Legal

Last Updated: May 3, 2026 Effective Date: May 3, 2026

This Privacy Policy describes how SavvySpark Inc. (“SavvySpark,” “we,” “us,” or “our”) collects, uses, discloses, and protects your personal information when you visit our website at https://savvyspark.ai (the “Site”), use the SavvySpark platform (the “Service”), or otherwise interact with us.

We are committed to protecting your privacy and being transparent about our data practices. Please read this Privacy Policy carefully. By accessing or using our Service, you acknowledge that you have read and understood this Privacy Policy.

1. WHO WE ARE

SavvySpark Inc. 5900 Balcones Drive STE 100 Austin, TX 78731 United States

Privacy Contact: Email: privacy@savvyspark.ai

Data Protection Officer: SavvySpark has not appointed a Data Protection Officer, as we are not required to do so under GDPR Article 37 (we are not a public authority and do not engage in large-scale systematic monitoring of individuals or large-scale processing of special categories of data). For privacy inquiries, contact us at privacy@savvyspark.ai.

2. INFORMATION WE COLLECT

2.1 Information You Provide

Account Information:

Name and contact details (email address, phone number)
Company name and job title
Account credentials (username, password)
Billing and payment information (processed by our payment processor)

User Content:

Meeting notes and debrief data submitted via SMS or the platform
Relationship assessments and ratings
Contact information you enter into the platform (names, email addresses, phone numbers, job titles, company affiliations)
Notes, tags, and annotations you add to contacts or companies

Communications:

Support requests and correspondence with our team
Feedback and survey responses
Marketing preferences

2.2 Information Collected Automatically

Device and Usage Information:

IP address and device identifiers
Browser type and operating system
Pages visited, features used, and clickstream data
Referring and exit pages
Date and time stamps

Location Information:

Approximate location based on IP address

Cookies and Tracking Technologies:

Session and persistent cookies
Pixels and web beacons
Local storage
Analytics tools

See our Cookie Policy for full details on the cookies and tracking technologies we use.

2.3 Information from Third-Party Integrations

When you connect third-party services to SavvySpark, we receive information from those services:

CRM Integrations (Salesforce, HubSpot, Microsoft Dynamics):

Contact and company records
Deal and opportunity data
Activity and interaction history
Custom fields you choose to sync

Email Integration:

Email metadata (sender, recipient, date, subject line)
Communication frequency and response times
We do not access the body content of your emails unless you explicitly share it through a meeting debrief

2.4 Automatically Created Records

When email sync or CRM integration is enabled, SavvySpark may automatically create contact records for individuals who appear in your communications or CRM data but do not yet exist in your SavvySpark directory. These records are created from available information (such as email addresses and names) and may include inferred details such as company affiliation. You are responsible for reviewing, updating, or deleting auto-created records as appropriate.

2.5 Information Generated by the Service

SavvySpark generates the following data through automated processing of the information described above:

Relationship Scores:

Business-to-Business Relationship scores (B2BR): 0-100 scale measuring company-to-company relationship strength
Business-to-Person Relationship scores (B2PR): 0-100 scale measuring individual-to-company relationship strength
Scores are calculated using algorithmic analysis of interaction data, deal history, user-provided ratings, and other available data points

AI-Generated Insights:

Meeting debrief extractions (people, companies, pain points, opportunities)
Relationship insights and recommendations
Organizational chart analysis
Contact classifications
Natural language search results

See Section 7 (Automated Decision-Making and AI Features) for detailed information about how these are generated.

3. HOW WE USE YOUR INFORMATION

3.1 Purposes for Processing

Purpose	Legal Basis (GDPR)	Categories of Data
Providing the Service (including relationship scoring, org charts, and AI features)	Contract performance	Account, user content, integration data, generated data
Account creation and management	Contract performance	Account, billing
Processing payments and billing	Contract performance, legal obligation	Account, billing
Customer support	Contract performance, legitimate interest	Account, communications
Meeting debrief processing via AI	Contract performance	User content, integration data
Generating relationship scores and insights	Contract performance, legitimate interest	User content, integration data, generated data
Service improvement and analytics	Legitimate interest	Usage data, device data, feedback
Marketing communications	Legitimate interest (B2B)	Contact information, preferences
Security, fraud prevention, and abuse detection	Legitimate interest, legal obligation	Account, usage, device data
Legal compliance	Legal obligation	As required by applicable law

3.2 Legitimate Interests

Where we rely on legitimate interests as a legal basis, we have conducted balancing tests to ensure our interests do not override your rights. Our legitimate interests include:

Operating, maintaining, and improving the Service
Understanding how the Service is used to enhance user experience
Ensuring the security and integrity of our platform
Preventing fraud and detecting abuse
Marketing our services to business professionals

3.3 Marketing Communications

We may send you marketing communications about our products and services. For business contacts, we rely on legitimate interest as the legal basis for these communications under GDPR Article 6(1)(f), supported by our Legitimate Interest Assessment. We do not require a separate marketing checkbox at signup.

You may opt out at any time by:

Clicking “unsubscribe” in any marketing email (every marketing email includes an unsubscribe link, in compliance with CAN-SPAM)
Updating your communication preferences in your account settings
Contacting us at privacy@savvyspark.ai

Opt-outs are honored within 10 business days. Opting out of marketing communications does not affect transactional communications related to your account or the Service.

4.1 Service Providers

We share information with third-party vendors who help us operate the Service. These vendors process data on our behalf under contractual obligations that restrict their use of your data:

Provider Category	Purpose	Data Shared
Cloud infrastructure (AWS)	Hosting, storage, computing	All Service data
AI processing (Anthropic)	Relationship scoring, meeting debrief extraction, insights, search	User content, integration data (see Section 7)
Payment processing	Subscription billing	Billing and payment information
Analytics	Usage analytics and service improvement	Usage data, device data
Customer support tools	Ticket management, support	Account information, communications
Email delivery	Transactional and marketing emails	Contact information

4.2 CRM and Integration Partners

When you connect a CRM or other third-party integration, data flows between SavvySpark and that service as directed by you. Each integration partner’s handling of your data is governed by their own privacy policy.

4.3 Your Organization

If you use SavvySpark through an organization’s account, the account administrator may have access to your activity, contacts, and relationship data within the platform. Your organization’s use of this data is governed by their own policies.

4.4 Professional Advisors

We may share information with legal counsel, accountants, auditors, and consultants as needed for our business operations.

4.5 Legal and Safety

We may disclose information when we believe in good faith that disclosure is necessary to:

Comply with applicable law, regulation, or legal process
Protect the rights, property, or safety of SavvySpark, our users, or others
Detect, prevent, or address fraud, security, or technical issues
Respond to lawful requests from government authorities

4.6 Business Transfers

In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have regarding your information.

4.7 We Do Not Sell Your Personal Information

We do not sell your personal information for monetary or other valuable consideration. We do not share your personal information for cross-context behavioral advertising.

4.8 Aggregated and De-Identified Data

We may share aggregated or de-identified data that cannot reasonably be used to identify you. This data may be used for industry analysis, benchmarking, and research.

5. INTERNATIONAL DATA TRANSFERS

5.1 Where We Process Data

We are based in the United States and process data primarily in the United States through our cloud infrastructure provider (AWS). Your information may be transferred to, stored, and processed in the United States.

5.2 Transfer Safeguards

For transfers of personal data from the EU/EEA/UK to the United States, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission (our primary transfer mechanism)
Certain sub-processors (such as AWS) are independently certified under the EU-US Data Privacy Framework
Contractual obligations requiring appropriate data protection measures

5.3 Transfer Impact

We assess the laws and practices of destination countries and implement supplementary measures where needed to ensure your data receives adequate protection.

6. DATA RETENTION

6.1 Retention Periods

Data Category	Retention Period	Reason
Account information	Duration of active account + 1 year	Service delivery, account recovery
Billing records	7 years after transaction	Tax and legal obligations
User content (contacts, notes, scores)	Duration of active account	Service delivery
Usage logs	12 months	Security, analytics, service improvement
Marketing data	Until objection received or 2 years of inactivity	Marketing purposes
Support communications	3 years	Service quality, legal compliance
AI interaction logs	90 days	Quality assurance, abuse prevention

6.2 Account Deletion

When you delete your account or request data deletion:

Active data (profile, contacts, scores, notes) deleted within 30 days
Backups purged within 90 days
Billing records retained as required by law (up to 7 years)
Aggregated or de-identified data derived from your information may be retained indefinitely

6.3 Enterprise Accounts

If you use SavvySpark through an organization’s account, data retention may be subject to your organization’s data retention policies. Contact your account administrator for details.

7. AUTOMATED PROCESSING AND AI FEATURES

The platform offers multiple products (including SavvySpark, ProCliq, and Brainnote). This section describes the automated processing (including algorithmic relationship scoring) and AI features currently available. Relationship scoring is an algorithmic feature central to the Service and is described separately from AI features. Product-specific details are also available in our Product-Specific Terms and AI Terms.

7.1 How Relationship Scores Work

SavvySpark generates relationship scores (B2BR and B2PR) using a deterministic algorithm — not an AI or large language model — that processes available interaction data. Scoring is core Service functionality (similar to how search ranking is core to a search engine) and is provided to all users as part of the Service.

Scores reflect our system’s calculation of relationship strength based on factors including:

Frequency and recency of interactions
Email response times
Deal history and revenue exchanged
User-provided ratings and updates

Scores range from 0-100 and decrease over time without active engagement, reflecting how real relationships naturally fade. Score accuracy depends on available data. The system displays confidence levels to indicate data completeness.

These scores are informational tools to help users prioritize relationship management. They are not guarantees of relationship quality or business outcomes, and they do not produce legal or similarly significant effects on the individuals scored. See Section 11.4 for the GDPR Article 22 position.

7.2 Scoring Methodology Limitations

Relationship scores are calculated using algorithmic analysis of available data points. Scores should be interpreted as directional indicators, not precise measurements. Key limitations include:

Data Dependency: Score accuracy improves with more data sources. Scores based on limited data carry lower confidence.
Decay Assumptions: The system assumes relationships weaken over time without interaction. This may not reflect all relationship types.
Missing Context: Scores cannot account for offline interactions, personal relationships, or qualitative factors not captured in system data.

7.3 AI-Powered Features

SavvySpark uses third-party artificial intelligence services (currently Anthropic’s Claude models) to power the following features. Relationship scoring is not in this list — it is an algorithmic feature, not an AI feature.

Feature	What It Does	AI Model Used
Meeting debrief extraction	Extracts people, companies, pain points, and opportunities from your debrief text	Claude Sonnet
Natural language search	Searches your data using conversational queries	Claude Sonnet
Relationship insights	Generates recommendations for relationship management	Claude Sonnet
Org chart analysis	Analyzes organizational structures and connections	Claude Sonnet
Contact classification	Categorizes contacts by role and relevance	Claude Haiku
Suggested actions	Generates alerts and recommended next steps	Claude Haiku
Deep research	Provides in-depth analysis of relationship networks	Claude Opus

7.4 How Your Data Is Used by AI

No model training: Your data is not used to train third-party AI models. We use Anthropic’s commercial API, which contractually prohibits using customer data for model training. We do not use your data to train, improve, or develop AI models, except with your explicit consent, for abuse detection and safety systems, or in anonymized, aggregated form. See our AI Terms for details.
Processing only: Your data is submitted to AI models solely to generate outputs for you (extractions, insights, recommendations). Once processed, AI providers retain data only for limited security and abuse prevention purposes.
Human review: For meeting debrief extractions, you review all AI-extracted data before it enters the system. No AI-generated data is added to your records without your confirmation.
Data minimization: We submit only the data necessary for each AI feature to function. We do not send your entire dataset to AI providers for each interaction.

7.5 Your Rights Regarding Automated Processing

You have the right to:

Understand the logic: Request meaningful information about how relationship scores are calculated and how AI features process your data
Human review: Request human review of any score, AI-generated classification, or AI-generated recommendation that significantly affects your use of the Service
Contest outcomes: Challenge relationship scores or AI-generated classifications you believe to be inaccurate
AI feature controls: Certain AI features may be disabled in your account settings. Contact us at privacy@savvyspark.ai for assistance

Because relationship scoring is core Service functionality, it cannot be independently disabled while continuing to use the Service (similar to how a search engine’s ranking algorithm cannot be disabled). Scoring does not produce legal or similarly significant effects, so the GDPR Article 22 position in Section 11.4 applies.

7.6 Third-Party Data Sources

SavvySpark integrates with external systems including email providers and CRM platforms. Data accuracy depends on the quality and completeness of source systems. SavvySpark does not independently verify information obtained from integrated sources.

8. DATA SECURITY

8.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal information:

Technical Measures:

Encryption in transit (TLS 1.2+)
Encryption at rest (AES-256)
Role-based access controls and authentication
Network security monitoring and intrusion detection
Regular security testing and vulnerability assessments

Organizational Measures:

Access limitations on a need-to-know basis
Vendor security assessments for all service providers
Incident response procedures
Security awareness practices

For enterprise customers, additional security documentation is available in our Security Exhibit.

8.2 Your Responsibilities

You are responsible for:

Maintaining the confidentiality of your account credentials
Using strong, unique passwords
Notifying us promptly of any unauthorized access to your account
Ensuring that any contact data you enter into the platform complies with applicable privacy laws

8.3 Breach Notification

If we experience a data breach affecting your personal information, we will notify you and relevant authorities as required by applicable law, including within 72 hours where required by GDPR and without unreasonable delay as required by Texas law (Tex. Bus. & Com. Code 521.053).

9. YOUR PRIVACY RIGHTS

9.1 Rights Available to All Users

Regardless of your location, you may:

Access the personal information we hold about you
Correct inaccurate personal information
Delete your account and associated personal data (subject to legal retention requirements)
Export your data in a portable, machine-readable format (CSV and/or JSON)
Opt out of marketing communications

9.2 How to Exercise Your Rights

Submit a Request:

Email: privacy@savvyspark.ai

Verification: We may need to verify your identity before fulfilling requests. This may include confirming your email address or matching information you provide against our records.

Authorized Agents: You may designate an authorized agent to submit requests on your behalf. We may require written authorization or power of attorney.

9.3 Response Timeline

We will respond to verified requests within:

30 days (GDPR, PIPEDA)
45 days (CCPA/CPRA, Texas TDPSA)

Extensions may apply for complex requests, with notice to you.

9.4 Appeals

If we deny your request, we will provide the reason for denial and instructions for how to appeal. You may appeal by contacting privacy@savvyspark.ai.

10. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)

This section applies to California residents.

10.1 Categories of Personal Information

In the preceding 12 months, we have collected the following categories of personal information:

Category	Examples	Sources	Business Purpose	Sold/Shared
Identifiers	Name, email, phone, IP address	Direct, CRM sync, automatic	Service delivery, marketing	No / No
Commercial information	Subscription plan, payment history	Direct	Billing, analytics	No / No
Internet/electronic activity	Usage data, feature interactions, clickstream	Automatic	Analytics, improvement	No / No
Professional information	Job title, company, work history	Direct, CRM sync	Service delivery	No / No
Inferences	Relationship scores, contact classifications	Generated by Service	Service delivery	No / No
Communications metadata	Email frequency, response times	CRM/email integration	Relationship scoring	No / No

10.2 Your California Rights

Right to Know: What personal information we collected, used, disclosed, and sold
Right to Delete: Request deletion of your personal information
Right to Correct: Fix inaccurate personal information
Right to Opt-Out: Of sale or sharing of personal information (we do not sell or share)
Right to Limit: Use of sensitive personal information
Right to Non-Discrimination: We will not penalize you for exercising your rights

10.3 Global Privacy Control

We honor Global Privacy Control (GPC) signals as a valid opt-out request under CCPA for the sale or sharing of personal information. See Section 14.2 for additional details.

10.4 Automated Decision-Making Technology (ADMT)

SavvySpark uses an algorithm to generate relationship scores (B2BR and B2PR). Scoring is core Service functionality and is provided to all users; it is not an AI feature. Scoring does not produce decisions that have legal or similarly significant effects on individuals. In accordance with CCPA/CPRA regulations effective January 2026:

We provide pre-use notice that your data will be processed by an automated scoring system
You may request information about the logic, inputs, and outputs of our scoring system
You may request human review of any score that significantly affects your use of the Service

Because scoring is integral to the Service (similar to search ranking on a search engine), it cannot be independently disabled while continuing to use the Service. The GDPR Article 22 position in Section 11.4 applies in parallel.

10.5 Contact for California Requests

Email: privacy@savvyspark.ai

10.6 Shine the Light

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

This section applies to individuals in the EU/EEA/UK.

11.1 Controller Information

SavvySpark Inc. is the data controller for personal information collected through our Site and for our own business purposes. When you use SavvySpark through an organization’s account, your organization is the data controller and SavvySpark acts as a data processor. See our Data Processing Agreement for details.

11.2 Legal Basis for Processing

We process personal data under these legal bases:

Contract: Providing the Service, account management, billing, customer support
Consent: Non-essential cookies
Legitimate Interest: Analytics, security, service improvement, B2B marketing communications (supported by a documented Legitimate Interest Assessment; data subjects retain the absolute right to object under Article 21)
Legal Obligation: Tax records, regulatory compliance

11.3 Your Rights

In addition to the rights described in Section 9, you have the right to:

Restrict processing of your personal data in certain circumstances
Object to processing based on legitimate interests (we will cease unless we demonstrate compelling grounds)
Object to direct marketing (absolute right, no balancing test)
Withdraw consent at any time (without affecting lawfulness of prior processing)
Not be subject to solely automated decisions that produce legal or similarly significant effects (see Section 7.5)

11.4 Automated Decision-Making (Article 22)

Relationship scores generated by SavvySpark are informational tools used to assist with relationship management. They do not produce legal effects or similarly significant effects on individuals scored. If you believe a score has been used in a way that significantly affects you, you may request human review by contacting privacy@savvyspark.ai.

11.5 Necessity of Providing Data

Providing account information (name, email, company) is a contractual requirement necessary to create an account and use the Service. If you do not provide this data, we cannot provide the Service to you. Providing additional data (such as CRM integration data or meeting notes) is voluntary but necessary to use certain features of the Service.

11.6 Data Protection Impact Assessment

We have conducted a Data Protection Impact Assessment (DPIA) for our automated relationship scoring features, as required for systematic automated processing with significant potential effects. A summary is available upon request.

11.7 Complaints

You have the right to lodge a complaint with a supervisory authority. Relevant authorities include:

UK: Information Commissioner’s Office (ico.org.uk)
Ireland: Data Protection Commission (dataprotection.ie)
Your local supervisory authority

12. TEXAS PRIVACY RIGHTS (TDPSA)

This section applies to Texas residents.

12.1 Your Rights

Under the Texas Data Privacy and Security Act, you have the right to:

Know whether we process your personal data
Access your personal data
Correct inaccuracies in your personal data
Delete your personal data
Obtain a copy of your personal data in a portable format
Opt out of targeted advertising, sale of personal data, or profiling for decisions that produce legal or similarly significant effects

12.2 Sensitive Data

We process the following categories of data that may be considered sensitive under Texas law:

Account credentials (username and password)

We obtain your consent for the processing of sensitive personal data through your affirmative agreement at account creation.

12.3 How to Exercise Your Rights

Submit requests using the methods described in Section 9.2. We will respond within 45 days. You may appeal a denial by contacting privacy@savvyspark.ai, and we will respond to your appeal within 60 days.

13. OTHER US STATE PRIVACY RIGHTS

If you are a resident of Virginia, Colorado, Connecticut, Oregon, Montana, Delaware, New Jersey, New Hampshire, Maryland, Iowa, Indiana, Tennessee, Utah, or another state with a comprehensive privacy law, you may have similar rights to those described in Sections 9-12, including the right to access, correct, delete, and port your data, and to opt out of targeted advertising and data sales.

To exercise your rights, contact us using the methods in Section 9.2. We honor the Global Privacy Control (GPC) signal as a valid opt-out request.

14. COOKIES AND TRACKING TECHNOLOGIES

14.1 Overview

We use cookies and similar tracking technologies on our Site and Service. For complete details, please see our Cookie Policy.

14.2 Global Privacy Control

We honor Global Privacy Control (GPC) signals as opt-out requests for the sale or sharing of personal information.

14.3 Do Not Track

We do not currently respond to Do Not Track (DNT) browser signals, as there is no industry standard for DNT compliance. We do honor GPC signals as described above.

15. CHILDREN’S PRIVACY

The Service is designed for business professionals and is not intended for children under 16 (or 13 in jurisdictions where that is the applicable threshold). We do not knowingly collect personal information from children.

If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@savvyspark.ai, and we will promptly delete it.

16. THIRD-PARTY LINKS

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing them with your information.

17. UPDATES TO THIS PRIVACY POLICY

17.1 Changes

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting a notice on our Site
Sending an email to the address associated with your account
Displaying an in-app notification

17.2 Effective Date

Material changes will take effect 30 days after notice, unless otherwise required by law. Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.

17.3 Version History

Version	Date	Summary of Changes
1.0	May 3, 2026	Initial policy

18. CONTACT US

General Privacy Inquiries: Email: privacy@savvyspark.ai Mail: SavvySpark Inc., 5900 Balcones Drive STE 100, Austin, TX 78731

EU/UK Residents: Email: privacy@savvyspark.ai

This Privacy Policy is effective as of May 3, 2026.