Privacy Policy

Effective date: April 1, 2026 · Last updated: April 1, 2026

At Sparq Ads, we are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal data. This Privacy Policy explains our practices in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable data protection laws.

1. Data Controller

The data controller responsible for processing your personal data is:

Halo Sp. z o.o.

ul. Warszawska 40/2A, 40-008 Katowice, Poland

NIP: PL9542880835

REGON: 540462426

Email: contact@sparqads.com

Phone: +48 570 536 333

Website: https://sparqads.com

2. Data We Collect

We collect and process the following categories of personal data:

2.1 Account Information

When you register for an account, we collect your name, email address, company name, phone number, and job title. If you sign up via a third-party provider (e.g., Google), we may receive profile information from that provider.

2.2 Usage Data

We automatically collect information about how you interact with our platform, including pages viewed, features used, session duration, click patterns, device type, browser type, operating system, IP address, and referring URLs.

2.3 Cookies and Tracking Technologies

We use cookies and similar technologies to collect data about your browsing behavior. For detailed information, please refer to our Cookie Policy.

2.4 Ad Platform Data

When you connect your advertising accounts (Meta, Google Ads, LinkedIn), we access campaign performance data, audience data, ad creative metadata, spending data, and conversion metrics from those platforms via their respective APIs.

2.5 Payment Information

Payment processing is handled by Stripe, Inc. We do not store your full credit card number, CVV, or other sensitive payment details on our servers. We retain only a truncated card number (last four digits), card brand, expiration date, and billing address for record-keeping purposes.

2.6 Communications Data

When you contact us via email, phone, or in-app messaging, we collect the content of your communications along with metadata such as timestamps and sender information.

3. Legal Basis for Processing

We process your personal data on the following legal bases under Article 6(1) of the GDPR:

Performance of a contract (Art. 6(1)(b)): Processing is necessary to provide you with our services, manage your account, process payments, and fulfill our contractual obligations to you.
Consent (Art. 6(1)(a)): Where you have given explicit consent, such as for marketing communications, analytics cookies, and advertising/tracking cookies. You may withdraw your consent at any time.
Legitimate interest (Art. 6(1)(f)): Processing is necessary for our legitimate interests, including improving our services, ensuring platform security, preventing fraud, and conducting internal analytics. We balance these interests against your rights and freedoms.
Legal obligation (Art. 6(1)(c)): Processing is necessary to comply with applicable laws, such as tax and accounting regulations.

4. How We Use Your Data

We use the data we collect to:

Provide, maintain, and improve the SparqAds platform and its features.
Generate AI-powered ad creatives, copy, and campaign recommendations based on your brand data, campaign history, and industry benchmarks.
Analyze campaign performance and provide actionable analytics and insights.
Process billing and subscription management through Stripe.
Send transactional communications (e.g., account confirmations, billing receipts, security alerts).
Send marketing communications where you have provided consent, including product updates, tips, and promotional offers.
Ensure the security and integrity of our platform, detect and prevent fraud or abuse.
Comply with legal obligations, resolve disputes, and enforce our agreements.

5. Data Sharing and Third Parties

We do not sell your personal data. We share data with the following categories of third-party service providers, solely for the purposes described in this policy:

Provider	Purpose	Data Shared
Stripe, Inc.	Payment processing	Billing details, transaction data
Resend, Inc.	Transactional and marketing emails	Email address, name
HostedSMS	SMS notifications	Phone number, message content
Anthropic, PBC / OpenAI, Inc.	AI content generation	Brand guidelines, campaign briefs, ad copy prompts (no directly identifying personal data)
Meta Platforms, Inc.	Ad campaign management	Campaign data, audience settings, creative assets
Google LLC	Ad campaign management	Campaign data, audience settings, creative assets
LinkedIn Corporation	Ad campaign management	Campaign data, audience settings, creative assets

We may also disclose personal data if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Halo Sp. z o.o., our users, or others.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

Account data: Retained for the duration of your account and up to 30 days after account deletion, to allow for account recovery.
Campaign and ad performance data: Retained for the duration of your account plus 12 months after account closure.
Billing and transaction data: Retained for 5 years after the last transaction, in accordance with Polish tax and accounting regulations.
Usage and analytics data: Retained in identifiable form for up to 24 months, then aggregated or anonymized.
Communications data: Retained for up to 24 months after the last interaction.
Cookie data: Retention periods vary by cookie type; see our Cookie Policy.

7. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

Right of access (Art. 15): You have the right to request a copy of the personal data we hold about you.
Right to rectification (Art. 16): You have the right to request correction of inaccurate or incomplete personal data.
Right to erasure (Art. 17): You have the right to request deletion of your personal data, subject to certain exceptions (e.g., legal obligations).
Right to data portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transfer it to another controller.
Right to restrict processing (Art. 18): You have the right to request that we limit the processing of your personal data under certain circumstances.
Right to object (Art. 21): You have the right to object to processing based on legitimate interests, including profiling, and to processing for direct marketing purposes.
Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at contact@sparqads.com. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

8. International Data Transfers

Some of our third-party sub-processors are based in the United States and other countries outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission.
Adequacy decisions by the European Commission, where applicable.
The EU-U.S. Data Privacy Framework, where the recipient is certified.

You may request a copy of the applicable transfer safeguards by contacting us at contact@sparqads.com.

9. Cookies

We use cookies and similar tracking technologies to enhance your experience on our platform. For comprehensive information about the types of cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption at rest using AES-256 for all stored personal data.
Encryption in transit using TLS 1.3 for all data transmitted between your device and our servers.
Regular security audits and vulnerability assessments.
Role-based access controls and least-privilege principles for internal access.
Secure software development practices and regular dependency updates.
Incident response procedures with notification protocols in accordance with GDPR Article 33.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

11. Children's Privacy

SparqAds is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete such data as promptly as possible. If you believe we have collected data from a child under 16, please contact us at contact@sparqads.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website with a new effective date and, where appropriate, by sending you an email notification. We encourage you to review this policy periodically.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Halo Sp. z o.o.

ul. Warszawska 40/2A, 40-008 Katowice, Poland

Email: contact@sparqads.com

Phone: +48 570 536 333

Right to lodge a complaint: If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the competent supervisory authority. For Poland, the supervisory authority is:

Prezes Urzedu Ochrony Danych Osobowych (UODO)

ul. Stawki 2, 00-193 Warszawa, Poland

Website: https://uodo.gov.pl