Privacy Policy

Last Updated: April 22, 2026

1. Introduction

Welcome to OSpark. We are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how OSpark ("we," "us," or "our") collects, uses, and protects your information when you use our mobile application and services.

2. Information Collection and Use

For a better experience while using our Service, we may require you to provide us with certain personally identifiable information.

• Personal Information: When you register or use OSpark via Google OAuth, we collect your name, email address, and profile picture.
• Service Interaction Data: To provide AI assistant features, we process text inputs, voice commands, and images you upload or authorize us to access.
• Usage Data: We may collect information that your device sends whenever you use our Service, such as your device's Internet Protocol ("IP") address, device name, and operating system version.

3. Google User Data Policy & Compliance

OSpark provides AI-driven productivity features that integrate with Google Services.

• Limited Use Disclosure: OSpark's use and transfer to any other app of information received from Google APIs will adhere to the Google API Service User Data Policy, including the Limited Use requirements.
• Data Access: We access your Google user data (such as Gmail messages and Calendar events) only after receiving your explicit consent. This data is used solely to provide features such as email summarization, drafting, and schedule management.
• No Marketing/Advertising: We do not use Google user data for serving advertisements, building marketing profiles, or any other purposes outside of the core AI assistant functionality.

4. Data Storage and Security

We implement rigorous security measures to protect your information:

• Encryption at Rest: All sensitive credentials, including Google OAuth access and refresh tokens, are encrypted at rest using AES-256 encryption before being stored in our backend databases.
• On-Device Security: Session tokens and sensitive keys are encrypted using industry-standard cryptographic protocols (such as AES-256) before being stored locally on the device. Access to this stored data is restricted to the application’s sandbox to ensure unauthorized apps cannot access it.
• Encryption in Transit: All communications between the OSpark app, our backend servers, and Google APIs are encrypted using TLS 1.2 or higher.

5. AI Processing and Third-Party Access

To provide AI capabilities, OSpark interacts with advanced language models.

• Third-Party AI Providers: Data required for analysis (e.g., summarizing an email) is transmitted to our AI partners (such as OpenAI or Amazon Bedrock). These providers are contractually prohibited from using your private Google user data to train their generalized AI models.
• Service Infrastructure: We use trusted cloud infrastructure (such as Google Cloud Platform or AWS) to host our encrypted databases.
• No Selling of Data: We do not sell, trade, or rent your personal information or Google user data to any third-party marketers or advertisers.

6. Data Retention and Deletion

• Retention: We retain your data only for as long as your OSpark account is active or as needed to provide you with services.
• User Control: You can revoke OSpark’s access to your Google account at any time via the Google Security Settings.
• Permanent Deletion: You may request the permanent deletion of your account and all associated data through the "Delete Account" feature in the App Settings or by contacting us at help@octopaul.com. Data will be purged from our servers within 30 days.

7. Children's Privacy

The Service Provider does not use the Application to knowingly solicit data from or market to children under the age of 13.

The Service Provider does not knowingly collect personally identifiable information from children. The Service Provider encourages all children to never submit any personally identifiable information through the Application and/or Services. The Service Provider encourage parents and legal guardians to monitor their children's Internet usage and to help enforce this Policy by instructing their children never to provide personally identifiable information through the Application and/or Services without their permission. If you have reason to believe that a child has provided personally identifiable information to the Service Provider through the Application and/or Services, please contact the Service Provider (help@octopaul.com) so that they will be able to take the necessary actions. You must also be at least 16 years of age to consent to the processing of your personally identifiable information in your country (in some countries we may allow your parent or guardian to do so on your behalf).

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date.

9. Contact Us

If you have any questions about this Privacy Policy or our security practices, please contact us at:
Email: help@octopaul.com