IceSpark

Privacy Policy

Last updated: January 2025

1. Introduction and Data Controller

At IceSpark, operated by Closepixels ("we," "us," or "our"), we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your information when you use our AI-powered conversation starter service.

Data Controller: Closepixels is the data controller responsible for your personal data.

Legal Basis: We process your personal data based on your consent, contractual necessity, legitimate interests, and legal obligations, in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

2. Information We Collect

2.1 Personal Information

  • Account Information: Email address, encrypted password, account creation date
  • Profile Data: User preferences, settings, and service usage history
  • Authentication Data: Login sessions, security tokens, and authentication logs

2.2 Usage Data

  • Generated Content: Text inputs, selected tones, generated icebreakers, and favorites
  • Service Interactions: Features used, generation frequency, and user preferences
  • Performance Data: Response times, error logs, and service quality metrics

2.3 Technical Data

  • Device Information: Browser type, operating system, device identifiers
  • Network Data: IP address (for rate limiting and security), connection information
  • Cookies: Essential session cookies and preference cookies

2.4 Image Data (Special Category)

Critical Privacy Notice

  • Temporary Processing Only: Images are processed immediately and permanently deleted within seconds
  • No Storage: We do not store, cache, backup, or retain images in any form
  • AI Analysis: Images are analyzed by Google's Gemini AI for content generation purposes only
  • Explicit Consent Required: Image processing requires your explicit, informed consent
  • Consent Logging: We record that you provided consent, but not the image itself

3. How We Use Your Information

3.1 Service Provision (Contractual Basis)

  • Generate personalized conversation starters using AI
  • Maintain your account and save your preferences
  • Provide access to your generation history and favorites
  • Process images for AI analysis (with explicit consent)

3.2 Service Improvement (Legitimate Interest)

  • Analyze anonymized usage patterns to improve our AI models
  • Monitor service performance and reliability
  • Develop new features and enhance user experience
  • Conduct research and analytics on service effectiveness

3.3 Security and Compliance (Legal Obligation)

  • Prevent fraud, abuse, and unauthorized access
  • Implement rate limiting and usage controls
  • Maintain security logs and audit trails
  • Comply with legal requirements and law enforcement requests

3.4 Communication (Consent/Legitimate Interest)

  • Send important service updates and security notifications
  • Respond to your inquiries and support requests
  • Provide information about new features (with opt-out option)

4. Information Sharing and Third Parties

No Sale of Data: We do not sell, trade, or rent your personal information to third parties.

4.1 Service Providers

  • Google (Gemini AI): For AI text and image processing (data processing agreement in place)
  • Supabase: For database services and authentication (GDPR compliant)
  • Vercel: For hosting and content delivery (GDPR compliant)

4.2 Legal Requirements

We may disclose information when required by law, including:

  • Compliance with legal processes, court orders, or government requests
  • Protection of our rights, property, or safety
  • Prevention of fraud or illegal activities
  • Enforcement of our Terms of Service

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

5. International Data Transfers

Your data may be processed in countries outside your residence, including the United States. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for countries with equivalent protection
  • Certification schemes and codes of conduct
  • Binding corporate rules where applicable

6. Data Retention

6.1 Account Data

  • Active Accounts: Retained while your account is active
  • Inactive Accounts: Deleted after 2 years of inactivity
  • Deleted Accounts: Permanently deleted within 30 days of deletion request

6.2 Usage Data

  • Generation History: Retained for the lifetime of your account
  • Analytics Data: Anonymized data retained for up to 2 years
  • Security Logs: Retained for 1 year for security purposes

6.3 Image Data

Zero Retention: Images are processed and permanently deleted immediately after AI analysis (typically within seconds). No images are stored, cached, or retained in any form.

7. Your Rights Under GDPR

As a data subject, you have the following rights:

7.1 Access and Portability

  • Right of Access: Request a copy of your personal data
  • Data Portability: Receive your data in a machine-readable format

7.2 Correction and Deletion

  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data

7.3 Processing Control

  • Right to Restrict Processing: Limit how we process your data
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for image processing at any time

Exercising Your Rights

To exercise any of these rights, contact us at closepixels@gmail.com with:

  • Subject line indicating your request type (e.g., "Data Access Request")
  • Your registered email address
  • Specific details about your request
  • Proof of identity (if required)

Response Time: We will respond within 30 days (may be extended to 60 days for complex requests).

8. Data Security

We implement comprehensive security measures to protect your data:

8.1 Technical Safeguards

  • End-to-end encryption for data transmission (TLS/SSL)
  • Encryption at rest for stored data
  • Secure authentication and session management
  • Regular security audits and vulnerability assessments

8.2 Organizational Measures

  • Access controls and principle of least privilege
  • Employee training on data protection
  • Incident response and breach notification procedures
  • Regular backup and disaster recovery testing

8.3 Image Processing Security

  • Secure transmission to AI processing services
  • Immediate deletion after processing
  • No intermediate storage or caching
  • Audit logs for all image processing activities

9. Cookies and Tracking

9.1 Essential Cookies

  • Session management and authentication
  • Security and fraud prevention
  • User preferences and settings

9.2 Analytics

We use minimal, privacy-focused analytics to understand service usage. We do not use third-party tracking cookies for advertising purposes.

9.3 Cookie Control

You can control cookies through your browser settings. Note that disabling essential cookies may affect service functionality.

10. Children's Privacy

IceSpark is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such information promptly.

11. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify relevant supervisory authorities within 72 hours
  • Inform affected users without undue delay
  • Provide clear information about the breach and our response
  • Take immediate steps to contain and remedy the breach

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated through:

  • Email notification to registered users
  • Prominent notice on our service
  • Updated "Last modified" date

13. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with data protection laws. You can contact your local data protection authority or:

For EU residents: Your local Data Protection Authority

For UK residents: Information Commissioner's Office (ICO)

For other jurisdictions: Your local privacy regulator

14. Contact Information

For privacy-related questions, concerns, or requests, please contact us:

Email: closepixels@gmail.com

Subject Line: Privacy Policy Inquiry

Company: Closepixels

Service: IceSpark

Response Time: Within 30 days (48 hours for urgent matters)