Policies & Data

privacy policy below you can check our privacy policy for details on how we collect personal information data protection our data processing agreement sub processors cookies information read full policy last updated may 4th, 2024 this policy describes the personal information that we gather from you on the services, how we use and disclose such personal information, your rights and choices with respect to your personal information, and how you can contact us if you have any questions or concerns collecting personal information when you create an account, we collect certain information necessary to provide your with our service we collect your name, company name, company website url, email, and time zone we require this information to active our service, to be able to contact you, to properly show dates in your account, and for invoice information if you are a resident of the eea, you have the right to access the personal information we hold about you, to port it to a new service, and to ask that your personal information be corrected, updated, or erased if you would like to exercise these rights, please contact us through the contact information below sharing personal information we may share your personal information with service providers to help us provide our services and fulfill our contracts with you, as described above for example, we may share your personal information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights data protection our data processing agreement inline with the eu general data protection regulation (gdpr) and the uk data protection act (dpa), you (the merchant) who uses sparklayer are referred to as the “data controller” and sparklayer as the platform is referred to as the “data processor” this means that we process data on your behalf in our case, we process the personal data of our merchant’s customers to help facilitate a transaction between the merchant and customer for example, our app reads your shopify customer data to be able to link the customer to customer specific pricing we will only process personal data with your knowledge ensure we have the technical and organisational measures in place to protect unauthorised or unlawful processing of personal data and that on a regular basis we will reassess these measures assist you in responding to any request from a data subject and in compliance with the dpa for any requests, please email to contact\@sparklayer io and we will respond within 2 business days delete any personal data after this agreement ends within the time frame mentioned in ‘termination’ section of our terms of service we will not, without your consent, divulge, sell, lease, rent or provide in any other way personal information about you or your customers to a third party, except in the following circumstances if required to by a court of law, if you have signed up for optional services which require us to pass your personal information to another company, for the purpose of processing payments and direct debits from you or your customers in the event of a data breach, we’ll inform you about the the severity of the breach and the scope of data breach within 2 business days sparklayer is registered with the ico (information commissioner's office) as a tier 1 organisation with reference number zb074246 data sub processors we may share data with service companies working for sparklayer and on our behalf and as listed below such service companies may need access to or be able to view personal data in order to provide those functions and in such cases, these companies must abide by our data privacy and security requirements and will only be given access to data that is strictly required for them to carry out their tasks amazon web services hosting of services (has access to our merchants data) google cloud hosting of services (has access to our merchants data) google analytics to provide analytics on how our customers use our tools and our sites; but it is not used to gather analytics on how sparklayer is used on your sites stripe internal billing for customers of sparklayer excluding shopify billed customers hubspot managing customer sales pipeline intercom our support system lawful basis pursuant to the general data protection regulation (“gdpr”), if you are a resident of the european economic area (“eea”), we process your personal information under the following lawful bases your consent; the performance of the contract between you and the site; compliance with our legal obligations; to protect your vital interests; to perform a task carried out in the public interest; for our legitimate interests, which do not override your fundamental rights and freedoms retention we take measures to delete your personal information or keep it in a form that does not permit identifying you when your personal information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period when determining the specific retention period, we take into account various factors, such as the type of services provided to you, the nature and length of our relationship with you, and any mandatory retention periods provided by law and the statute of limitations automatic decision making if you are a resident of the eea, you have the right to object to processing based solely on automated decision making (which includes profiling), when that decision making has a legal effect on you or otherwise significantly affects you we do not engage in fully automated decision making that has a legal or otherwise significant effect using customer data services that include elements of automated decision making include temporary denylist of ip addresses associated with repeated failed transactions this denylist persists for a small number of hours temporary denylist of credit cards associated with denylisted ip addresses this denylist persists for a small number of days cookies a cookie is a small amount of information that’s downloaded to your computer or device when you visit our site we use a number of different cookies, including functional, performance, advertising, and social media or content cookies cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection) this means you don’t have to re enter this information each time you return to the site or browse from one page to another cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor cookies used on www sparklayer io we use the following cookies to optimize your experience on our site and to provide our services google analytics and all associated cookies the length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie session cookies last until you stop browsing and persistent cookies last until they expire or are deleted most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device you can control and manage cookies in various ways please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “tools” or “preferences” menu for more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www allaboutcookies org additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners to exercise your rights or opt out of certain uses of your information by these parties, please follow the instructions in the “behavioural advertising” section above do not track please note that because there is no consistent industry understanding of how to respond to “do not track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser system security, data & availability keeping customer data safe and secure is a top priority for us we work hard to protect our customers and design our software using security first principles our systems are securely hosted in google cloud's infrastructure and our primary data centers are in the uk & europe where possible we use google managed services for the underlying systems instead of operating them ourselves with google, data is encrypted by default, at rest and in transit changes we may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons email communications please be aware that by registering an account with sparklayer, you may receive email marketing communications from us we value your privacy and give you the option to unsubscribe at any time by clicking the unsubscribe link in the emails we send if you have any concerns or questions regarding our email marketing practices, please contact us contact for more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e mail at contact\@sparklayer io or by mail using the details provided below spark layer ltd, trimbridge house, first floor, trim street, bath, ba1 1hb, united kingdom if you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority terms of service please refer to our terms of service here security policy at sparklayer, we understand the responsibility we bear in managing customer data, and we are dedicated to ensuring its safety and security we maintain a comprehensive set of security policies that continually evolve and adapt as we work diligently to safeguard your information the protection of customer data is of utmost importance to sparklayer, and we prioritise a security first approach in the design of our software read full policy data centre security to uphold our commitment to security, we host our systems on cloud service providers that align with our stringent security standards currently, we use the google cloud platform, which reflects our values and provides robust physical security measures for further information on their physical security practices, please visit cloud google com/security encryption we employ encryption at rest, at work, and in transit to ensure the protection of customer data all our encryption processes adhere to the best practices provided by google, our trusted encryption provider this means that all data transmitted between you and our services is encrypted using transport layer security (tls), and all data stored within google is encrypted for maximum security two factor authentication and security keys we require employees to use two factor authentication (2fa) whenever possible for the services we use as a business we provide employees with security keys (fido u2f) and prefer their use over time based one time passwords and text message based two factor authentication solutions whenever feasible, we enforce the use of 2fa through the security keys this ensures that even if a password is compromised, unauthorised access is prevented as cyber attackers would also need physical possession of our hardware role based access access to sparklayer systems is granted to employees on a need to know basis, limiting the scope of potential compromise and ensuring security is maintained internal security training and policies sparklayer maintains a comprehensive set of internal security policies that all employees are required to understand and adhere to these policies cover various aspects, including the use of strong passwords, full disk encryption of business computers, email policies, limitations on data use and storage, and more security minded software development practices we adhere to the principle of "security by design" in our software development practices, integrating security considerations throughout the entire software development life cycle this includes implementing secure coding standards to prevent common vulnerabilities, conducting code reviews before deployment to production, and employing automated testing to identify potential security weaknesses our staff undergo regular training to ensure they remain up to date with the latest practices recommended by the open web application security project (owasp) up to date software to mitigate known vulnerabilities, sparklayer ensures the use of up to date versions of operating systems, kernels, packages, and libraries we prioritise automation as much as possible, using our ci/cd platform, github, to streamline the process of keeping our software stack current and secure in our production environment backups for all systems containing customer data, we have implemented automated daily backups additionally, we enable point in time recovery wherever possible we rely on our trusted google cloud provider to handle backup operations, ensuring that backups are encrypted and stored in three separate data centres review and update regular review and testing are essential for the effectiveness of any policy at sparklayer, we conduct thorough policy reviews and testing twice a year this enables us to identify areas for improvement and promptly implement necessary actions to enhance our security and policies sparklayer remains committed to the highest standards of data security, continuously improving our practices to safeguard customer information incident management policy this policy's aim is to lessen the impact on any incidents that may affect customers of sparklayer, ensuring minimal impact to our services the policy encompasses a variety of incidents that could interrupt our services or put our systems or customer data at risk this includes everything from minor technical issues to significant cybersecurity threats read full policy when an incident is identified, it's brought to the wider team's attention via our internal communication platform an experienced team member is then chosen to lead the incident, taking charge of communication and delegating tasks to make sure the incident is resolved quickly incidents are classified based on their severity and potential effect on our customers and services this classification determines the resources allocated to handle the incident and the level of communication needed once an incident is identified and classified, our incident response team (irt) will start suitable response procedures investigation the irt will start by probing the incident to find its cause and potential impact containment and eradication the irt will work to contain the incident and prevent further damage, then focus on eliminating the incident's source recovery and restoration the irt will then prioritise recovering the affected systems and getting services back to normal post incident review after resolving the incident, the irt will conduct a review to understand the root cause, evaluate the response's effectiveness, and pinpoint areas for improvement throughout the incident management process, we aim to keep our customers in the loop we understand that communication is vital during these events, and we'll provide regular updates on the incident's status and our response we encourage our customers to report any incidents or security concerns related to our services this can be done by emailing our customer support team at support\@sparklayer io with "urgent security" in the subject line please note when using our urgent incident response (as detailed above), please do not add additional team members into your email as this may affect our response times only the email address support\@sparklayer io should be included in your email we regularly review and test this incident management plan to ensure it remains current and effective our goal is to continually enhance our incident response capabilities to serve our customers better business continuity planning the aim of this business continuity plan (bcp) is to ensure that sparklayer can maintain its critical operations during a disaster or significant disruption this plan encompasses our entire organisation and is applicable to disruptions ranging from small scale, internal incidents to large scale, community wide disasters read full policy in such events, our primary objective will be to ensure the continuance of our software development and customer support functions, thereby maintaining uninterrupted service for our customers additionally, we will strive to protect our organisational infrastructure, preserve the integrity of customer data, and ensure the financial viability of our operations the ceo will lead the execution of this plan in a disaster situation a dedicated business continuity team, comprising members from various departments, will support them their roles will include, but not be limited to, managing communication, preserving resources, and coordinating recovery efforts to support immediate communication in the event of a disruption, we maintain an up to date list of emergency contacts for our staff, key vendors, and customers this list will be utilised to communicate crucial information about the situation and our response upon the onset of a disaster, our first response will prioritise the safety of our employees ensuring our team is safe and secure is paramount to our recovery efforts following this, we will initiate our disaster recovery strategies, focusing primarily on restoring our saas services, which form the backbone of our service delivery we have identified key operational areas and their requisite resources to guide our recovery strategy this includes hardware and software systems, physical locations, and critical personnel our strategy includes offsite data backup and recovery systems, alternative communication methods, remote working capabilities, and redundancy plans for critical roles throughout this process, we will maintain a clear and constant line of communication with our customers to keep them informed about our recovery progress and expected service resumption times regular updates will be provided via email and, when necessary, directly via phone this business continuity plan undergoes regular review and testing to ensure its effectiveness and adaptability to evolving business needs and potential risks any lessons learned from the reviews, tests, or actual events will be used to enhance our strategies and procedures continuously, thereby reinforcing our preparedness to deal with future disruptions browser support we currently support the latest two versions of the following major browsers google chrome mozilla firefox apple safari microsoft edge apple safari for ios google chrome for android and ios please note, sparklayer may not work fully with beta or pre release versions of these browsers sparklayer as a shopify partner as an approved shopify partner and a publicly listed shopify app https //apps shopify com/sparklayer , at sparklayer we have a duty to ensure our solution maintains compatibility with shopify as their own platform is updated our team regularly reviews upcoming shopify releases, improvements, and platform updates and carefully reviews any technical or operational changes that may be required so as not to interfere with our service in any way