Privacy Policy

Last Updated: March 25, 2026

1. Introduction

ToolSparkr Autopilot (“we”, “our”, “us”) respects your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information. This policy applies to our web dashboard at app.toolsparkr.com and our Chrome browser extension.

2. What We Collect

• Account information: Email address and name (provided during signup).
• Business information: Business name, industry, target audience, brand voice (provided in autopilot settings).
• Social media connection tokens: OAuth access tokens for connected platforms. These allow us to post on your behalf. We do NOT store your social media passwords.
• Post content: Text, images, hashtags, and scheduling data for content you create or that AI generates for you.
• Engagement analytics: Public metrics such as likes, followers, retweet counts — only data that is publicly visible on each platform.
• Browser extension usage: Which features you use, connection status, and settings preferences. No browsing history is collected.

3. What We Do NOT Collect

• We NEVER see, access, or store your social media passwords.
• We NEVER access your private messages, DMs, or inbox on any platform.
• We NEVER read your personal contacts or address book.
• We NEVER collect your browsing history outside of social media platforms.
• We NEVER sell, rent, or share your personal data with third parties for advertising.

4. How We Use Your Data

• To schedule and publish your social media posts across connected platforms.
• To generate AI-powered reply suggestions for comments on your posts.
• To discover relevant communities and groups for your niche.
• To provide analytics, performance reports, and growth insights.
• To send you weekly reports and important notifications (configurable).
• To improve our service and develop new features.

5. Data Storage and Security

• All data is encrypted in transit using 256-bit SSL/TLS encryption.
• Data is stored on secure servers provided by DigitalOcean (Singapore region).
• Access to servers and data is restricted to authorized personnel only.
• We conduct regular security reviews of our infrastructure.
• Each user’s data is isolated — no cross-account access.

6. Chrome Extension Permissions

Our browser extension requests the following permissions, each for a specific purpose:

• “storage” — To save your preferences and login session locally in your browser.
• “alarms” — To periodically check for scheduled posts that are due for publishing.
• “notifications” — To alert you of important events (post published, connection expired).
• “tabs” — To open social media sites when publishing scheduled posts.
• “cookies” — To detect if you are logged into social media platforms.
• Host permissions for social media sites — To post content and engage on your behalf using the platform’s own interface. We only access these sites to perform actions you have authorized.

We request only the minimum permissions needed for the extension to function.

7. Data Deletion

• You can delete all your data at any time from your account Settings page.
• Click “Delete All My Data” in Settings to permanently remove all posts, configurations, tokens, analytics, and logs.
• All data is permanently deleted within 24 hours of your request.
• Uninstalling the Chrome extension immediately removes all locally stored data.
• You can also email us at [email protected] to request data deletion.

8. Cookies

• We use essential session cookies to maintain your login state.
• We do not use advertising or tracking cookies.
• The Chrome extension stores preferences using Chrome’s built-in storage API, not cookies.

9. Third-Party Services

• AI providers (Groq, Google Gemini, Cerebras) — Used for content generation and reply suggestions. Your prompts are processed but not permanently stored by these providers.
• Social media platforms (Twitter/X, LinkedIn, Pinterest, etc.) — Governed by their own privacy policies. We only interact with these platforms to perform actions you authorize.
• DigitalOcean — Our hosting provider. Data is stored in their Singapore data center.
• Gmail SMTP — Used to send notification emails and weekly reports.

10. GDPR Compliance (EU/EEA Users)

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

• Right to access: Request a copy of all personal data we hold about you.
• Right to rectification: Request correction of inaccurate personal data.
• Right to erasure: Request deletion of your personal data (“right to be forgotten”).
• Right to data portability: Request your data in a machine-readable format (CSV export available in Settings).
• Right to restrict processing: Request that we limit how we use your data.
• Right to withdraw consent: Withdraw consent for data processing at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

11. Children’s Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that we have collected data from a child under 13, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. Changes will be posted on this page with an updated “Last Updated” date. If we make material changes, we will notify you by email or in-app notification. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

• Email: [email protected]
• Website: https://app.toolsparkr.com