Privacy Policy
Effective Date: July 10, 2026 Last Updated: July 10, 2026
1. Introduction
DivuSpark LLC ("we", "us", "our") operates the DivuSpark platform ("Services"). This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the rights you have.
For users in Turkey: Please also refer to our KVKK Aydınlatma Metni (KVKK Information Notice) which provides additional disclosures required under Turkish law.
For users in the European Union/EEA/UK: Additional rights are described in Section 8 (Rights of EU/EEA/UK Users).
2. Data Controller
For the purposes of EU/UK GDPR:
- Data Controller: DivuSpark LLC
- Address: 30 N Gould St #65176, Sheridan, WY 82801, USA
- Privacy Contact: privacy@divuspark.com
We have not appointed a mandatory Data Protection Officer (DPO) but designate privacy@divuspark.com as the point of contact for all privacy matters.
3. Information We Collect
3.1 Information You Provide
Account Information:
- Name, email address, password (hashed)
- Profile information: bio, experience, education, skills, profile picture
- Company information (for company accounts): company name, address
User Content:
- Sparks (private drafts)
- Flames (public projects)
- Messages, comments, reactions
- Uploaded files (images, documents, audio, video)
- Team evaluations
Payment Information:
- Processed by Stripe; we do not store card details
- Subscription plan, billing history, invoice records
3.2 Information Collected Automatically
Technical Information:
- IP address (hashed for fraud prevention)
- Device fingerprint (hashed, for abuse detection)
- Browser type, operating system, device identifiers
- Access times, pages viewed, session duration
Usage Data:
- Spark Engine action logs (which micro-behaviors you perform, scoring events)
- Feature usage patterns
- Error logs (via Sentry, with PII redaction)
- Performance metrics (via Prometheus)
Cookies and Similar Technologies: See our Cookie Policy for details.
3.3 Information from Third Parties
- OAuth providers (Google, LinkedIn): basic profile data upon login
- Payment provider (Stripe): payment status and subscription events
4. How We Use Your Information
4.1 Purposes
We use your information to:
Provide the Services:
- Operate your account and platform features
- Calculate Spark Engine scores
- Enable communications between users
- Process payments
Improve the Services:
- Analyze usage patterns (aggregated/anonymized)
- Develop new features
- Fix bugs and optimize performance
Communicate with You:
- Service-related announcements (not marketing)
- Support responses
- Legal notices (policy changes, consent requests)
Marketing (with your consent):
- Newsletter, feature announcements, promotional content
- You can opt out anytime from account settings
Security and Integrity:
- Detect and prevent abuse (spam, coordinated inauthentic behavior, fraud)
- Enforce Terms of Service
- Investigate security incidents
Legal Compliance:
- Respond to legal requests (subpoenas, court orders)
- Tax and financial record-keeping
4.2 Legal Bases (EU/EEA/UK Users)
Under GDPR, we process personal data on the following legal bases:
| Activity | Legal Basis | |----------|-------------| | Account creation, Service operation | Contract (Article 6(1)(b)) | | Fraud prevention, security | Legitimate interest (Article 6(1)(f)) | | Marketing emails | Consent (Article 6(1)(a)) | | Analytics cookies | Consent (Article 6(1)(a)) | | Legal compliance | Legal obligation (Article 6(1)(c)) | | Spark Engine scoring | Contract + legitimate interest |
5. Automated Decision-Making and Profiling
5.1 Spark Engine
The Spark Engine automatically calculates scores and rankings based on your activities. This is a form of profiling.
Important: Spark Engine outputs are social signals and leaderboard placements. They do not make consequential decisions about you such as employment, credit, insurance, or legal status. You are not subjected to automated decision-making that produces legal or similarly significant effects.
5.2 Your Rights Regarding Profiling
You have the right to:
- Opt out of public leaderboard visibility at any time
- Object to scoring-based profiling (affecting public display, not internal calculation for Service operation)
- Request an explanation of scoring rules (published in our Help Center)
- Export your score history
5.3 Abuse Detection
We use automated systems to detect coordinated inauthentic behavior, Sybil attacks, and other abuse. Detected abuse may result in score reversals, warnings, or account suspension. You can appeal any automated action by contacting link@divuspark.com.
6. How We Share Your Information
We do not sell your personal information. We share it only in the following cases:
6.1 With Other Users
Information visible to other users based on your privacy settings:
- Profile information (configurable)
- Your Flames (public projects)
- Your public comments, reactions, and posts
- Your leaderboard position (if opted in)
- Team evaluation feedback (to evaluated user)
6.2 With Service Providers
We share data with processors who help us operate the Services, bound by Data Processing Agreements:
| Provider | Purpose | Data Shared | |----------|---------|-------------| | Google Cloud Platform | Infrastructure hosting | All data (encrypted) | | Stripe | Payment processing | Name, email, payment method | | Sentry | Error tracking | Error logs (PII redacted) | | Cloudflare | CDN, DDoS protection | IP address, request headers | | FingerprintJS | Device fingerprinting (anti-abuse) | Device data | | Email provider | Transactional emails | Email address, message content |
6.3 With Authorities
We may disclose information when required by law:
- Valid subpoena, court order, or legal process
- To protect our rights, property, or safety
- To prevent imminent harm to users or the public
When legally permitted, we will notify you of such requests.
6.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity, subject to this Privacy Policy.
6.5 With Your Consent
For any other purposes, we will ask for your explicit consent.
7. Data Retention
We retain personal information only as long as necessary:
| Data Type | Retention Period | |-----------|------------------| | Active account data | Duration of account + 2 years | | Deleted account (soft delete) | 30 days (reversible) | | Deleted account (hard delete) | Anonymized or deleted within 30 days after soft delete expires | | Payment records (for tax) | 10 years (legal requirement) | | Abuse detection logs | 90 days | | Error logs (Sentry) | 90 days | | Consent logs | Duration of account + 5 years (compliance evidence) | | Backups | 30 days rolling |
Exceptions: We may retain data longer if required by law, for ongoing legal proceedings, or for legitimate fraud prevention purposes.
8. Rights of EU/EEA/UK Users (GDPR)
You have the following rights:
8.1 Right of Access (Article 15)
Request a copy of personal data we hold about you. Response within 30 days.
8.2 Right to Rectification (Article 16)
Request correction of inaccurate or incomplete data. Most profile data can be edited directly.
8.3 Right to Erasure / "Right to be Forgotten" (Article 17)
Request deletion of your personal data, subject to exceptions (legal obligations, ongoing contracts, legitimate interests). Use the Delete Account feature in settings.
8.4 Right to Data Portability (Article 20)
Request your data in machine-readable format (JSON + CSV). Use the Export Data feature in settings. Processing time: up to 30 days.
8.5 Right to Restrict Processing (Article 18)
Request temporary limitation of processing in specified cases.
8.6 Right to Object (Article 21)
Object to processing based on legitimate interests or for direct marketing.
8.7 Rights Regarding Automated Decision-Making (Article 22)
As described in Section 5, Spark Engine does not produce legal or significant effects on you. You may nonetheless:
- Opt out of leaderboard visibility
- Request explanation of scoring rules
- Contest specific scoring decisions via link@divuspark.com
8.8 Right to Withdraw Consent
Where processing is based on consent, you may withdraw at any time without affecting prior processing.
8.9 Right to Lodge a Complaint
You may lodge a complaint with a supervisory authority in your EU/EEA country of residence. List of authorities: https://edpb.europa.eu/about-edpb/about-edpb/members_en
9. Rights of Turkish Users (KVKK)
See our KVKK Aydınlatma Metni for detailed information on rights under KVKK Article 11, including access, correction, deletion, objection, and application procedures.
10. Rights of California Users (CCPA/CPRA)
California residents have rights to:
- Know what personal information is collected
- Delete personal information
- Correct inaccurate information
- Opt out of "sale" or "sharing" (we do not sell; sharing is limited to service providers)
- Non-discrimination for exercising rights
Requests: privacy@divuspark.com
11. International Data Transfers
Our infrastructure is hosted on Google Cloud Platform in the European Union (Frankfurt, europe-west3 region). Your data may be transferred to and processed in countries outside your residence.
For EU/EEA/UK users: Transfers to the US are made pursuant to Standard Contractual Clauses (SCCs) approved by the European Commission, as supplemented by Google Cloud Platform's data processing terms.
12. Security
We implement technical and organizational measures to protect your data:
- Encryption in transit (TLS 1.2+)
- Encryption at rest (Google Cloud Platform managed)
- Access controls (role-based, principle of least privilege)
- Regular security audits
- Vulnerability scanning
- Error monitoring (Sentry)
- PII redaction in logs
Despite these measures, no system is 100% secure. Notify us immediately at privacy@divuspark.com if you suspect unauthorized access to your account.
In case of a personal data breach, we will notify affected users and applicable authorities as required by law (typically within 72 hours for GDPR).
13. Children's Privacy
Our Services are not directed to children under 18. We do not knowingly collect personal information from children under 18. If we learn we have collected such data, we will delete it promptly. Parents or guardians who believe a child has submitted data should contact privacy@divuspark.com.
14. Changes to This Privacy Policy
We may update this Policy from time to time. Material changes will be notified via email or in-app at least 30 days before taking effect. Continued use after changes constitutes acceptance. Previous versions are archived and available upon request.
15. Contact Us
Privacy inquiries: privacy@divuspark.com Data subject requests: privacy@divuspark.com General support: link@divuspark.com
DivuSpark LLC 30 N Gould St #65176, Sheridan, WY 82801, USA