Skip to main content
SparkdSparkd
Back to home
PLACEHOLDER COPY — pending legal review.

Privacy Policy

Last updated: May 3, 2026

Sparkd (operated by Lopes2Tech, Switzerland) respects your privacy and is committed to protecting your personal data. This policy explains what data we collect, why we collect it, and what your rights are under the GDPR and Swiss Federal Act on Data Protection (FADP/nFADP).

1. Data we collect

We collect information you provide directly (account details — name, email, organization, role; billing information processed by Stripe; content you upload such as job photos, checklists, expense receipts, and time-off attachments) and information collected automatically (IP address, browser/device type, usage telemetry, error logs via Sentry). Cleaner mobile users may also provide geolocation when clocking in to a job, only with explicit permission.

2. Why we process your data

We process data to provide the Sparkd service (scheduling, time tracking, invoicing, photo evidence), to bill you, to authenticate users, to comply with legal obligations (Swiss accounting retention, tax law), and to improve the product. Processing is grounded in (a) the contract between you and Lopes2Tech, (b) your consent for optional cookies and marketing, (c) our legitimate interest in service security and abuse prevention.

3. Data retention

Account data is retained while your subscription is active and for 90 days after cancellation, after which it is deleted or anonymized. Invoices and accounting records are retained for 10 years per Swiss law (Code of Obligations, Art. 958f). Time-off attachments are auto-deleted 90 days after the request is resolved. Audit logs are retained for 24 months. You may request earlier deletion subject to these legal minimums.

4. Your rights

You have the right to access, rectify, port, restrict, or delete your personal data, and to object to certain processing. EU residents have the right to lodge a complaint with their supervisory authority; Swiss residents may contact the Federal Data Protection and Information Commissioner (FDPIC). To exercise any of these rights, email privacy@lopes2tech.ch — we respond within 30 days.

5. Sub-processors and data sharing

We share data only with the sub-processors necessary to operate Sparkd: Supabase (database, auth, storage — EU region), Vercel (hosting), Stripe (payments), Resend (transactional email), Sentry (error monitoring), Google Maps (geocoding). All sub-processors are bound by Data Processing Agreements compatible with GDPR/FADP. We never sell personal data.

6. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Integration credentials (Google Calendar) are encrypted with AES-256-GCM. Multi-factor authentication is available and recommended. Access is restricted by Postgres row-level security and audited. We will notify you of any data breach affecting your data within 72 hours of discovery.

7. Changes to this policy

We may update this policy. Material changes are notified by email at least 30 days before taking effect. The 'last updated' date at the top of this page reflects the most recent revision.

8. Contact

Data controller: Lopes2Tech, Riemenstrasse 1a, 8803 Rüschlikon, Switzerland. Email: privacy@lopes2tech.ch. We do not have a designated DPO; the founder (Paulo Reizinho) handles all data protection inquiries.