Privacy Policy

Last Updated: September 24, 2024

This Privacy Policy explains how Mánahöll ehf., a company registered in Iceland with registration number 510523-1050, located in Fannborg, Kópavogur, Iceland ("SparkShift", "we", "us", or "our"), collects, uses, discloses, and protects your personal information when you use our services.

1. Information We Collect

1.1 Information You Provide to Us

We collect information you provide directly to us, including:

Account Information:

• Name and email address
• Profile information and preferences
• Account credentials (passwords are encrypted)
• Billing information (processed by third-party payment processors)

Content Information:

• Tasks, projects, and content you create
• Comments and communications
• Files and documents you upload
• Feedback and support inquiries

Communication Data:

• Messages you send to us
• Survey responses
• Marketing communication preferences

1.2 Information We Collect Automatically

When you use our service, we automatically collect:

Usage Data:

• Features you use and actions you take
• Time, frequency, and duration of activities
• Pages viewed and links clicked
• Search terms and filters applied

Technical Data:

• IP address and location data
• Browser type and version
• Operating system and device information
• Referring website and exit pages
• Unique device identifiers

Cookies and Similar Technologies:

• Session cookies for authentication
• Preference cookies for user settings
• Analytics cookies for service improvement
• Security cookies for fraud prevention

1.3 Information from Third Parties

We may receive information from:

• Authentication providers (Google, etc.)
• Payment processors
• Analytics services
• Security and fraud prevention services

2. Legal Basis for Processing (GDPR)

Under the EU General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

Contract Performance: To provide our services as outlined in our Terms of Service Legitimate Interest: To improve our services, prevent fraud, and ensure security Consent: For marketing communications and non-essential cookies Legal Obligation: To comply with applicable laws and regulations

3. How We Use Your Information

We use the information we collect to:

3.1 Provide and Maintain Our Service

• Create and manage your account
• Process your tasks and projects
• Provide AI-powered features and suggestions
• Enable collaboration and sharing
• Process payments and billing

3.2 Communicate With You

• Send service-related notifications
• Respond to your inquiries and support requests
• Provide updates about new features
• Send marketing communications (with your consent)

3.3 Improve Our Service

• Analyze usage patterns and trends
• Develop new features and functionality
• Conduct research and analytics
• Test and optimize our services

3.4 Ensure Security and Compliance

• Monitor for security threats
• Prevent fraud and abuse
• Comply with legal obligations
• Enforce our Terms of Service

4. AI and Machine Learning

Our service uses artificial intelligence to enhance your productivity. Here's how we handle your data in AI processing:

• Content Analysis: We analyze your tasks and projects to provide AI suggestions and improvements
• Pattern Recognition: We use aggregated, anonymized data to improve AI accuracy
• Data Minimization: We only process data necessary for AI functionality
• No Training: Your personal data is not used to train our foundational AI models

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We work with trusted third-party service providers who assist us in:

• Cloud hosting and data storage
• Payment processing
• Email delivery
• Analytics and monitoring
• Customer support

5.2 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes
• Government requests
• Protection of our rights and safety
• Prevention of fraud or illegal activities

5.4 With Your Consent

We may share your information with your explicit consent for specific purposes not covered in this policy.

6. International Data Transfers

SparkShift is based in Iceland, which is recognized by the European Commission as providing adequate protection for personal data. When we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place through:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Binding corporate rules or certification schemes
• Your explicit consent for specific transfers

7. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with our legal obligations:

Account Data: Retained while your account is active and for 30 days after account deletion Content Data: Retained according to your preferences and legal requirements Usage Data: Aggregated data may be retained indefinitely for analytics Legal Data: Retained as required by applicable laws (typically 5-7 years)

Upon account deletion, we will:

• Delete or anonymize your personal data within 30 days
• Maintain certain data if required by law
• Provide you with data export options before deletion

8. Your Rights Under GDPR

As a data subject, you have the following rights:

8.1 Right of Access

Request access to your personal data and information about how we process it.

8.2 Right to Rectification

Request correction of inaccurate or incomplete personal data.

8.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data under certain circumstances.

8.4 Right to Restrict Processing

Request limitation of how we process your personal data.

8.5 Right to Data Portability

Receive your personal data in a structured, machine-readable format.

8.6 Right to Object

Object to processing of your personal data for direct marketing or other purposes.

8.7 Rights Related to Automated Decision Making

Right not to be subject to automated decision-making, including profiling.

8.8 Right to Withdraw Consent

Withdraw your consent for processing at any time (where consent is the legal basis).

To exercise these rights, contact us at gdpr@sparkshift.io. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

Technical Measures:

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security assessments and updates
• Intrusion detection and monitoring systems

Organizational Measures:

• Staff training on data protection
• Access controls and need-to-know principles
• Regular security policy reviews
• Incident response procedures

Despite our security measures, no system is completely secure. We cannot guarantee absolute security of your data.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Authenticate users and remember preferences
• Analyze usage and improve our service
• Provide personalized experiences
• Deliver relevant advertisements

Cookie Categories:

• Strictly Necessary: Essential for service functionality
• Performance: Help us understand how you use our service
• Functional: Remember your preferences and settings
• Marketing: Used to deliver relevant advertisements

You can manage cookie preferences through your browser settings or our cookie consent manager.

11. Third-Party Services

Our service integrates with third-party services that have their own privacy policies:

AI Services: Google Gemini API for AI functionality Analytics: Usage analytics and performance monitoring Payment Processing: Stripe or similar payment processors Infrastructure: Cloud hosting and security services

We encourage you to review the privacy policies of these third-party services.

12. Children's Privacy

SparkShift is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will delete such information promptly.

13. Data Protection Officer

For questions about data protection and privacy, you can contact our Data Protection Officer:

Data Protection Officer Email: gdpr@sparkshift.io Address: Mánahöll ehf., Fannborg, Kópavogur, Iceland

14. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have processed your personal data unlawfully. In Iceland, you can contact:

The Icelandic Data Protection Authority (Persónuvernd) Website: www.personuvernd.is Email: postur@personuvernd.is Address: Rauðarárstígur 10, 105 Reykjavík, Iceland

If you are located in another EU country, you can contact your local supervisory authority.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by:

• Posting a notice on our website
• Sending an email to your registered email address
• Providing an in-app notification

We encourage you to review this Privacy Policy periodically. Your continued use of our service after we make changes constitutes acceptance of the updated policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

General Inquiries: Mánahöll ehf. Fannborg Kópavogur, Iceland Email: support@sparkshift.io

Privacy-Specific Inquiries: Data Protection Officer Email: gdpr@sparkshift.io

Legal Inquiries: Email: legal@sparkshift.io

17. Definitions

Personal Data: Any information relating to an identified or identifiable natural person Processing: Any operation performed on personal data, including collection, use, storage, and disclosure Data Controller: The entity that determines the purposes and means of processing personal data (SparkShift) Data Processor: An entity that processes personal data on behalf of the data controller Data Subject: The individual whose personal data is being processed