, troubleshooting, legal obligations, payment or subscription support, refund handling, or your explicit authorization. Sensitive views are recorded through admin audit capabilities.

9. Storage, Security, and Retention

We transmit data over HTTPS and use encryption, access controls, and audit measures for sensitive system configuration, third-party credentials, payment integration secrets, webhook secrets, and necessary keys. Internal access is limited according to the minimum necessary principle.

Retention depends on the data type and purpose. Account data, annotations, thoughts, settings, membership status, and subscription status are generally retained while your account exists. Payment orders, transaction records, invoices, refund records, accounting records, export records, log records, AI call records, audit records, security records, and risk-control records may be retained for a reasonable period as needed for service operation, accounting, tax, legal, dispute resolution, security, and abuse-prevention purposes. Data in backups is removed gradually according to backup cycles.

Files generated through user-triggered export or share features are typically saved to the user's device. Unless otherwise explicitly stated for a specific feature, exported files generated locally are not uploaded to our servers solely because of that export action.

10. Your Choices and Rights

You can view and update your profile, change your password, manage device sessions, adjust language and preferences, disable specific sites, export data, delete content, withdraw public visibility, or request account deletion in the product.

You may also contact us to request access, correction, export, deletion, or restriction of processing for your personal data. After verifying your identity, we will handle requests as required by applicable law.

Some payment, invoice, refund, tax, security, and compliance records may need to be retained for legally required or legitimate business purposes even after account deletion.

11. Children

SparkColors is not directed to children below the legal age of consent in their region. If you are a minor, use the service only with consent and guidance from a parent or guardian. If we learn that we collected children's personal data that should not have been collected, we will take reasonable steps to delete it.

12. Policy Updates

We may update this policy as our product features, Chrome Web Store review requirements, laws, payment providers, or operations change. Material updates may be disclosed through in-product notices, login or registration pages, settings pages, or other reasonable methods, and may require your renewed acceptance where required by applicable law or where we determine renewed acceptance is appropriate for a material change.

13. Contact

If you have questions about privacy, data, permissions, payments, subscriptions, or security, contact us at hi@sparkcolors.com.