SPARK CRM PRIVACY POLICY

1. INTRODUCTION

This Privacy Policy ("Policy") describes how Spark CRM, Inc. ("Spark," "we," "our," or "us") collects, uses, shares, and safeguards personal information when you use our services, software, applications, and website. This Policy applies to all Spark products and services, including:

• Spark CRM: Our core customer relationship management platform
• Spark AI: Artificial intelligence and machine learning features and tools
• Spark Website: Our web-based interface and website (sparkcrm.com)
• Spark Agents: Automated agents and workflow automation features
• Spark Mobile: Mobile applications for iOS and Android platforms
• Spark API: Application programming interfaces and developer tools

By using our Service, you consent to the data practices described in this Policy. We recommend that you read this Policy in full to ensure you are fully informed regarding our privacy practices.

2. INFORMATION WE COLLECT

2.1 Information You Provide to Us

We collect information you provide directly to us, including:

• Account Information: Information you provide when you create an account, such as your name, email address, password, company name, job title, phone number, and billing information.
• Customer Data: Data, information, and content that you upload, input, or otherwise submit to the Service, including information about your clients, prospects, projects, and other business data.
• Solar Installation Data: Information related to solar installations managed through the Service, including wattage calculations, project details, installation locations, and performance metrics for our "Price Per Watt" billing model.
• Communications: Information you provide when you communicate with us, such as when you submit a question, request customer support, or provide feedback.
• Transaction Information: Information about transactions related to your use of the Service, including purchases, billing details, and payment processing information.
• User Content: Information you submit through our Service, such as comments, reviews, CRM data entries, and other content you share.
• AI Training Feedback: Optional feedback you provide on AI-generated content to help improve our machine learning models.

2.2 Information We Collect Automatically

When you use our Service, we automatically collect certain information, including:

• Usage Information: Information about how you use the Service, including features you use, pages you visit, actions you take, time spent on pages, AI feature interactions, API calls made, and other similar information.
• Device Information: Information about the devices you use to access the Service, including hardware model, operating system and version, unique device identifiers, mobile network information, browser type, and IP address.
• Location Information: Information about your approximate location as determined by your IP address, and with your consent, precise location information from mobile devices.
• Log Data: Server logs, which may include information such as IP address, browser type, browser language, referring URL, pages requested, API endpoints accessed, and the date and time of each request.
• Performance Data: Information about Service performance, error rates, response times, and system diagnostics.
• AI Interaction Data: Information about your interactions with Spark AI features, including prompts, queries, generated content, and usage patterns (processed in accordance with Section 7).
• Agent Activity Data: Information about automated actions performed by Spark Agents on your behalf, including workflow executions and third-party service interactions.
• Mobile App Data: Information specific to mobile usage, including app performance, crash reports, and feature usage analytics.
• Cookies and Similar Technologies: Information collected through cookies, web beacons, local storage, and similar technologies.

2.3 Information from Third Parties

We may collect information about you from third parties, including:

• Third-Party Services: If you choose to link or connect your account with a third-party service (e.g., social media, single sign-on, CRM integrations, or other business applications), we may receive information about you from that third party.
• API Integrations: Information received through Spark API integrations with third-party applications and services.
• Partners and Service Providers: We may receive information about you from our business partners and service providers, such as marketing partners, analytics providers, payment processors, and AI training data providers.
• Publicly Available Sources: We may collect information about you from publicly available sources for business verification and fraud prevention purposes.
• Spark Agents Integration Data: Information obtained when Spark Agents interact with external services on your behalf, subject to your configuration and consent.

3. HOW WE USE YOUR INFORMATION

We use the information we collect for various purposes, including to:

3.1 Primary Service Functions

• Provide, maintain, and improve the Service across all platforms
• Process and complete transactions, including "Price Per Watt" billing calculations
• Authenticate users and maintain account security
• Facilitate CRM functionality and data management
• Power AI features and provide intelligent insights and recommendations
• Execute automated workflows through Spark Agents
• Provide API functionality and developer tools
• Deliver mobile app features and functionality
• Process solar installation data for billing and analytics

3.2 Communication and Support

• Send you technical notices, updates, security alerts, and support messages
• Respond to your comments, questions, and requests
• Provide customer support across all service channels
• Send service-related communications about new features and updates

3.3 Improvement and Analytics

• Monitor and analyze trends, usage, and activities in connection with the Service
• Improve AI model accuracy and performance through machine learning
• Optimize automated agent performance and reliability
• Enhance mobile app functionality and user experience
• Develop and improve API features and developer tools
• Conduct research and development for new products and services

3.4 Security and Compliance

• Detect, investigate, and prevent fraudulent transactions and other illegal activities
• Maintain security and prevent abuse of the Service
• Comply with legal obligations and regulatory requirements
• Protect the rights and safety of our users and the public

3.5 Marketing and Personalization

• Personalize and improve the Service experience
• Communicate with you about products, services, offers, promotions, and events
• Facilitate contests, sweepstakes, and promotions
• Create aggregated, anonymized datasets for industry benchmarking

3.6 AI-Specific Uses

• Train and improve machine learning models (only with aggregated, anonymized data unless you provide explicit consent)
• Provide personalized AI recommendations and insights
• Enhance natural language processing capabilities
• Improve predictive analytics features

4. HOW WE SHARE YOUR INFORMATION

We may share the information we collect in the following circumstances:

4.1 With Your Consent

We may share your information when you direct us to do so or otherwise provide your consent, including:

• When you use API integrations with third-party services
• When you configure Spark Agents to interact with external services
• When you choose to share data through mobile app integrations
• When you participate in AI model improvement programs

4.2 Service Providers

We may share your information with third-party vendors, consultants, and other service providers who perform services on our behalf, such as:

• Cloud hosting and infrastructure providers
• Data analytics and business intelligence services
• Payment processing and billing services
• Email delivery and communication services
• Customer service and support platforms
• AI and machine learning service providers
• Mobile app development and analytics services
• API management and developer tools providers
• Security and fraud prevention services

4.3 Business Transfers

If Spark is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your information, including:

• Changes to data processing practices
• Updates to privacy policies and user rights
• Migration of AI models and training data
• Transfer of API access and developer accounts

4.4 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). We may also disclose your information to:

• Comply with a legal obligation
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of users of the Service or the public
• Protect against legal liability
• Respond to national security or law enforcement requests

4.5 Aggregated or De-identified Data

We may share aggregated or de-identified information, which cannot reasonably be used to identify you, with third parties for research, marketing, analytics, and other purposes, including:

• Solar industry benchmarking and market research
• AI model training and improvement (industry-wide datasets)
• Academic research partnerships
• Technology development and innovation

5. DATA RETENTION

We retain your information for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law:

5.1 Active Account Data

• Account information and Customer Data: Retained during active subscription
• AI interaction history: Retained for 24 months for service improvement
• Agent activity logs: Retained for 12 months for troubleshooting and optimization
• API usage logs: Retained for 6 months for billing and support purposes
• Mobile app data: Retained according to platform-specific policies

5.2 Post-Termination Retention

• Customer Data: Available for retrieval for 30 days after account termination
• Billing and transaction records: Retained for 7 years as required by law
• Support communications: Retained for 3 years for quality assurance
• Aggregated analytics data: May be retained indefinitely if properly anonymized
• AI training data: Retained according to our AI data governance policies

5.3 Legal and Compliance Retention

• Data subject to legal holds: Retained as required by applicable law
• Compliance records: Retained according to regulatory requirements
• Security incident data: Retained for 5 years for investigation purposes

6. YOUR RIGHTS AND CHOICES

Depending on your location, you may have certain rights regarding your personal information:

6.1 Access and Update

You may access, update, or correct most of your personal information through:

• Your account settings and profile management
• Customer Data export tools within the Service
• API endpoints for data retrieval
• Mobile app settings and preferences
• Contacting us at privacy@sparkplatform.io

6.2 Data Portability

You can request a copy of your personal information in a structured, commonly used, and machine-readable format:

• Through built-in export tools in Spark CRM
• Via Spark API data export functions
• By contacting us at privacy@sparkplatform.io
• Through mobile app export features where available

6.3 Deletion

You can request the deletion of your personal information by:

• Using account deletion tools within the Service
• Contacting us at privacy@sparkplatform.io

Note that we may retain certain information as required by law or for legitimate business purposes

6.4 AI-Specific Rights

Regarding AI processing of your information:

• You can opt out of AI model training programs
• You can request deletion of AI interaction history
• You can disable personalized AI recommendations
• You can review AI-generated insights about your data

6.5 Automated Agent Controls

For Spark Agents processing:

• You can disable or modify automated agent behaviors
• You can review and delete agent activity logs
• You can revoke third-party service permissions
• You can configure agent data sharing preferences

6.6 API Data Controls

For API usage:

• You can revoke API access tokens
• You can review API usage logs and data sharing
• You can configure API data retention settings
• You can manage third-party application permissions

6.7 Marketing Communications

You can opt out of receiving promotional emails from us by:

• Following the instructions in promotional emails
• Updating your communication preferences in account settings
• Contacting us at privacy@sparkplatform.io
• Managing mobile push notification preferences

6.8 Cookies and Similar Technologies

Most web browsers are set to accept cookies by default. You can typically:

• Remove or reject cookies through your browser settings
• Control local storage and similar technologies
• Manage mobile app tracking preferences
• Opt out of analytics tracking where available

7. ARTIFICIAL INTELLIGENCE AND MACHINE LEARNING DATA PROCESSING

7.1 AI Data Usage Principles

Our use of data for AI and machine learning purposes follows these principles:

• Transparency: We clearly disclose when and how AI processes your data
• Consent: Personal data is not used for AI training without explicit consent
• Minimization: We use only the minimum data necessary for AI functionality
• Accuracy: We strive to maintain accurate and unbiased AI models
• Accountability: We maintain records of AI data processing activities

7.2 AI Training Data

• Customer Data: Never used for AI model training without explicit consent
• Aggregated Data: May be used in anonymized, aggregated form for model improvement
• Interaction Data: AI interaction patterns may be analyzed to improve user experience
• Feedback Data: User feedback on AI outputs helps improve model performance
• Third-Party Data: We may use publicly available datasets for AI training

7.3 AI-Generated Content

• Ownership: You retain rights to content you create using AI features
• Accuracy: AI-generated content may contain errors and should be reviewed
• Bias: We work to minimize bias in AI outputs but cannot guarantee elimination
• Privacy: AI models are designed to not memorize or reproduce personal data

7.4 Automated Decision-Making

When AI is used for automated decision-making:

• We provide clear notice of automated processing
• You have the right to human review of automated decisions
• You can opt out of automated decision-making where feasible
• We maintain audit trails of automated decisions

8. DATA SECURITY

We implement comprehensive security measures to protect your personal information:

8.1 Technical Safeguards

• Encryption: Data encrypted in transit (TLS 1.3+) and at rest (AES-256)
• Access Controls: Role-based access with multi-factor authentication
• Network Security: Firewalls, intrusion detection, and prevention systems
• Vulnerability Management: Regular security scanning and penetration testing
• API Security: Rate limiting, authentication tokens, and secure endpoints
• Mobile Security: App-specific security controls and device-based protections

8.2 Administrative Safeguards

• Employee Training: Regular security awareness training for all staff
• Background Checks: Screening for employees with data access
• Access Management: Principle of least privilege and regular access reviews
• Incident Response: Documented procedures for security incident handling
• Vendor Management: Security requirements for all service providers

8.3 Physical Safeguards

• Data Centers: SOC 2 compliant facilities with 24/7 monitoring
• Environmental Controls: Climate control and fire suppression systems
• Access Controls: Biometric access controls and surveillance systems
• Equipment Security: Secure disposal of decommissioned hardware

8.4 AI-Specific Security

• Model Protection: AI models are protected against unauthorized access and tampering
• Training Data Security: AI training datasets are secured and access-controlled
• Inference Security: AI processing occurs in secure, isolated environments
• Adversarial Protection: Measures to detect and prevent adversarial attacks

8.5 Security Incident Notification

In the event of a data breach or security incident:

• We will investigate and contain the incident promptly
• Affected users will be notified in accordance with applicable laws
• We will provide information about the incident and remediation steps
• We will assist with any required regulatory notifications
• We will conduct post-incident reviews to prevent recurrence

9. INTERNATIONAL DATA TRANSFERS

9.1 Cross-Border Data Processing

We operate globally and may transfer your personal information to countries other than your country of residence:

• Primary Processing: Data is primarily processed in the United States
• Regional Processing: Data may be processed in regional data centers (EU, Asia-Pacific)
• Service Providers: Our service providers may process data in various countries
• Legal Safeguards: We implement appropriate safeguards for international transfers

9.2 Transfer Mechanisms

When transferring personal information internationally, we use:

• Standard Contractual Clauses: EU Commission-approved clauses
• Adequacy Decisions: Transfers to countries with adequate data protection
• Binding Corporate Rules: Internal data transfer agreements where applicable
• Consent: Your explicit consent for specific transfers where required

9.3 Data Residency Options

Depending on your subscription plan:

• Standard: Data stored in US-based data centers
• Professional: Option for EU or US data residency
• Enterprise: Custom data residency in select regions
• API Processing: May occur in multiple regions for performance optimization

10. CHILDREN'S PRIVACY

Our Service is not directed to children under the age of 16, and we do not knowingly collect personal information from children under the age of 16:

• We require users to be at least 18 years old to create accounts
• If we learn we have collected information from a child under 16, we will promptly delete it
• Parents or guardians who believe we may have information from a child should contact us
• Our AI features are designed for business use and not intended for minors
• Mobile apps include age verification mechanisms where required

11. COOKIE POLICY

11.1 What Are Cookies

Cookies are small text files placed on your device when you visit our website or use our services. We also use similar technologies like web beacons, local storage, and mobile identifiers.

11.2 Types of Cookies We Use

• Essential Cookies: Necessary for the website and Service to function properly:
  • Authentication and session management
  • Security and fraud prevention
  • Load balancing and performance optimization
  • API authentication and access control
• Performance Cookies: Help us understand how users interact with our Service:
  • Website and app analytics
  • Feature usage tracking
  • Error reporting and diagnostics
  • A/B testing and optimization
• Functionality Cookies: Enable enhanced functionality and personalization:
  • User preferences and settings
  • Language and region settings
  • AI feature customization
  • Mobile app preferences
• Marketing Cookies: Used for advertising and marketing purposes:
  • Targeted advertising
  • Marketing campaign effectiveness
  • Social media integration
  • Third-party advertising networks

11.3 Cookie Management

You can control cookies through:

• Browser Settings: Most browsers allow cookie management
• Opt-Out Tools: Industry opt-out mechanisms for advertising cookies
• Mobile Settings: App-specific and device-level privacy controls
• Service Settings: In-app cookie and tracking preferences

11.4 Third-Party Cookies

Our Service may include cookies from third parties such as:

• Analytics providers (Google Analytics, etc.)
• Social media platforms
• Advertising networks
• Customer support tools
• API integration partners

12. THIRD-PARTY LINKS AND SERVICES

12.1 Third-Party Responsibility

• We are not responsible for third-party privacy practices
• Third-party services have their own terms and privacy policies
• We recommend reviewing third-party privacy policies before use
• Third-party data collection is governed by their policies, not ours

12.2 Integration Privacy

When you integrate third-party services:

• API Integrations: Data sharing is controlled by your integration settings
• Spark Agents: Third-party interactions are based on your configurations
• Mobile Integrations: Device permissions control data access
• SSO Services: Authentication data may be shared with identity providers

12.3 Social Media Features

Our Service may include social media features:

• Social login options (Google, Microsoft, etc.)
• Social sharing buttons
• Social media widgets and plugins

These features may collect information about your interaction with them

13. BUSINESS ANALYTICS AND RESEARCH

13.1 Analytics Programs

We conduct analytics and research to improve our services:

• Usage Analytics: Understanding feature adoption and user behavior
• Performance Metrics: Service reliability and optimization
• Market Research: Industry trends and competitive analysis
• Academic Partnerships: Collaboration with research institutions

13.2 Benchmarking and Industry Insights

With appropriate consent and privacy protections:

• Solar Industry Benchmarking: Aggregated wattage and performance data
• CRM Best Practices: Anonymized workflow and productivity insights
• AI Performance Metrics: Machine learning model effectiveness
• Mobile Usage Patterns: App engagement and feature utilization

13.3 Data Contribution Programs

Optional programs where you can contribute to:

• AI Model Improvement: Helping train better machine learning models
• Industry Research: Contributing to solar industry knowledge
• Product Development: Informing new feature development
• Academic Research: Supporting scholarly research initiatives

14. DATA PROTECTION OFFICER

We have appointed a Data Protection Officer (DPO) to oversee our privacy program:

Contact Information:

• Email: dpo@sparkplatform.io
• Address: Spark CRM, Inc., Attention: Data Protection Officer, legal@sparkplatform.io

DPO Responsibilities:

• Monitoring compliance with data protection laws
• Conducting privacy impact assessments
• Serving as contact point for supervisory authorities
• Providing guidance on data protection matters
• Handling escalated privacy concerns and complaints

15. REGION-SPECIFIC DISCLOSURES

15.1 European Economic Area (EEA), United Kingdom (UK), and Switzerland

Under the General Data Protection Regulation (GDPR) and similar laws, you have specific rights:

Legal Bases for Processing:

• Contract Performance: To provide services under our agreement
• Legitimate Interests: For business operations, security, and improvements
• Legal Compliance: To meet regulatory requirements
• Consent: For marketing, AI training, and optional features

Your GDPR Rights:

• Access: Request information about your personal data processing
• Rectification: Correct inaccurate or incomplete personal data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Restriction: Limit how we process your personal data
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Revoke consent for consent-based processing
• Supervisory Authority: Lodge complaints with data protection authorities

AI-Specific GDPR Rights:

• Right to explanation for automated decision-making
• Right to human review of automated decisions
• Right to opt out of AI profiling
• Right to correct AI-generated profiles

Data Transfers:

• We use Standard Contractual Clauses for EU data transfers
• Regular assessments ensure adequate protection levels
• Data localization options available for Enterprise customers

15.2 California Residents

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), you have specific rights:

Categories of Personal Information Collected:

• Identifiers (names, email addresses, IP addresses)
• Commercial information (transaction history, billing data)
• Internet activity (usage patterns, website interactions)
• Geolocation data (approximate location from IP address)
• Professional information (job title, company information)
• Inferences (AI-generated insights and recommendations)

Your California Rights:

• Right to Know: Request information about personal information collection and use
• Right to Delete: Request deletion of personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt out of sale or sharing of personal information
• Right to Non-Discrimination: Equal service regardless of privacy rights exercise
• Right to Limit: Limit use of sensitive personal information

Sale and Sharing of Personal Information:

• We do not sell personal information as traditionally defined
• We may share aggregated, de-identified data for business purposes
• Third-party analytics and advertising may constitute "sharing" under CCPA
• You can opt out of such sharing through our privacy settings

Sensitive Personal Information:

• We may collect sensitive personal information (SSN, precise geolocation)
• Used only for disclosed business purposes
• You can limit use through privacy settings or by contacting us

Verification and Authorized Agents:

• We verify identity before fulfilling privacy rights requests
• Authorized agents may submit requests on your behalf
• Verification requirements may vary based on request sensitivity

15.3 Nevada Residents

Nevada residents have the right to opt out of the sale of certain personal information:

• We do not sell personal information as defined under Nevada law
• You may still submit opt-out requests for future protection
• Contact privacy@sparkplatform.io to exercise Nevada rights

15.4 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate:

• Canada (PIPEDA): Privacy rights for Canadian residents
• Australia (Privacy Act): Protections for Australian users
• Brazil (LGPD): Rights for Brazilian data subjects
• Other Countries: Local privacy law compliance as applicable

16. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings:

16.1 Notification of Changes

• Material Changes: 30 days advance notice via email and service notifications
• Minor Updates: Notice through website posting and in-app notifications
• Legal Requirement Changes: Immediate updates with notice where possible
• New Service Features: Updates to reflect new privacy practices

16.2 Continued Use

Your continued use of the Service after privacy policy changes constitutes acceptance of the updated terms. If you disagree with changes, you may:

• Discontinue use of affected features
• Delete your account
• Contact us with concerns
• Exercise applicable privacy rights

16.3 Version Control

• We maintain historical versions of our privacy policy
• Previous versions are available upon request
• Change logs document material modifications
• Legal archives preserved for compliance purposes