Contents
1. Introduction
Welcome to SparkReach CRM, an email outreach and customer relationship management platform developed and operated by Sparklink Intel ("we," "us," or "our"). SparkReach CRM helps sales teams, marketers, and businesses manage contacts, run email campaigns, automate outreach sequences, and connect Gmail inboxes — all from one place.
This Privacy Policy explains what personal information we collect when you use SparkReach CRM (available at app.sparkreachcrm.com and associated domains), how we use it, and the choices you have regarding your information.
By accessing or using SparkReach CRM you agree to this Privacy Policy. If you do not agree, please do not use our services.
2. Information We Collect
Account Information
When you create a SparkReach account we collect:
- Full name — used to personalise your account and emails sent on your behalf.
- Email address — your primary identifier for login and notifications.
- Password — stored as a salted bcrypt hash; we never store or transmit your password in plain text.
- Organisation name — used to set up your workspace.
Gmail Data
SparkReach CRM integrates with Gmail through Google's official OAuth 2.0 API. When you connect a Gmail account, we may access:
- Your Gmail email address and profile
- Emails you send and receive (to display in your unified inbox)
- Contact data from your Gmail contacts (only if you explicitly grant access)
- Gmail watch / push notification data for real-time sync
This access is granted only with your explicit consent via Google's OAuth consent screen. You may revoke this access at any time. See Section 4 for our full Gmail API usage policy.
Usage Data
We automatically collect certain technical information when you use SparkReach CRM:
- IP address and approximate location
- Browser type and version
- Pages visited and features used
- Timestamps of actions (logins, email sends, campaign creation)
- Error and performance data
Payment Information
Paid subscriptions are processed through Stripe, a PCI-DSS Level 1 certified payment processor. SparkReach CRM never stores your full card number, CVV, or bank account details. Stripe shares with us only a tokenised reference, the card type, last four digits, and billing country for display purposes.
3. How We Use Your Information
We use the information we collect strictly to operate and improve SparkReach CRM:
- To provide CRM services — manage contacts, campaigns, automation sequences, and inbox sync.
- To send emails on your behalf — using your connected Gmail account to send campaign and outreach emails.
- To process payments — create and manage your subscription through Stripe.
- To send transactional emails — account verification codes, welcome emails, billing receipts, and security alerts.
- To analyse and improve our services — aggregate usage analytics to identify bugs, improve performance, and develop new features.
- To enforce our Terms of Service — detect and prevent abuse, spam, and policy violations.
We do not use your data for advertising, sell it to third parties, or use it for any purpose beyond what is described here.
4. Gmail API Usage
Google API Services User Data Policy
SparkReach CRM's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
What We Access
SparkReach CRM accesses Gmail data solely to provide the features you request — reading and sending emails within the app's inbox view, syncing sent/received status for campaigns, and displaying conversation threads. We request only the permissions necessary for these features.
What We Do Not Do
- We do not sell Gmail data or any data derived from Gmail to third parties.
- We do not use Gmail data for advertising purposes or to build advertising profiles.
- We do not allow humans to read your Gmail data unless you explicitly share a specific email for support purposes or it is required for security investigations.
- We do not transfer Gmail data to other apps or services except as required to deliver the SparkReach CRM features you use.
Revoking Gmail Access
You can disconnect a Gmail account from SparkReach CRM at any time from your account settings. You can also revoke all access directly from your Google Account security settings. Disconnecting Gmail will stop email sync and sending from that account.
Your Control
You are always in control of your Gmail connection. SparkReach only accesses Gmail when you are actively using the app and never retains Gmail data beyond what is needed to display and manage your emails.
5. Data Sharing
We do not sell, rent, or trade your personal information to any third party.
We share data only in the following limited circumstances:
Service Providers
- Stripe — payment processing. Stripe receives billing information needed to process your subscription. Stripe's Privacy Policy: stripe.com/privacy
- Google — Gmail OAuth and email sending. Google receives authentication tokens necessary for inbox connectivity. Google's Privacy Policy: policies.google.com/privacy
- Resend — transactional email delivery (OTP codes, welcome emails). Resend receives recipient email addresses for delivery purposes only.
Legal Requirements
We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights or the safety of others.
Business Transfers
If SparkReach CRM or Sparklink Intel is acquired or merges with another company, your information may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
6. Data Security
We take the security of your data seriously and implement industry-standard measures to protect it:
- Encryption in transit — all data transmitted between your browser and SparkReach CRM is encrypted using TLS 1.2 or higher (HTTPS).
- Encryption at rest — sensitive fields such as OAuth tokens are encrypted before being stored in our database.
- Password hashing — passwords are hashed using bcrypt with a cost factor of 12; we never store plain-text passwords.
- Access controls — database and server access is restricted to authorised personnel only.
- JWT authentication — all API requests require a signed JSON Web Token with a 30-day expiry.
While we implement these safeguards, no system is 100% secure. If you believe your account has been compromised, please contact us immediately at crm@sparkreachcrm.com.
7. Data Retention
We retain your personal data only for as long as necessary to provide our services or as required by law:
- Active accounts — data is retained for the duration of your subscription and for up to 90 days after account closure.
- Email logs and campaign data — retained for 12 months to allow you to review campaign history, then purged or anonymised.
- Payment records — retained for 7 years to comply with financial regulations.
- Inactive free accounts — accounts with no login activity for 14 days may be deactivated. Data is retained for a further 30 days before deletion.
- Deleted accounts — upon request, we will delete your personal data within 30 days, except where retention is required by law.
8. Your Rights
Depending on your jurisdiction (including GDPR in the EU/UK and CCPA in California), you may have the following rights regarding your personal data:
Right to Access
You may request a copy of the personal data we hold about you at any time by emailing crm@sparkreachcrm.com. We will respond within 30 days.
Right to Rectification
If any information we hold about you is inaccurate or incomplete, you may update it directly in your account settings or by contacting us.
Right to Deletion
You may request the deletion of your account and all associated personal data. We will process deletion requests within 30 days, subject to any legal retention obligations.
Right to Data Portability
You may request an export of your contacts, campaign data, and other information stored in SparkReach CRM in a machine-readable format (CSV or JSON). Contact us to submit an export request.
Right to Object / Restrict Processing
You may object to or request that we restrict certain processing of your data. Note that restricting processing may affect the functionality of your account.
How to Exercise Your Rights
Email us at crm@sparkreachcrm.com with the subject line "Privacy Request." Please include your registered email address so we can verify your identity.
9. Cookies Policy
SparkReach CRM uses a minimal set of cookies and browser storage to provide a functional experience:
Strictly Necessary
- Authentication token — stored in
localStorageto keep you logged in. Expires after 30 days. - Session preferences — temporary data such as current view state and active filters.
Functional
- Onboarding state — tracks whether you have completed the setup wizard so we do not show it again.
What We Do Not Use
We do not use advertising cookies, tracking pixels, or third-party analytics that collect personally identifiable information.
You can clear all SparkReach cookies and local storage data by logging out and clearing your browser data. This will require you to log in again.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes we will notify you by email or by posting a prominent notice within SparkReach CRM. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of SparkReach CRM after changes are posted constitutes your acceptance of the updated policy.
Questions about your privacy?
We're happy to help. Reach out to our team and we'll respond within 1–2 business days.
crm@sparkreachcrm.comSparklink Intel · Privacy requests responded to within 30 days