Spark App Privacy Policy

Privacy Policy

Spark — ADHD Executive Function App

Last Updated: April 7, 2026

Effective Date: April 7, 2026

1. Introduction

This Privacy Policy describes how Spark (“we,” “us,” “our,” or the “App”) collects, uses, stores, and protects your personal information when you use our mobile application and related services. Spark is operated by InfraTech Strategy Group, LLC (“Operator”).

By downloading, installing, or using Spark, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree to this Privacy Policy, please do not use the App.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address — used for account authentication and identification.
  • Password — stored in encrypted form; we do not have access to your plaintext password.

2.2 User-Generated Content

When you use the App, we collect and store:

  • Task descriptions — the text you enter when describing tasks you want to break down.
  • Session data — generated micro-steps, step completion status, step order, and time spent on each step.
  • Session metadata — session creation time, completion time, and session status.

2.3 User Preferences

We store your locally selected preferences, including:

  • Energy level selection — your self-reported energy level before a session.
  • Time availability selection — your self-reported available time before a session.
  • Behavioral pattern data — aggregated, non-identifying statistics about which types of steps you tend to complete or skip, used solely to improve task suggestions.

2.4 Device and Usage Information

We may automatically collect:

  • Device type and operating system version — for compatibility and troubleshooting purposes.
  • App interaction data — such as session duration and feature usage, stored locally on your device.

2.5 Voice Input Data

If you choose to use the voice input feature:

  • Audio recordings are processed on-device using Apple’s Speech Recognition framework.
  • Audio data is converted to text locally and is not transmitted to our servers.
  • We do not store, retain, or have access to any audio recordings.
  • Voice input is entirely optional and requires your explicit permission.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide and operate the App — including account creation, authentication, task breakdown generation, focus sessions, and session history.
  • To generate AI-powered task breakdowns — your task descriptions are sent to a third-party AI service (OpenAI) to generate actionable micro-steps. See Section 5 for details.
  • To personalize your experience — your energy level, time availability, and behavioral patterns are used to tailor the AI-generated steps to your current context.
  • To persist your session state — so you can resume sessions after closing and reopening the App.
  • To send local notifications — if you have granted notification permissions, the App may send gentle reminders about active sessions. These notifications are generated and scheduled entirely on your device.

We do not use your information for:

  • Advertising or ad targeting
  • Selling or renting to third parties
  • Profiling for purposes unrelated to App functionality
  • Marketing communications (unless you separately opt in)

4. Data Storage and Security

4.1 Cloud Storage

Your account information, task descriptions, and session data are stored on servers provided by Supabase, Inc., a cloud infrastructure provider. Supabase stores data in secure, encrypted databases with the following protections:

  • Data is encrypted in transit using TLS/SSL.
  • Data is encrypted at rest.
  • Access is controlled through Row Level Security policies, ensuring that each user can only access their own data.

4.2 Local Storage

Certain data is stored locally on your device:

  • Authentication tokens — stored using the device’s local storage mechanism to maintain your signed-in session.
  • Session state — your active session progress is cached locally so the App can resume where you left off.
  • User preferences — energy level, time availability, and behavioral pattern data are stored locally on your device.

4.3 Security Measures

We implement reasonable technical and organizational measures to protect your information, including:

  • Encrypted data transmission between the App and our servers.
  • Row Level Security database policies restricting data access to authenticated account owners.
  • Server-side processing of AI requests to prevent exposure of API credentials on client devices.
  • No storage of plaintext passwords.

While we strive to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

5. Third-Party Services

5.1 Supabase

We use Supabase for authentication and database services. Your account information and session data are stored on Supabase infrastructure. Supabase’s privacy policy is available at: https://supabase.com/privacy

5.2 OpenAI

When you submit a task for breakdown, your task description text is sent to OpenAI’s API to generate micro-steps. The following applies:

  • Only the task description text you enter is sent to OpenAI.
  • Your email address, account information, and other personal data are not sent to OpenAI.
  • Contextual information about your energy level, time availability, and general behavioral patterns may be included in the AI prompt to improve step quality. This information is non-identifying.
  • OpenAI’s data usage policies apply to data processed by their API. OpenAI’s privacy policy is available at: https://openai.com/privacy

5.3 Apple Speech Recognition

If you use voice input, Apple’s on-device Speech Recognition framework processes your audio. Apple’s privacy policy applies to any data processed by their speech recognition service. Apple’s privacy policy is available at: https://www.apple.com/privacy

6. Data Retention

  • Account data is retained for as long as your account remains active.
  • Session data is retained for as long as your account remains active.
  • Local device data (preferences, cached session state) is retained on your device until you delete the App or clear its data.

If you delete your account, we will delete your associated data from our servers within 30 days, except where retention is required by law.

7. Your Rights and Choices

7.1 Access and Portability

You have the right to request a copy of the personal data we hold about you.

7.2 Correction

You have the right to request correction of inaccurate personal data.

7.3 Deletion

You have the right to request deletion of your account and associated data. To request account deletion, contact us at the email address provided in Section 12.

7.4 Notification Preferences

You can enable or disable local notifications at any time through your device’s Settings app. Disabling notifications does not affect the App’s core functionality.

7.5 Voice Input

Voice input is optional. You can deny microphone and speech recognition permissions when prompted, or revoke them at any time through your device’s Settings app. The App functions fully without voice input.

8. Children’s Privacy

Spark is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information. If you believe a child under 13 has provided us with personal information, please contact us at the email address provided in Section 12.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers (Supabase, OpenAI) maintain servers. These countries may have data protection laws that differ from your jurisdiction. By using the App, you consent to the transfer of your information to these countries.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the “Last Updated” date at the top of this policy.
  • Notify you through the App or by other appropriate means.

Your continued use of the App after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know — You may request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete — You may request deletion of your personal information.
  • Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights.

We do not sell personal information to third parties.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: justin@infratechstrategygroup.com

13. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the United States and the state in which the Operator resides, without regard to conflict of law principles.