Effective Date: June 16, 2026 | Last Updated: June 16, 2026
INTRODUCTION
This Privacy Policy explains how Sparkly, Inc. ("Sparkly," "we," "us," or "our"), a corporation incorporated in the State of Delaware, USA, and its Nigerian subsidiary, SPARKLYHQ LIMITED, collect, use, store, share, protect, and otherwise process your personal data when you access or use the Sparkly platform, including our website, mobile applications, and all related services (collectively, the "Platform").
For users located in Nigeria, SPARKLYHQ LIMITED acts as the Data Controller within the meaning of the Nigeria Data Protection Regulation 2019 (NDPR) and the Nigeria Data Protection Act 2023 (NDPA). For all other users, Sparkly, Inc. acts as the Data Controller. Both entities are committed to responsible and lawful data processing.
NDPR Notice: If you are located in Nigeria, your personal data is processed by SPARKLYHQ LIMITED as Data Controller in compliance with the NDPR and NDPA. You have specific rights under Nigerian data protection law, set out in Section 12 of this Policy.
By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy. Where required by law, we will obtain your express consent before processing your personal data.
If you do not agree with this Privacy Policy, you must not use the Platform. For questions or concerns, please contact us at support@sparkly.so.
1. DEFINITIONS
The following definitions apply throughout this Privacy Policy:
2. ABOUT US — DUAL ENTITY STRUCTURE
Sparkly operates through two related legal entities:
Both entities operate the same Platform and are subject to this Privacy Policy. References to "Sparkly," "we," "us," or "our" refer to the applicable entity based on your location and how you access the Platform.
3. PERSONAL DATA WE COLLECT
3.1 Information You Provide Directly
3.2 Information We Collect Automatically
3.3 Information from Third Parties
3.4 Cookies & Tracking Technologies
We collect information through cookies and similar technologies. See Section 7 below for full details of how we use cookies and your choices regarding them.
4. HOW WE USE YOUR PERSONAL DATA
We use your Personal Data for the following purposes:
4.1 Providing & Operating the Platform
To create and manage your account; to authenticate your identity; to enable Creator and Member features; to process payments and facilitate payouts; to enable Integrations; to deliver Platform features, updates, and improvements; and to provide customer support.
4.2 Payments & Financial Operations
To process Member payments, credit Creator earnings to Wallets, facilitate payout withdrawals, detect and prevent fraudulent transactions, and comply with financial regulations and AML obligations.
4.3 Identity Verification & Regulatory Compliance
To verify your identity through KYC procedures; to comply with anti-money laundering (AML), counter-terrorism financing (CTF), and tax reporting obligations; and to report information to regulatory authorities as required by applicable law.
4.4 Safety & Security
To detect, investigate, and prevent fraud, abuse, policy violations, unauthorized access, and security incidents; to maintain and improve Platform security; and to protect the rights and safety of our Users and third parties.
4.5 Personalization & Recommendations
To personalize your Platform experience; to recommend relevant communities, products, events, and challenges; and to tailor Platform features to your preferences and usage patterns.
4.6 Communications
To send you transactional and service communications (account alerts, payment receipts, security notifications, subscription renewals); and where permitted by applicable law or with your consent, to send marketing communications about Sparkly features, promotions, and partner offerings. You may opt out of marketing communications at any time via the unsubscribe link or by adjusting your notification settings.
4.7 Analytics & Platform Improvement
To analyze how Users interact with the Platform; to conduct research; to test new features; and to improve the quality, performance, and functionality of our Services.
4.8 Legal Compliance & Enforcement
To comply with applicable laws and regulations; to respond to valid legal process, court orders, or government requests; and to enforce our Terms of Use and other policies.
5. LAWFUL BASIS FOR PROCESSING (NDPR & GDPR)
Where required by applicable law (including the NDPR for Nigerian users and the GDPR for EU/EEA users), we must identify a lawful basis for each category of processing. We rely on the following lawful bases:
6. DATA MINIMIZATION & PURPOSE LIMITATION
In accordance with the NDPR and applicable data protection principles, we are committed to:
7. COOKIES & TRACKING TECHNOLOGIES
7.1 What We Use
We use cookies, web beacons, pixel tags, local storage, and similar tracking technologies to operate the Platform, recognize you across sessions, remember your preferences, analyze usage, and deliver relevant advertising.
7.2 Types of Cookies
7.3 Your Cookie Choices
Upon your first visit to the Platform, we will present a cookie consent notice. You may:
You may update your cookie preferences at any time through the Platform settings. You may also manage or delete cookies through your browser settings; however, disabling certain cookies may affect Platform functionality or your user experience.
7.4 Analytics Opt-Outs
To opt out of specific analytics services:
8. HOW WE SHARE YOUR PERSONAL DATA
We do not sell your Personal Data to third parties. We may share your Personal Data in the following circumstances:
8.1 With Creators
When you (as a Member) join a Creator's community, purchase a product, register for an Event, or participate in a Challenge, we share relevant profile information (such as your name, email address, and purchase details) with the Creator to enable them to deliver the purchased service and manage their community.
8.2 With Members
When you are a Creator, your public profile information (including your name, biography, and community details) is visible to Members and prospective Members of your community.
8.3 With Service Providers (Data Processors)
We share Personal Data with carefully vetted third-party service providers who assist us in operating and improving the Platform, including:
All service providers are engaged under written data processing agreements that require them to process your Personal Data only as instructed by Sparkly, implement appropriate security measures, and not disclose your data to unauthorized parties.
8.4 With Integrated Platforms
When you connect a third-party Integration (Telegram, WhatsApp, Slack, Discord), we share configuration and membership access data with that Integrated Platform to enable and maintain the connection. Your data is also subject to the privacy policy of the relevant Integrated Platform.
8.5 For Legal Compliance & Protection
We may disclose your Personal Data where required or permitted by applicable law, including: to comply with a valid court order, subpoena, or other legal process; in response to a lawful request from a regulatory or government authority (including the NDPC, NITDA, or tax authorities); or where we believe disclosure is necessary to protect the rights, property, or safety of Sparkly, our Users, or the public.
8.6 Business Transfers
In connection with a merger, acquisition, restructuring, or sale of all or substantially all of our assets, your Personal Data may be transferred to the acquiring entity. We will provide you with notice of any such transfer before your data is transferred, and we will require the acquirer to honor the commitments in this Privacy Policy.
8.7 With Your Consent
We may share your Personal Data with other third parties for additional purposes not listed above if we have obtained your prior, explicit consent.
9. INTERNATIONAL DATA TRANSFERS
9.1 Cross-Border Transfers
Sparkly operates globally, and your Personal Data may be transferred to, stored in, and processed in countries other than the country in which you reside — including the United States, the European Economic Area, and other jurisdictions where our service providers maintain infrastructure.
9.2 Transfer Safeguards
Where we transfer Personal Data across borders, we implement appropriate safeguards to ensure that your data receives an adequate level of protection, including:
9.3 NDPR-Specific Requirements
For Personal Data originating in Nigeria, all cross-border transfers are conducted in accordance with Part III of the NDPR and the NDPA, including the requirement that recipient countries or organizations provide an adequate level of protection.
10. DATA RETENTION
10.1 General Principle
We retain your Personal Data only for as long as is necessary to fulfill the purposes for which it was collected, as set out in this Privacy Policy, unless a longer retention period is required or permitted by applicable law.
10.2 Account Data
Account information is retained for the duration your account is active. Following account deletion or deactivation, we retain certain account data for a period of up to seven (7) years to comply with financial, tax, and regulatory reporting obligations, and for fraud prevention and dispute resolution purposes.
10.3 Transaction & Financial Data
Payment records, transaction histories, and financial data are retained for a minimum of seven (7) years following the relevant transaction in compliance with applicable financial regulations, accounting standards, and tax laws.
10.4 KYC & Identity Data
Identity verification records are retained for the period required by applicable AML and KYC regulations — typically five (5) to seven (7) years after the end of your relationship with us.
10.5 Usage & Analytics Data
Aggregated and anonymized usage and analytics data that cannot be used to identify you may be retained indefinitely for Platform improvement and research purposes.
10.6 Post-Deletion Retention
Even after you request deletion of your account or Personal Data, we may retain certain information where: required by applicable law or regulation; necessary to prevent fraud or abuse; necessary to resolve outstanding disputes or enforce our agreements; or to satisfy the retention periods specified above. We will inform you of any data that cannot be immediately deleted and the reason for its continued retention.
11. DATA SECURITY
11.1 Security Measures
We implement appropriate technical, administrative, and organizational security measures designed to protect your Personal Data from unauthorized access, accidental loss, destruction, disclosure, alteration, or misuse. These measures include, without limitation:
11.2 No Absolute Guarantee
Despite our rigorous security measures, no method of data transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your Personal Data. You acknowledge and accept the inherent security risks of providing information online.
11.3 Data Breach Notification
In the event of a personal data breach that is reasonably likely to result in harm to you or to others, we will:
11.4 Your Responsibility
You are responsible for maintaining the security and confidentiality of your account credentials. We will never ask for your password via email or unsolicited communications. If you believe your account has been compromised, notify us immediately at support@sparkly.so.
12. YOUR DATA SUBJECT RIGHTS
12.1 Rights Under the NDPR (Nigerian Users)
Pursuant to the NDPR and the Nigeria Data Protection Act 2023, if you are located in Nigeria, you have the following rights in respect of your Personal Data:
12.2 Rights Under the GDPR (EU/EEA Users)
If you are located in the EU or EEA, you have equivalent rights under the GDPR, including all rights described in Section 12.1 above. You also have the right to lodge a complaint with the data protection supervisory authority in your EU Member State.
12.3 Rights Under the CCPA (California Residents)
If you are a California resident, you have the following rights under the CCPA:
13. HOW TO EXERCISE YOUR RIGHTS
13.1 Submitting a Request
To exercise any of the rights described in Section 12, please:
13.2 Identity Verification
To protect your Personal Data and prevent unauthorized access, we may require you to verify your identity before processing your request.
13.3 Response Timeframes
We will acknowledge receipt of your request within 7 business days and provide a substantive response within the following timeframes:
13.4 Limitations on Requests
We may decline or limit requests in certain circumstances, including where: compliance is required by law; the request would adversely affect the rights of others; the request is manifestly unfounded or excessive; or the data is necessary to fulfill our ongoing contractual obligations to you. We will explain the reason for any refusal.
14. CHILDREN'S PRIVACY
The Platform is not directed to individuals under the age of 18 years. We do not knowingly collect, solicit, or process Personal Data from anyone under 18.
If you are a parent or legal guardian and believe that a child under 18 has provided us with Personal Data without your consent, please contact us immediately at support@sparkly.so, providing sufficient information for us to identify the relevant data. We will take prompt steps to delete such Personal Data from our systems.
Any account we discover to have been created by a person under 18 will be suspended and deleted, and any associated funds will be handled in accordance with applicable law.
15. THIRD-PARTY LINKS & SERVICES
The Platform may contain links to or integrations with third-party websites, applications, or services not owned or controlled by Sparkly, including our Integrated Platforms (Telegram, WhatsApp, Slack, and Discord). Sparkly has no control over and assumes no responsibility for the content, data practices, security, or privacy policies of any third-party site or service.
This Privacy Policy does not govern the data practices of any third-party website or service. We strongly encourage you to read the privacy policy of every third-party service you use, especially before sharing any Personal Data with them.
16. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy periodically to reflect changes in our data practices, Platform features, applicable law, or regulatory guidance. When we make changes, we will:
Your continued use of the Platform after the effective date of a revised Privacy Policy constitutes your acceptance of the changes. If you do not agree with the updated Privacy Policy, you must cease using the Platform.
17. CONTACT US
For any questions, concerns, complaints, or requests relating to this Privacy Policy or our data practices, please contact us:
Sparkly, Inc. (United States):
Email: support@sparkly.so
Website: www.sparkly.so
SPARKLYHQ LIMITED (Nigeria):
Email: support@sparkly.so
By using Sparkly, you agree to this Privacy Policy