Privacy Policy

MetaSpark (“we”, “us”) is an agent workforce platform. To run agents for you we need to read tasks, documents, and metadata from the tools you connect, store some of that to make agents useful, and remember enough about your account to bill you and let you sign in. We don’t sell your data. We don’t train our models on your content. You can export or delete your data at any time. Questions: [email protected].

• Account data. Name, work email, password hash (if you use password sign-in), profile photo if you provide one, and team membership.
• Workspace data. The content you create or import into MetaSpark: tasks, boards, documents, comments, prompts, and the metadata around them (timestamps, authors, status).
• Connector data. When you authorize a connector (Slack, Microsoft 365, Google Workspace, GitHub, etc.) we read the scopes you granted — typically messages, tasks, files, calendar events, and email metadata — and store the slices our agents need to work.
• Usage telemetry. Pages you visit, features you use, request timings, error reports. Used to keep the product fast and find bugs. Anonymized where reasonable.
• Device + log data. IP address, browser type, OS, and standard HTTP headers. Retained for security and abuse-prevention purposes.
• Billing. If you have a paid plan, our payment processor (Stripe) stores your card details on their servers; we store a customer reference and a subscription state.

• To operate the product — show your tasks, run agents, deliver notifications.
• To improve reliability, performance, and safety — diagnose errors, monitor abuse, measure feature adoption.
• To communicate with you — service updates, security notices, billing receipts, and (with consent) product news.
• To comply with legal obligations and enforce our Terms.

We do not train foundation models on your content. Agent prompts and responses pass through model providers (e.g. Anthropic, OpenAI, Azure OpenAI) under contracts that prohibit training on the requests we send.

We share data only with:

• Subprocessors we rely on to run MetaSpark — cloud infrastructure (Microsoft Azure), model providers (Anthropic, OpenAI, Azure OpenAI), email delivery, error tracking, and the connector vendors you authorize. Each is bound by a data-processing agreement.
• Authorized users in your workspace, per the permissions you set.
• Law enforcement when we receive a valid legal request and have no choice. We notify you unless legally prohibited.
• Successor entity in the event of merger, acquisition, or asset sale — under the same protections as this policy.

We do not sell personal data and we do not share it for cross-context behavioral advertising.

Workspace data is stored in customer-isolated Azure regions (US by default; EU available on request). We retain account and workspace data for the lifetime of your account. When you delete your account, we delete or anonymize your data within 30 days, with two exceptions: (a) billing records retained for tax compliance, and (b) backups, which expire on their normal rotation (typically 30 days).

You can export workspace data at any time from Settings → Data & privacy.

Depending on where you live (GDPR, CCPA, and equivalents apply), you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your data (subject to legal-retention exceptions).
• Export your data in a portable format.
• Object to or restrict certain processing.
• Withdraw consent for marketing communications at any time.

To exercise any of these, email [email protected]. We respond within 30 days.

We use cookies (and localStorage) for two reasons: to keep you signed in, and to remember your preferences. We do not use third-party advertising cookies. A short banner on first visit asks you to accept analytics cookies; you can decline and still use the product.

We encrypt data in transit (TLS 1.2+) and at rest. Secrets are stored in a managed key vault, not in source. Production access is restricted to a small set of engineers using single-sign-on with hardware second factor. We are SOC 2 aligned — request our current trust report at [email protected].

MetaSpark is headquartered in the United States. If you access the product from outside the US, your data may be transferred to and processed in the US under EU Standard Contractual Clauses (where applicable). EU and UK residents may contact our representative at [email protected].

MetaSpark is not directed to children under 16, and we do not knowingly collect data from anyone under 16. If you believe we have, contact us and we will delete it.

We may update this policy from time to time. Material changes will be announced at least 30 days in advance via email or in-product notice. The “Effective” date at the top of this page always reflects the current version.

Privacy questions: [email protected]
Security disclosures: [email protected]
Mailing address: MetaSpark, Inc. — address on request.