Privacy Policy (2026)

1. Preamble

Deployed OÜ, operating the SparkList service, hereinafter referred to as “SparkList”, “we”, “our”, or “us”, places great importance on protecting the privacy and personal data of its users.

The purpose of this Privacy Policy is to inform users of the SparkList application and website, hereinafter the “Service”, about how we collect, use, share, store, and protect their personal data, in accordance with Regulation (EU) 2016/679, known as the General Data Protection Regulation or “GDPR”.

This Policy applies to all personal data collected and processed in connection with the use of SparkList.

The Service is published by:

• Company name: Deployed OÜ
• Legal form: Private limited company
• Registered office: Sauna 4-6, Muraste, 76905 Harju maakond, Estonia
• Registry code: 14566662
• VAT number: EE102098871
• Website: https://sparklist.io
• Contact email: andrea@sparklist.io

SparkList is a visual checklist, proof-of-work, and property operations application for short-term rental property managers, conciergeries, hosts, cleaning companies, and service teams.

2. Personal data collected

In connection with the provision of the Service, SparkList may collect and process different categories of personal data.

2.1 Account and contact data

This may include:

• first name and last name;
• professional email address;
• phone number;
• company name;
• role or job title;
• account login information;
• language and country preferences;
• team role and permissions.

2.2 Company and billing data

This may include:

• company name;
• billing address;
• VAT number, if applicable;
• subscription or usage information;
• invoices;
• payment status;
• transaction date;
• partial payment method information.

SparkList does not store complete credit card information. Payments are processed by secure third-party payment providers, such as Stripe, Apple, Google, or any other provider used by SparkList.

2.3 Property and checklist data

Users may upload or create property-related and operational data, including:

• property names;
• property addresses;
• rooms;
• checklists;
• cleaning tasks;
• inspection tasks;
• maintenance tasks;
• restocking tasks;
• reference instructions;
• required photo steps;
• issue reports;
• property status, such as active or paused.

2.4 Team member and cleaner data

When a manager invites cleaners, staff members, service providers, or other team members to use SparkList, we may process:

• name;
• email address;
• phone number;
• role or permissions;
• assigned properties or checklists;
• checklist activity;
• task completion data;
• issue reports;
• timestamps;
• location-related data when geolocation features are enabled or required.

2.5 Photos and media

SparkList allows users and team members to upload photos as proof of work, cleaning validation, inspection evidence, issue reporting, or checklist completion.

These photos may show rooms, furniture, objects, cleaning results, damages, missing items, restocking status, or maintenance issues.

Photos may incidentally contain personal data, such as a reflection of a person, a visible document, a screen, a photo frame, or personal belongings.

Users are responsible for minimizing the capture of unnecessary personal data in photos.

2.6 Geolocation data

When geolocation features are enabled or required, SparkList may collect location-related data to help verify whether a team member is at or near a property when starting or completing a checklist.

This may include:

• approximate or precise device location;
• distance from the property;
• time of location check;
• location validation result;
• successful or failed checklist launch attempt.

Geolocation accuracy may depend on the device, operating system, GPS signal, internet connection, user permissions, and environmental conditions.

2.7 Connection and usage data

We may collect technical and usage data, including:

• IP address;
• device type;
• operating system;
• browser type and version;
• app version;
• connection dates and times;
• pages or screens visited;
• actions performed in the Service;
• event logs;
• crash logs;
• diagnostic data.

SparkList may use analytics and product usage tools such as UXCam and Mixpanel to understand how users interact with the Service and to improve usability, performance, and reliability.

2.8 Support and communication data

When users contact SparkList, we may process:

• email content;
• WhatsApp or message content;
• support request details;
• attachments;
• technical information needed to resolve the issue;
• communication history.

2.9 AI-related data

SparkList may use artificial intelligence features, including ChatGPT-4 Vision provided by OpenAI, to assist with certain features such as visual analysis, checklist support, content suggestions, or other productivity features.

When AI features are used, SparkList may process the data submitted to these features, which may include photos, checklist content, task descriptions, property-related instructions, or other user-provided information.

AI-generated outputs are assistance tools only. Users remain responsible for reviewing and validating any result before relying on it operationally.

3. Processing purposes and legal bases

SparkList processes personal data for determined, explicit, and legitimate purposes.

When SparkList processes data on behalf of a professional user, the professional user may act as data controller, and SparkList may act as data processor. In that case, the professional user is responsible for determining the appropriate legal basis for processing the personal data of cleaners, employees, contractors, service providers, property owners, guests, or other third parties.

4. Automated processing and AI features

SparkList may include AI-assisted features, including image analysis or content generation features using ChatGPT-4 Vision or related OpenAI services.

These features may help users analyze photos, create checklist content, improve instructions, or assist with property operations.

AI outputs are provided for assistance only. They may be incomplete, inaccurate, or unsuitable for a specific property, task, or situation.

SparkList does not replace human review, professional judgment, or the user’s own operational responsibility.

The final validation of a checklist, photo, property task, issue report, inspection, or cleaning result remains the sole responsibility of the user.

Where applicable under GDPR, users may have rights relating to automated processing, including the right to obtain human intervention, express their point of view, or contest a decision.

5. Data recipients

Personal data is processed in strict confidence and shared only when necessary for the operation of the Service.

5.1 Authorized SparkList personnel

Authorized SparkList personnel may access personal data only where necessary for their functions, including:

• customer support;
• technical maintenance;
• billing support;
• security;
• bug fixing;
• product improvement;
• legal compliance.

5.2 Sub-processors and service providers

SparkList may use the following providers:

These providers process personal data only to the extent necessary to provide their services to SparkList.

5.3 Authorities

Personal data may be disclosed to judicial, administrative, tax, regulatory, or law enforcement authorities where required by law or where necessary to protect SparkList’s rights, users, or the security of the Service.

6. Transfer of data outside the European Economic Area

SparkList aims to store and process data within the European Economic Area where possible.

However, some providers used by SparkList may process personal data outside the European Economic Area, including in the United States.

This may include providers such as OpenAI, UXCam, Mixpanel, Sentry, Firebase / Google, Stripe, Apple, or other technical service providers.

Where personal data is transferred outside the European Economic Area, SparkList ensures that appropriate safeguards are implemented where required, such as:

• an adequacy decision adopted by the European Commission;
• the EU-US Data Privacy Framework where applicable;
• the European Commission’s Standard Contractual Clauses;
• additional technical and organizational measures where necessary.

7. Data retention period

SparkList retains personal data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required by law.

7.1 Account and client data

Account, identification, contact, and company data are retained for the duration of the contractual relationship, then archived or deleted in accordance with applicable legal limitation periods.

7.2 Billing and transaction data

Billing, invoice, and transaction data may be retained for the period required by applicable accounting and tax laws.

7.3 Property, checklist, photo, and report data

Property data, checklists, photos, task history, issue reports, and proof-of-work records are retained while the user account is active or as configured by the user.

After account termination, such data may be deleted, anonymized, or retained for a limited period where necessary for account recovery, legal compliance, security, or dispute resolution.

7.4 Paused property data

When a property is paused, its data may remain stored in the user account so that the property can be reactivated later.

Paused property data is not automatically deleted unless the user deletes it or the account is terminated.

7.5 Geolocation and activity data

Geolocation and job activity data are retained for as long as necessary to provide proof-of-work features, support the Service, ensure security, and comply with legal obligations.

7.6 Connection, analytics, and technical logs

Connection logs, analytics data, crash logs, and technical diagnostic data are retained for a limited period necessary for security, troubleshooting, product improvement, and legal compliance.

7.7 Support data

Support communications are retained for as long as necessary to manage the customer relationship, resolve support requests, and improve the Service.

8. Data security

SparkList implements appropriate technical and organizational measures to protect personal data.

These measures may include:

• HTTPS encryption;
• secure hosting infrastructure;
• access control;
• authentication systems;
• role-based permissions;
• server monitoring;
• backups;
• error monitoring;
• restricted access to production systems;
• security updates;
• internal confidentiality obligations.

However, no internet-based service can be guaranteed to be completely secure.

Users are responsible for keeping their accounts secure, using strong passwords, protecting their devices, and limiting access to authorized persons only.

9. User responsibilities

Because SparkList is used by professional users to manage teams and property operations, users are responsible for ensuring that their use of the Service complies with applicable laws.

In particular, users are responsible for:

• informing cleaners, employees, contractors, service providers, and other team members about the use of SparkList;
• informing relevant persons that photos, timestamps, activity data, and geolocation data may be processed;
• obtaining consent or relying on another valid legal basis where required;
• avoiding unnecessary capture of personal data in photos;
• avoiding photographing people, identity documents, private documents, or personal belongings unless necessary;
• configuring geolocation and checklist requirements lawfully;
• removing access for team members who should no longer use the Service;
• ensuring that uploaded content does not infringe the rights of third parties.

10. Cookies and trackers

The SparkList website and Service may use cookies and similar technologies.

Strictly necessary cookies are used to operate the Service and do not require consent where permitted by law.

Analytics, performance, session recording, or marketing cookies may be used only where required consent has been obtained.

SparkList may use tools such as UXCam and Mixpanel to understand usage, improve the Service, and identify usability issues.

For more information, users may consult the SparkList Cookie Policy, where available, or manage their preferences through the cookie banner or application settings.

11. Your data rights

In accordance with the GDPR, users and data subjects may have the following rights:

• Right of access: to obtain confirmation that personal data is being processed and access that data.
• Right to rectification: to correct inaccurate or incomplete personal data.
• Right to erasure: to request deletion of personal data, subject to legal obligations.
• Right to restriction: to request temporary suspension of certain processing.
• Right to data portability: to receive personal data in a structured, commonly used, machine-readable format.
• Right to object: to object to processing based on legitimate interest or to direct marketing.
• Right to withdraw consent: where processing is based on consent.
• Rights relating to automated processing: where applicable, to obtain human intervention, express a point of view, or contest a decision.

To exercise these rights, contact SparkList at:

andrea@sparklist.io

A copy of proof of identity may be requested where necessary to verify the request.

If SparkList processes the relevant personal data on behalf of a professional user, SparkList may redirect the request to that user or assist that user in responding, depending on the applicable legal role.

12. Right to lodge a complaint

If, after contacting SparkList, you believe that your personal data rights are not being respected, you have the right to lodge a complaint with the competent data protection authority.

Because SparkList is operated by an Estonian company, the competent authority may be the Estonian Data Protection Inspectorate, without prejudice to your right to contact the authority in your country of residence, workplace, or the place of the alleged infringement.

13. Amendment of the Policy

SparkList reserves the right to amend this Privacy Policy at any time.

In the event of a substantial amendment, SparkList will inform users by any appropriate means, such as email, notification through the Service, or website notice, before the amended Policy takes effect.

The updated version will apply from the date indicated at the top of the Policy.

14. Contact

For any question regarding this Privacy Policy or the processing of personal data, please contact us at:

SparkList

Email: andrea@sparklist.io

Website: https://sparklist.io