SparkPage Privacy Policy

Last updated: February 1, 2026

This Privacy Policy explains how SparkPage (“SparkPage,” “we,” “us”) collects, uses, stores, and protects information in connection with the SparkPage platform.

1. Overview

SparkPage provides a platform that allows patients, parents, and caregivers to create simple, shareable microsites to tell personal stories and explain rare or complex medical conditions.

SparkPage is operated as a mission-driven project. We do not sell data, run advertisements, or monetize user stories.

This Privacy Policy explains:

  • what information we collect,
  • how that information is used,
  • how it is protected, and
  • the choices and rights available to users.

2. Information We Collect

A. Account Information

When you create an account, we collect limited information necessary to operate the platform, including:

  • email address
  • authentication credentials (managed via Neon Auth or a similar authentication provider)
  • basic account metadata (such as account creation date and last login)

B. Microsite Content (User-Provided)

Users may voluntarily provide content when creating a microsite, including:

  • names, nicknames, or initials
  • written stories, descriptions, and educational content
  • photographs or images
  • links to external resources

This content may include information about children, including images and health-related details, only if the user chooses to include it.

SparkPage does not require users to disclose medical or health information.

C. Automatically Collected Information

We collect limited technical information necessary to operate and secure the platform, such as:

  • IP address (processed transiently for security, abuse prevention, and rate limiting)
  • basic server and request logs

We do not use:

  • advertising trackers
  • behavioral tracking or profiling
  • third-party analytics that identify individual users

D. Health Information & HIPAA

By using SparkPage, you acknowledge that:

  • You are voluntarily sharing health information, medical conditions, and personal health details.
  • SparkPage is not a covered entity under the Health Insurance Portability and Accountability Act (HIPAA).
  • SparkPage does not provide healthcare services, process medical claims, or maintain protected health information (PHI) in a HIPAA-regulated manner.
  • Content you publish on SparkPage is not subject to HIPAA protections.
  • You are responsible for understanding the privacy implications of sharing health information when you publish your microsite.

If you have concerns about sharing health information, consult with your healthcare provider or legal advisor before publishing content on SparkPage.

3. Children's Privacy

SparkPage is intended for use by adults, including parents, legal guardians, and authorized caregivers.

SparkPage complies with the Children's Online Privacy Protection Act (COPPA). Important safeguards:

  • Children are not permitted to create accounts.
  • SparkPage does not knowingly collect personal information directly from children under 13.
  • Content about children may only be posted by parents, legal guardians, or individuals with lawful authorization.
  • Parents or legal guardians who create content about children are responsible for ensuring they have the legal authority to share such information.

If you believe that content involving a child has been posted without appropriate authorization, please contact us immediately at privacy@sparkpage.org, and we will promptly review and remove the content if appropriate.

4. How Information Is Used

We use collected information only to:

  • operate, maintain, and improve SparkPage
  • display user-created microsites according to user-selected visibility settings
  • allow users to create, edit, publish, unpublish, or delete content
  • communicate with users about account-related matters
  • prevent abuse, fraud, or misuse of the platform
  • comply with legal obligations

We do not:

  • sell or rent personal data
  • use personal data for advertising or marketing
  • share data with advertisers or data brokers
  • use user content to train artificial intelligence or machine learning models

5. Sharing of Information

We share information only in limited circumstances:

A. Public Display

When a microsite is published, it is accessible by anyone with the link. When a microsite is unpublished, it is not accessible on the internet (like 'draft' mode).

B. Service Providers

We use trusted service providers (such as hosting, database, image storage, and email providers) to operate SparkPage. These providers process information only on our behalf and only as necessary to provide the service.

C. Legal Requirements

We may disclose information if required to do so by law, court order, or valid legal process.

We never share user content or personal data with advertisers or marketing partners.

6. Visibility & User Control

Users control:

  • whether a microsite is published or unpublished
  • what content is included or removed
  • when a microsite is deleted

Users may permanently delete their microsite and associated content at any time through account settings or by contacting support.

Search Engine Indexing: SparkPage microsites are set to "noindex" by default, meaning search engines are instructed not to index or display microsites in search results. This applies to both published and unpublished microsites.

Account Deletion: When you delete your account:

  • Your access to the Service will end immediately.
  • Your content will be removed from public access within 30 days of account deletion.
  • Content may remain in system backups for up to 90 days for operational and legal purposes, after which it will be permanently deleted.
  • You may request expedited deletion of specific content by contacting support, subject to legal and operational requirements.

SparkPage is not responsible for retrieving or exporting your content after account termination. We recommend exporting or saving any content you wish to retain before deleting your account.

7. Data Retention

  • Account information is retained while an account remains active.
  • Microsite content remains available until deleted by the user or removed for policy or legal reasons.
  • When a microsite is deleted:
    • Content is removed from public access within 30 days of deletion.
    • Associated images and cached content are removed from active systems.
    • Content may remain in system backups for up to 90 days for operational and legal purposes, after which it will be permanently deleted.

We do not retain deleted content longer than necessary for operational, security, or legal purposes (as specified above).

8. Security

We take reasonable administrative, technical, and organizational measures to protect information, including:

  • encrypted connections (HTTPS)
  • secure authentication and access controls
  • restricted access to administrative tools
  • limited internal access to user data

No system is completely secure, but we work to minimize risk and protect user information.

9. International Users

SparkPage is operated from the United States.

If you access SparkPage from outside the U.S., you understand that your information may be transferred to and processed in the United States, which may have different data protection laws than your jurisdiction.

10. Your Rights

Depending on your location, you may have rights under applicable data protection laws, including:

  • Access: Request access to personal information we hold about you
  • Correction: Correct inaccurate or incomplete information
  • Deletion: Request deletion of your data (subject to legal and operational requirements)
  • Objection: Object to or restrict certain processing activities
  • Portability: Request a copy of your data in a portable format (where applicable)

European Union (GDPR)

If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR), including:

  • The right to be informed about data collection and processing
  • The right to access your personal data
  • The right to rectification of inaccurate data
  • The right to erasure ("right to be forgotten")
  • The right to restrict processing
  • The right to data portability
  • The right to object to processing
  • Rights related to automated decision-making and profiling

California (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

  • The right to know what personal information is collected
  • The right to delete personal information
  • The right to opt-out of the sale of personal information (note: SparkPage does not sell personal information)
  • The right to non-discrimination for exercising your privacy rights

How to Exercise Your Rights: Requests may be submitted by emailing privacy@sparkpage.org. We will respond within a reasonable timeframe, typically within 30 days. We may need to verify your identity before processing certain requests.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Changes will be reflected by an updated “Last updated” date. Continued use of SparkPage after changes indicates acceptance of the updated policy.

12. Contact Information

For privacy-related questions or requests, contact:

Privacy Email: privacy@sparkpage.org
General Support: support@sparkpage.org
Operator: Asbury Bench Solutions LLC