← Back to Spark Read

Privacy Policy

Last Updated: February 26, 2026

Overview

Spark Read is a speed reading app. Your privacy matters. This policy explains what data we collect and how we use it.

Data We Collect

• Email address (only if you create an account)
• Documents you import (stored locally on your device in IndexedDB)
• Reading progress and settings (stored locally)
• If signed in: documents optionally synced to cloud storage

How Your Documents Are Processed

• All document parsing (PDF, EPUB, DOCX, TXT, Markdown, URLs) happens entirely on your device
• Document content is never sent to our servers unless you explicitly enable cloud sync
• URL content is fetched client-side and sanitized using Mozilla's Readability library to strip scripts and unsafe HTML
• Pasted and uploaded content is processed as plain text — no raw HTML is rendered
• Documents are displayed word-by-word as text in the RSVP reader, never as HTML

Authentication

• Authentication is handled by Supabase Auth
• Magic link emails are sent via Supabase's email infrastructure
• Passwords are hashed by Supabase — we never store or have access to plain-text passwords
• Rate limiting on authentication attempts is enforced by Supabase

Cloud Storage

• Cloud sync is optional and only available to signed-in users
• Documents are transferred over HTTPS
• Each user's documents are isolated via Row Level Security (RLS) policies — you can only access your own data
• Cloud documents are stored as JSON in Supabase Storage

Analytics

• We use Vercel Web Analytics to collect anonymous, aggregated usage data such as page views and custom events (e.g. reading started, document imported)
• Vercel Analytics does not use cookies and does not collect personal information or IP addresses
• Analytics data cannot be linked back to individual users

What We Don't Do

• We do not serve ads
• We do not sell or share your data with third parties
• We do not use cookies for tracking (only essential auth session cookies)

Data Deletion

• You can delete individual documents at any time
• You can delete your account and all associated cloud data
• Local data can be cleared by clearing your browser/app data

Security

• All data in transit is encrypted via HTTPS
• Cloud storage uses Supabase's enterprise-grade infrastructure
• Row Level Security ensures data isolation between users
• Input content is sanitized to prevent cross-site scripting (XSS)
• React's built-in JSX escaping provides an additional layer of protection

Contact

For privacy questions, contact us at privacy@spark-read.app

Changes

We may update this policy. Changes will be posted here with an updated date.