Privacy Policy

Last updated: 18. 11. 2025

The following Privacy Policy describes how SparkyMind Kft. ("we", "us", or "our") collects, uses, discloses, and safeguards your information when you access or use our mobile applications and websites (the "Services").

This Privacy Policy also explains your rights and choices regarding your personal information, as well as how you can contact us with any questions or concerns.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the way we handle information as described here, you may choose not to use the Services. Your continued use of the Services after any updates to this Privacy Policy will signify your acceptance of those changes.

Table of Contents

• Definitions
• What Information Do We Collect
• How We Use Your Information
• Disclosure of Your Information
• Data Retention
• How We Keep Your Information Safe
• How to Control Your Privacy
• International Data Transfers
• Third-Party Websites and Platforms
• Do Not Track Disclosure
• Children’s Privacy
• Information About Local Privacy Laws
• Cookies and Similar Technologies
• Updates to This Privacy Policy
• Contact Us

Definitions

• Account – Your user account on the Services, which may contain personal information, preferences, and content you upload.
• Company, SparkyMind Kft., we, our, or us – Refers to SparkyMind Kft., 2161 Csomád, Szent István utca 48., the provider and operator of the Services.
• Analytics – The collection and analysis of data related to usage patterns, device information, or interactions with the Services, which may be linked to your account for operational or improvement purposes.
• Cookies – Small text files stored on your device by a website or mobile application to remember information, facilitate functionality, or support analytics and preferences.
• Personal Information / Personal Data – Any information that identifies or can be used to identify you as an individual, including data provided during registration, uploaded content, or information collected automatically.
• Payment and Subscription Data – Information necessary to process transactions, manage subscriptions, or maintain billing records, handled via third-party payment and subscription providers.
• Services – Collectively, the websites, mobile applications, and any related online or offline services provided by the company.
• Similar Technologies – Technologies used within the Services to collect, store, or track information on your device, including but not limited to cookies, local storage, and other tracking or session technologies.
• Sensitive Information – Data that is particularly protected under applicable laws, including passwords, dates of birth, and uploaded files.
• Third-Party Providers / Service Providers – Entities that provide services (including but not limited to websites, applications and platforms), such as AI content providers, advertisement providers, payment processors, subscription managers, hosting providers, and cloud infrastructure providers.
• App Stores – The Apple App Store and Google Play Store, through which the mobile application may be downloaded and accessed.
• User-Generated Content / Uploaded Content – Any text, files, or other content submitted or uploaded by a user for use within the Services.
• You / User – Any individual using the Services, whether registered or unregistered.

What Information Do We Collect

We collect different types of information to provide, maintain, and improve our Services. This includes information you provide directly, payment information, and content you upload. Certain technical and usage information may also be collected locally on your device or transmitted to analytics services to help improve the Services.

Personal Information

When you sign up, use the Services or contact us, we may collect personal information such as:

• Full name
• Email address
• Parent email address (for individuals under the age of 18)
• Birthday
• Password

When signing in to the Services through a third-party authentication provider, like Google or Facebook, the provider will verify your identity and may share certain personal information with us, including your full name and email address. We use this information to create your account and provide a seamless experience within the Services.

You may also provide text or files through the Services. These are collected solely to enable the functionality of the Services and are not expected to contain sensitive or personally identifiable information, in accordance with our Terms of Service.

Note: If any sensitive information is inadvertently included in uploaded files or text, you can remove it through the Services or contact our support team for assistance. See the How to Control Your Privacy part of this Privacy Policy for more details.

Payment Information

To process payments, our Services use Paddle and App Stores as third-party payment providers which collect payment details such as credit or debit card information and email. All payments are securely processed through these providers, and we do not store any card numbers and other sensitive financial information on our servers. Please review Paddle’s Privacy Policy, Google’s Privacy Policy and Apple’s Privacy Policy for more details on how payment information is handled.

Locally Stored and Analytics Information

Some information may be stored locally on your device in association with your account (for example, linked to your user ID) to ensure the Services function properly. This information remains on your device and is not transmitted to our servers.

When analytics are activated, additional information, such as platform details and usage patterns, may be collected to help us improve the Services. This information may be linked to your user ID for internal analytics purposes. For more details on local storage and tracking technologies, see the Cookies and Similar Technologies part of this Privacy Policy.

Log and Usage Data

We automatically collect application logs and usage data generated through interactions with the Services. Such data may include information about the features used, actions taken, timestamps, and other contextual details related to activity within the Services.

How We Use Your Information

The information collected through the Services is processed to support a range of business, operational, and legal purposes. These include:

• Providing and operating the Services: Information provided during account registration is used to create and maintain your account. Any content you upload is processed to provide a personalized experience and deliver content tailored to your use of the Services.
• Processing payments: Information related to payments is handled securely through Paddle or App Stores to complete transactions, provide purchase confirmations, and maintain the necessary billing records for financial and regulatory purposes.
• Communicating with users: Information is used to send important service-related messages, including account notifications, security alerts, and policy updates as well as to respond to support requests. Other service-related notifications, promotional or marketing communications may also be provided, with the option to manage preferences or unsubscribe at any time.
• Improving and developing the Services: Collected data is analyzed to identify usage patterns, diagnose technical issues, detect errors, monitor performance, and guide the development of new features to enhance the functionality and user experience of the Services.
• Ensuring safety, security, and integrity: Information may be reviewed as needed to maintain the security and proper functioning of the Services, to detect potential misuse or unauthorized activity, and to protect user accounts and the integrity of the platform.
• Protecting rights and upholding policies: Information may be used to uphold applicable policies and agreements, and to protect the legitimate interests of the company and third parties.
• Compliance with legal obligations: Certain information is processed to comply with applicable laws and regulations, maintain necessary financial records, and respond to lawful requests from public authorities.

Disclosure of Your Information

The information collected through the Services may be shared under specific circumstances to enable the proper functioning of the Services, comply with legal obligations, and protect rights and agreements.

By using the Services, you acknowledge and agree that your information may be processed by Third-Party Providers as described below and in accordance with their respective privacy policies.

Third-party AI services: Any content you provide may be processed by third-party AI services for the purpose of generating personalized content within the Services. These providers handle your information solely to deliver the functionality of the Services and are required to manage it in accordance with their own privacy policies. Users are encouraged to review the privacy practices of these services.

Currently, the Services utilize Gemini AI to process content for the purposes described above. The use of this and any other AI providers in the future is conducted solely to deliver the functionality of the Services, and any updates or changes to these providers may occur without prior notice and will be reflected in revisions to this Privacy Policy. Google Privacy Policy

Payment processing: Information necessary to process payments and manage subscriptions may be shared with third-party payment providers. Such information is used exclusively to complete transactions, manage subscriptions, and provide purchase confirmations. Users are encouraged to review the privacy practices of the applicable payment providers. Paddle’s Privacy Policy, Google’s Privacy Policy, Apple’s Privacy Policy, RevenueCat Privacy Policy

Cloud and hosting providers: Certain information may be stored or processed by third-party hosting and infrastructure providers acting on our behalf. These providers do not use the information for their own purposes and are authorized to process it only as necessary to operate and maintain the Services.

Analytics and other collected information: We may share analytics data with third-party service providers, like Google Analytics that assist us in analyzing how the Services are used. For more information, please see How Google handles data from sites and apps that use Google services.

Other information collected for providing the Services, including uploaded content and personal information, is only disclosed as described in this section and is not otherwise shared with external parties.

Legal requirements and policy compliance: Information may be disclosed to comply with applicable laws, respond to lawful requests from public authorities, uphold applicable policies and agreements, protect and defend the rights or property of the Company, or as otherwise required by law.

Data Retention

We retain personal and other information only for as long as necessary to provide the Services and to comply with applicable legal obligations. Most information associated with user accounts is deleted when a user requests account deletion. Certain analytics and log records may be retained for extended periods to support security, troubleshooting, and service improvement. These records do not include sensitive data but may still contain user identifiers.

Accounts created by users under 18 without verified parental consent are automatically deleted after 14 days, as described in the Children's Privacy part of this Privacy Policy.

Records of payments, payment methods and subscriptions may continue to be retained by third-party payment and subscription providers in accordance with their respective privacy policies. Users are encouraged to review these policies for further details. Upon account deletion: for payment methods used on Paddle we will make reasonable efforts to delete the payment methods. However, we do not guarantee that the deletion will be processed immediately or successfully. You are ultimately responsible for ensuring that any payment method is properly deleted through the relevant payment providers. Paddle’s Privacy Policy, Google’s Privacy Policy, Apple’s Privacy Policy, RevenueCat Privacy Policy

Backups of data may be maintained on our servers for a limited period to ensure business continuity and compliance with legal obligations, and are securely deleted once they are no longer required, typically within 30 days.

Data stored locally on users' devices is managed according to the device or browser settings and is generally removed when the application is uninstalled or browser data is cleared.

Users may contact us at any time to request the deletion of their personal data. Such requests will be honored in accordance with applicable laws and within reasonable timeframes, subject to the retention requirements described above.

How We Keep Your Information Safe

We apply technical and organizational safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. Certain categories of sensitive information, including uploaded files and dates of birth, are stored in encrypted form to reduce risks associated with unauthorized access, with passwords also being securely hashed using industry-standard techniques to ensure their protection.

The Services are hosted on infrastructure provided by Hetzner Online GmbH, a trusted provider that operates under strict international security and data protection standards. Hetzner undertakes many of the underlying security and compliance obligations for data storage and processing. More information about their practices is available in Hetzner’s Privacy Policy.

While these safeguards are designed in accordance with applicable legal requirements and recognized industry practices, no method of electronic storage or processing can be guaranteed to be completely secure, and absolute protection of information cannot be ensured.

Users also play an important role in keeping their accounts secure. We encourage users to keep their login credentials confidential, limit access to their devices, and exercise caution when using the Services. While we provide strong safeguards, we cannot be held responsible for unauthorized access or misuse that results from not following these best practices.

How to Control Your Privacy

Users have the ability to manage their personal information and exercise their rights regarding the data we collect. These rights and options include:

• Access and Correction: Users may request access to the personal information we hold about them and can ask for corrections or updates to ensure accuracy.
• Account Deletion: Users can request the deletion of their accounts directly through the Services or by contacting support. For more details on data retention, backups, and exceptions, please refer to the Data Retention part of this Privacy Policy.
• Payment and Subscription Data: Users can access and manage their payment and subscription information through the third-party payment provider platforms, which can be reached directly from within the Services.
• Communication Preferences: Users may manage preferences for receiving marketing communications once these are introduced. Certain service-related notifications (e.g., account alerts or security messages) may remain necessary for the functioning of the Services.
• Cookies and Tracking: Users can manage consent and preferences for cookies, analytics, and other tracking technologies. See more in the Cookies and Similar Technologies part of this Privacy Policy.

Data Subject Rights under Applicable Laws

Depending on your jurisdiction, you may have the following rights:

• Right of Access: Request a copy of the personal data we hold.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of personal data, subject to legal or contractual obligations.
• Right to Restrict Processing: Request limitations on the processing of personal information in certain circumstances.
• Right to Object: Object to processing based on legitimate interests, including profiling, or for direct marketing purposes.
• Right to Data Portability: Receive personal data in a structured, machine-readable format or transfer it to another controller.
• Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.

Requests to exercise these rights can be submitted by contacting us at the address provided in the Contact Us part of this Privacy Policy. We may require verification of identity and may need to limit requests in certain circumstances to comply with applicable law or protect other users' rights.

Global Compliance Statement: We strive to comply with privacy and data protection laws globally. Users in jurisdictions not explicitly mentioned above may still exercise their rights in accordance with local laws, and we will respond to requests consistent with applicable legal requirements. See the Information About Local Privacy Laws part of this Privacy Policy for more information.

International Data Transfers

The Services are hosted on servers operated by Hetzner Online GmbH in Germany, ensuring that the majority of personal information is processed and retained within the European Union in accordance with applicable data protection laws.

Certain personal information may be transferred to or processed in other countries by our service providers, including but not limited to third-party payment processors, subscription management platforms, advertisement providers and AI content generation providers. These countries may not provide the same level of legal protection as your country or region of residence. By using the Services, you consent to such transfers.

For transfers of personal data from the European Economic Area (EEA), the United Kingdom, or Switzerland to countries without equivalent data protection, we rely on Standard Contractual Clauses (SCCs) or other legally recognized transfer mechanisms provided by our service providers.

Third-Party Websites and Platforms

The Services may provide access to or interact with Third-Party Providers. These Third-Party Providers operate independently, and we are not responsible for how they collect, store, use, or disclose any personal information you choose to share with them.

By using our Services, you acknowledge that your information may also be processed by our Third-Party Providers in accordance with their respective privacy policies. We encourage you to review those policies, as your use of our Services signifies your agreement to the processing of your information as described therein.

Cloudflare

We use Cloudflare, Inc. to operate, secure, and improve the performance and reliability of our Services. Cloudflare may process certain technical information, including but not limited to IP addresses, browser type, and traffic data. We do not control and are not responsible for how Cloudflare stores, uses, or discloses this data, and your interactions with Cloudflare are governed by Cloudflare’s Privacy Policy.

Do Not Track Disclosure

Most modern web browsers include an option to send a "Do Not Track" signal to the sites you visit, indicating that you prefer not to have your online activity tracked. At this time, there is no universally recognized standard for how websites must respond to such signals, and the Services do not alter their data collection practices based on them.

To help you control your information, we provide the choices described in this Privacy Policy, along with publicly available third-party tools, so you can manage how your data is collected and used while using the Services.

Children’s Privacy

The Services are not intended for children under the age of 18. Children under this age may only use the Services with verifiable parental or guardian consent. Without such consent, children are not permitted to use the Services.

When parental consent is provided, the child is considered to be acting with the oversight of a parent or guardian, who assumes responsibility for the child’s use of the Services. If parental confirmation is not provided within 14 days of account creation, the child’s account and associated personal information will be automatically deleted.

Parents or guardians have the right to access, control, or delete their child’s personal information. This can be done either directly through the Services by requesting a one-time password sent to the parent’s email, which allows access to the child’s account, or by contacting our support team. Support will assist with actions that may be legally required, including withdrawing consent or deleting the child’s account.

If personal information about a child is submitted to the Services without the appropriate parental consent, users or parents may notify us, and we will take steps to delete the information promptly.

To process parental access requests or actions concerning a child’s account, we may require legal proof of identity to ensure compliance with applicable laws.

Family and Parental Control Features of the Services

Where parental controls are enabled within a family group, parents may access and manage certain aspects of their child’s account, including viewing and modifying data. Children within a family cannot access each other’s data, and parents cannot access data belonging to other parents or unrelated children.

Information About Local Privacy Laws

The Services are intended for use worldwide, and we aim to comply with applicable privacy and data protection laws in all jurisdictions where we operate. Depending on your location, you may have specific rights regarding your personal information.

GDPR (European Union, European Economic Area, United Kingdom, Switzerland)

If you are located in the EU, EEA, UK, or Switzerland, you may have the following rights under the General Data Protection Regulation (GDPR) or equivalent local laws, as applicable:

• Right of Access: You may request information about the personal data we hold about you.
• Right to Rectification: You may request that inaccurate or incomplete personal data be corrected.
• Right to Erasure: You may request the deletion of your personal data, subject to limitations such as legal obligations or retention requirements.
• Right to Restrict Processing: You may request the limitation of processing your personal data in certain circumstances.
• Right to Object: You may object to processing based on legitimate interests, including profiling, or to direct marketing.
• Right to Data Portability: Where processing is based on consent or contract and carried out by automated means, you may receive your data in a structured, commonly used format.
• Right to Withdraw Consent: If you have provided consent for processing, you may withdraw it at any time without affecting the lawfulness of prior processing.

CCPA (California, USA)

If you are a California resident, you may have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You may request information about the personal data we collect, use, disclose, and sell.
• Right to Delete: You may request deletion of personal information we maintain, subject to certain exceptions.
• Right to Opt-Out of Sale: While we do not sell personal data, you may request that we do not sell your information in the future.
• Right to Non-Discrimination: Your access, use, or quality of the Services will not be affected for exercising your CCPA rights.

Other Jurisdictions

Users worldwide may have other rights under applicable local privacy and data protection laws. These rights can include access to personal information, correction or deletion of data, restrictions on processing, and the ability to object to certain uses of data. By using the Services, you may exercise these rights to the extent permitted by local law.

Exercising Your Rights

Requests to exercise these rights can be submitted by contacting us using the information provided in the Contact Us part of this Privacy Policy. We may need to verify your identity and may require additional information to process certain requests. Please note that the exercise of these rights may be subject to limitations under applicable local laws.

Cookies and Similar Technologies

Within the Services, we use cookies and similar technologies to support the basic operation of the Services, enhance functionality, improve user experience, and gain insights into how the Services are used. This part of the Privacy Policy describes the types of cookies and tracking technologies, their purposes, and your options for managing or limiting them, in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

What are cookies and similar technologies?

Cookies and similar technologies are small files or data stored on your device that help us improve your experience and make our Services work properly.

How do we use cookies and similar technologies?

Essential cookies and similar technologies

These are essential for the Services to operate correctly and provide core functionality. They help us:

• Authenticate users and manage secure sessions
• Enable subscription payments and prevent fraudulent transactions
• Protect against malicious activity and maintain the security of our Services
• Remember your cookie consent preferences

If you do not accept these cookies, key features of the Services may not function correctly.

Non-essential cookies

• Analytics: We collect usage data to understand how people use the Services and improve its features. Analytics data is only collected if you have explicitly granted consent.
• Ad Personalization: We may use cookies to show more relevant ads based on your interests. We will not use personalized ads without your explicit consent.

Third-party services

Some essential and non-essential functions of our Services are supported by external providers (for example, for analytics, payments, security, or advertising). These providers may process personal data through cookies in accordance with their own privacy notices. For further information, you may review their policies:

• How Google handles data from sites and apps that use Google services
• How Google uses cookies
• Cloudflare Privacy Policy
• RevenueCat Privacy Policy
• Stripe Privacy Policy
• Paddle Privacy Policy
• Google Privacy Policy
• Apple Privacy Policy

How to change cookie preferences?

• You can change your consent at any time by going to the Privacy section in the "App Settings".
• You can also manage or disable cookies through your browser settings, but please note that certain functionalities of the Services may not work if essential cookies are blocked.

Withdrawal of consent does not affect data already collected before the change.

Updates to This Privacy Policy

We may revise this Privacy Policy from time to time to reflect changes in the Services, legal requirements, or the way we handle information. Any updates will take effect when the revised Privacy Policy is published on the Services.

We encourage you to review this Privacy Policy periodically. Continued use of the Services after any changes constitutes your acceptance of the updated terms.

Contact Us

If you have any questions about this Privacy Policy, your personal information, or wish to exercise any of your rights under applicable privacy laws, you may contact us by email: