Privacy Policy

How we protect your data

Effective Date: October 25, 2025

1. Controller Information

This Privacy Policy applies to the SaaS product AppSpark, operated by Georg Weiser, Rheinfelsstraße 22, 55469 Simmern, Germany ("Controller", "we", "us").
Email: support@postspark.com

2. Purpose of the Service

AppSpark is a B2B SaaS tool that allows users to identify relevant Reddit posts using the Reddit API and to generate comment suggestions using the OpenAI API (ChatGPT 3.5).
Comments are only sent manually by the user through their connected Reddit account.

3. Processed Data

We process the following categories of data:

  • User Account Data: email address, username, password (hashed), and login information.
  • Integration Data: Reddit account connection tokens (OAuth), Reddit usernames, and related API metadata.
  • Content Data: posts and comment drafts generated or displayed via Reddit API or OpenAI API.
  • Payment Data: managed exclusively by Digistore24 (no credit card information is stored by AppSpark).
  • Usage Data: general analytics, feature usage, and operational logs.

4. Legal Bases (Articles 6 & 13 GDPR)

Processing occurs on the following legal bases:

  • Art. 6(1)(b) GDPR: Contract performance (account setup, service functionality).
  • Art. 6(1)(f) GDPR: Legitimate interest in service optimization, fraud prevention, and API integrity.
  • Art. 6(1)(c) GDPR: Compliance with legal obligations (e.g. billing, tax law).

5. Data Storage & Hosting

Hosting: Vercel (EU region)
Database: Supabase, hosted in Frankfurt, Germany
All data is encrypted in transit and at rest.

6. Third-Party Integrations

We use:

  • Reddit API: to fetch publicly available Reddit posts and comments.
  • OpenAI API (ChatGPT 3.5): to generate comment drafts.
  • Digistore24: for subscription management and payment processing.

7. Data Retention & Deletion

Users may delete their account, comments, or data at any time via the Service interface.
Deleting an account will permanently remove all associated data from our systems.
Retention of billing data occurs only as legally required (e.g. tax purposes).

8. Data Subject Rights

Under Articles 15–22 GDPR, you have the right to:

  • Access, rectify, or delete your data.
  • Restrict or object to processing.
  • Request data portability.

Requests may be made via email to support@postspark.com.

9. Data Security

We apply appropriate technical and organizational measures (TOMs) under Article 32 GDPR, including encryption, access control, and periodic security audits.

10. International Transfers

No personal data is transferred outside the EEA unless adequate protection (Art. 46 GDPR) is ensured.

11. Changes to this Policy

We reserve the right to modify this Privacy Policy to reflect legal or technical updates. Updates will be announced on the website.

Back to Home