SecuSparkSecuSpark
Start Free

Privacy Policy

Last updated: March 9, 2026

Overview

SecuSpark ("we", "us", "our") is an RPG-gamified CompTIA certification exam preparation platform available at secuspark.com. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our application, including when you sign in with your Google account.

By using SecuSpark, you agree to the practices described in this policy. If you do not agree, please do not use our application.

1. Information We Collect

1.1 Google Account Data

When you sign in to SecuSpark using Google OAuth, we receive and store the following information from your Google account:

  • Email address — used to create and identify your SecuSpark account
  • Display name — shown in your profile, leaderboards, and clan features
  • Profile picture URL — displayed as your avatar within the application

We do not request access to your Google contacts, calendar, Drive, Gmail, or any other Google services beyond basic profile information. We use Google OAuth solely for authentication purposes.

1.2 Account and Profile Data

When you create an account (via Google sign-in or email), we store your profile information in our database, including your display name, email, avatar URL, and subscription status.

1.3 Study Progress and Game Data

Your study progress, exam results, XP, achievements, battle history, and other game data are stored locally on your device using IndexedDB. If you have an account, certain progress data may be synced to our servers to enable features like leaderboards, clans, and cross-device access.

1.4 Usage Analytics

We use PostHog (EU-hosted) to collect anonymized usage analytics, including page views, feature usage, and general engagement metrics. No personal information or exam content is tracked through analytics.

1.5 Payment Information

If you purchase a subscription, payment processing is handled entirely by LemonSqueezy, our Merchant of Record. We do not collect, store, or have access to your credit card numbers or payment details. LemonSqueezy handles all payment processing, taxes, and billing.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Authentication — to verify your identity and provide secure access to your account
  • Application functionality — to display your profile, track progress, maintain leaderboards, and enable social features like clans
  • AI explanations — when you request AI-powered explanations for exam questions, the question content (not your personal data) is sent to OpenAI for processing
  • Product improvement — to understand usage patterns and improve features through anonymized analytics
  • Communication — to send transactional emails related to your account (e.g., subscription confirmations)

We do not use your Google user data for advertising, marketing emails, or any purpose unrelated to providing and improving SecuSpark's core functionality.

3. How We Share Your Information

We do not sell your personal data, including Google user data, to any third party.

We share data with the following service providers solely to operate SecuSpark:

  • Supabase — database and authentication hosting (stores your profile and account data)
  • Vercel — application hosting and deployment
  • OpenAI — processes exam question content (not personal data) to generate AI explanations
  • LemonSqueezy — payment processing and subscription management
  • PostHog — anonymized usage analytics (EU-hosted)
  • Resend — transactional email delivery

We do not transfer or disclose Google user data to any parties beyond these service providers. Each provider processes data in accordance with their own privacy policies and data processing agreements.

4. Data Protection

We implement the following measures to protect your data:

  • All data in transit is encrypted using TLS/HTTPS
  • Database access is protected with Row Level Security (RLS) policies, ensuring users can only access their own data
  • Authentication tokens are managed securely through Supabase Auth with industry-standard practices
  • We do not store passwords — authentication is delegated to Google OAuth or Supabase's secure auth system
  • Access to production systems is restricted to authorized personnel only

5. Data Retention and Deletion

Local data: Study progress stored in your browser's IndexedDB persists until you clear your browser data or use our in-app data management tools.

Account data: Your profile and account information is retained for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us at privacy@secuspark.com.

Analytics data: Anonymized analytics data is retained according to PostHog's data retention policies.

Upon account deletion, we will delete all your personal data from our systems within 30 days, including any Google user data associated with your account.

6. Your Rights

You have the right to:

  • Access your personal data stored in our systems
  • Export your local study data at any time using our in-app tools
  • Delete your account and all associated data by contacting us
  • Revoke Google OAuth access at any time through your Google Account permissions
  • Opt out of analytics tracking by using browser privacy settings or ad blockers

7. Google API Services User Data Policy

SecuSpark's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we confirm that:

  • We only use Google user data (email, name, profile picture) for providing and improving SecuSpark's user-facing features
  • We do not use Google user data for serving advertisements
  • We do not sell Google user data to third parties
  • We do not use Google user data for purposes unrelated to SecuSpark
  • Human access to Google user data is limited to what is necessary for security, legal compliance, or direct user support

8. Children's Privacy

SecuSpark is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete that information promptly.

9. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of SecuSpark after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions or concerns about this privacy policy or our data practices, contact us at:

privacy@secuspark.com