HyperSpark AI Memory Privacy Policy
Effective Date: February 15, 2026
HyperSpark AI LLC (the "Company," "we," "us")
Headquarters: Florida, USA
1. Data We Collect
- Account Info: name, email, Google/GitHub OAuth credentials (we use OAuth sign-in; we do not store passwords), billing info
- Usage & Device Data: feature use, IP address, browser/user-agent, support tickets
- User Content: memories you store, chat messages, context data, embeddings
- Analytics & Cookies: for performance, tracking, and debugging
2. Google OAuth Scopes
When you sign in with Google, we request only the necessary OAuth scopes:
email- Your email address for account identificationprofile- Your name and profile picture for personalization
Compliance with Google's Limited-Use Requirements
- We handle Google data strictly for authentication purposes.
- We do not use Google data for advertising, profiling, or unrelated analytics.
- No sharing with third parties, except as required to provide services or comply with legal requests.
- Users can revoke access anytime via Google Account settings: https://myaccount.google.com/permissions
3. How We Use Your Data
- Process and store your memories for retrieval via our API and MCP server
- Generate embeddings for semantic search functionality
- Authenticate your identity and maintain your session
- Analyze usage patterns to improve features and fix bugs
- Process payments through Stripe
4. Cookies & Tracking
We use session cookies, analytics, and error-logging to improve service reliability. You may disable cookies in your browser, recognizing this could impact functionality.
Cookie Retention Periods
- Session Cookies: Remain active until you sign out or close your browser
- Analytics Cookies: Retained for up to 90 days for usage pattern analysis
- Authentication Cookies: Expire after 7 days or when you sign out, whichever comes first
Do Not Track (DNT)
Your browser may send a "Do Not Track" (DNT) signal. Currently, there is no industry standard for responding to DNT signals, and we do not alter our data collection practices in response to DNT signals. However, you can control cookies through your browser settings and opt out of analytics tracking by contacting us at support@hypersparkai.com.
5. Data Retention & Deletion
Retention Criteria
We retain personal data only as long as reasonably necessary to:
- Provide and improve our memory infrastructure service
- Comply with legal obligations (tax records, fraud prevention, regulatory requirements)
- Resolve disputes and enforce our agreements
- Maintain security and prevent abuse
How Long We Keep Different Data Types
| Data Type | Typical Retention Period | Reason |
|---|---|---|
| Account Information | While your account is active | Required to provide service |
| Memory Data | Until you delete it or close your account | Core service functionality |
| Session Tokens | Up to 7 days or until sign-out | Authentication session |
| Usage Analytics | Typically 60-90 days, then deleted or anonymized | Service improvement |
| Error Logs | Typically 30 days or less | Bug fixing and debugging |
| Billing/Payment Records | 7 years after last transaction (required by law) | Legal/tax compliance |
| Backup Data | 7-30 days (automatic purge by provider) | Disaster recovery |
How to Delete Your Data
You can request complete deletion at any time:
- Self-Service: You can delete memories and data from your account dashboard
- Account Deletion: Email support@hypersparkai.com with "Delete My Account" in subject line
- Verification: We'll verify your identity and delete your data within 45 days
- Backups: Deleted data will not be restored from disaster recovery backups. Our database provider automatically purges backups within 7-30 days based on our service plan.
6. Security & International Transfers
Security Measures
We implement industry-standard security measures to protect your personal data:
- Encryption: All data in transit is encrypted using TLS/SSL (HTTPS). Data at rest is encrypted by our infrastructure providers.
- Access Controls: Employee access to personal data is limited to those who need it to perform their job functions, with role-based permissions.
- Authentication Security: We use Supabase Auth for authentication, which provides secure session management and protection against brute force attacks.
- Infrastructure Security: Our infrastructure is hosted on Supabase (built on AWS), which provides enterprise-grade security including encryption, access controls, and monitoring.
International Data Transfers
Our services are provided from the United States, and your data may be transferred to, stored, and processed in the United States and other countries where our service providers operate.
For users in the European Economic Area (EEA), United Kingdom, and Switzerland:
- Legal Safeguards: Our third-party processors (Supabase, OpenAI, Anthropic) maintain GDPR-compliant data transfer mechanisms, including Standard Contractual Clauses where applicable.
- Data Processing: All third-party processors are contractually required to provide adequate data protection consistent with applicable privacy laws.
- Your Rights: You can request information about the safeguards used for international transfers by contacting support@hypersparkai.com.
Data Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify You: We will notify affected users via email within 72 hours of discovering the breach, as required by GDPR.
- Notify Authorities: We will notify relevant data protection authorities (such as the EU supervisory authority) within 72 hours when required by law.
- Disclosure: Our notification will include the nature of the breach, categories of data affected, likely consequences, and measures we're taking to address it.
- Remediation: We will take immediate steps to contain the breach, mitigate harm, and prevent future incidents.
7. Children's Privacy
Our service is intended for users aged 16 and over (13 and over in the United States). We do not knowingly collect data from minors under these age limits. If you believe a child has provided us with personal data, please contact us at support@hypersparkai.com and we will delete it immediately, complying with COPPA (US) and GDPR (EU) requirements.
8. Do We Use Your Data for AI Training?
Short Answer: No, your memories are NOT used to train AI models.
Detailed Explanation:
- YesHyperSpark AI does NOT use your stored memories to train our own AI models or improve our proprietary algorithms. Your data is used solely to provide the memory service to you.
- YesOpenAI and Anthropic process your data for embedding generation but do NOT use your data for model training. Under our API agreements with these providers, your data has zero retention for training purposes.
- YesYour memories are stored securely in our database (via Supabase) and are never shared with other users or used for marketing purposes.
- NoteWe may use anonymized, aggregated usage analytics (e.g., "50% of users use the MCP integration") to understand feature usage, but this data cannot identify you and does not include your actual memory content.
9. Third-Party Services
HyperSpark AI Memory shares data with these third-party services to provide functionality:
| Service Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database, Auth & Backend | Account info, memories, usage analytics | United States (AWS) |
| OpenAI | Embedding Generation | Memory content for embedding | United States |
| Anthropic | Memory Processing | Memory content for processing | United States |
| Stripe | Payment Processing | Payment information | United States |
| OpenClaw | AI Gateway | Configuration, plugin data | Local (user's device) |
| User's AI Providers | AI Processing | Conversations, prompts | Varies (per provider) |
We do NOT share your data with: Advertisers, marketing companies, data brokers, or social media platforms.
10. Desktop Application & Local Data
The HyperSpark AI Desktop Application ("Desktop App") stores data locally on the user's device, including: AI provider API keys, OpenClaw configuration, gateway logs, and cached data. We do NOT have access to data stored locally on the user's device.
Data Flow with AI Providers
When the Desktop App connects to third-party AI providers using the user's API keys, data flows directly between the user's device and the AI provider. We do not intercept, log, or store this data. The Desktop App connects to HyperSpark Memory servers only for memory storage and retrieval functionality, which is governed by the existing privacy policy sections above.
Connected Channels
Messages sent through connected channels (WhatsApp, Discord, Signal, etc.) are processed by the OpenClaw gateway locally and transmitted via the respective platform APIs. We do not store or have access to these messages.
Device Security & Data Removal
The user is responsible for securing their local device and the API keys stored on it. Uninstalling the Desktop App removes the application, but local configuration and data may remain in the user's home directory. Instructions for complete removal are available in our documentation.
11. Your Rights
Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data based on the following legal grounds under GDPR:
- Consent: When you sign in via OAuth, you consent to us collecting your email, name, and profile picture for account creation and authentication.
- Contractual Necessity: Processing your memory data is necessary to provide the memory infrastructure service you've requested.
- Legitimate Interests: We process usage analytics and error logs based on our legitimate interest in improving service quality, security, and fixing bugs.
- Legal Obligation: We may process data to comply with legal obligations such as responding to law enforcement requests or tax requirements.
California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: You can request disclosure of the categories and specific pieces of personal information we've collected about you.
- Right to Delete: You can request deletion of your personal information (subject to certain exceptions).
- Right to Opt-Out of Sale: We do NOT sell your personal information to third parties.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
- Right to Correct: You can request correction of inaccurate personal information we maintain about you.
How to Exercise Your Rights: Email us at support@hypersparkai.com with "California Privacy Rights Request" in the subject line. We will respond within 45 days as required by law.
12. Changes to This Privacy Policy
We may update this Privacy Policy at any time to reflect changes in our practices, services, or legal requirements. When we make changes, we will update the "Last Updated" date at the bottom of this policy.
For significant changes, we may also notify you by email or by posting a prominent notice on our website. Your continued use of our services after any changes indicates your acceptance of the updated policy.
13. Contact Us
For privacy questions, concerns, or data requests:
- Email: support@hypersparkai.com
- Support: support@hypersparkai.com
- Company Address: 13494 SW 32ND ST, Miramar, FL 33027
Response Time: We aim to respond to privacy inquiries within 30 days, as required by applicable law.
Last Updated: February 15, 2026