First-time signup? Get 5% off your first order with codeRedeem at checkout
DigitalSparkDigitalSpark
Legal · Privacy

Privacy Policy

We process the minimum data needed to operate DigitalSpark — and we tell you exactly what, why and for how long.

Last updated: June 1, 2026

1. Who we are

DigitalSpark s. r. o. ("DigitalSpark", "we", "us") is the controller of personal data collected through digitalspark.app and our products (Site Chat, Call Agent, Support Agent, DB-DaaS). Our registered office is in Bratislava, Slovakia.

For data protection inquiries contact our DPO at [email protected].

2. Data we collect

  • Account data: name, email, password hash, organization, billing currency.
  • Billing data: invoice address, payment method (bank transfer reference, last 4 digits of cards when applicable), VAT number.
  • Usage data: credits consumed, API calls, error logs, feature interactions.
  • Device & log data: IP, user-agent, timestamps, referrer, request paths.
  • Communications: support tickets, chat transcripts, emails you send us.
  • Cookies & similar: see our Cookie Policy.

3. Why we process it (legal bases)

  • Contract (Art. 6(1)(b) GDPR): to provide the service, manage your account and bill you.
  • Legitimate interests (Art. 6(1)(f)): security, fraud prevention, product improvement, aggregated analytics.
  • Legal obligation (Art. 6(1)(c)): tax, accounting and compliance retention.
  • Consent (Art. 6(1)(a)): marketing emails and non-essential cookies — withdrawable any time.

4. How long we keep data

  • Account data: while your account is active, then 12 months.
  • Invoices & tax records: 7 years (legal requirement).
  • Operational logs: 90 days rolling.
  • Support transcripts: 24 months.
  • Marketing preferences: until you unsubscribe.

5. Sharing & subprocessors

We never sell personal data. We share with vetted subprocessors under DPAs, including cloud hosting (AWS, GCP), email delivery, payment processing and customer support tooling. A full list is available on request from [email protected].

International transfers rely on EU Standard Contractual Clauses and supplementary measures where required.

6. Your rights

Under GDPR, UK GDPR and CCPA you have rights to access, rectification, erasure, restriction, portability, objection, and to withdraw consent. To exercise these rights email [email protected]. We respond within 30 days.

You may also lodge a complaint with your local supervisory authority.

7. Security

We operate a SOC 2 Type II–aligned program with encryption in transit and at rest, least-privilege access, MFA, continuous monitoring, and quarterly penetration testing. Incidents are notified within 72 hours where required.

8. Children

Our services are not directed to children under 16. We do not knowingly collect data from minors.

9. Changes to this policy

We update this policy when our practices change. Material updates are notified by email or in-app at least 14 days before they take effect.

Questions about this policy? Email [email protected] or write to DigitalSpark s. r. o., Bratislava, Slovakia.