Spark Legal

Spark Privacy Policy

SPARK PRIVACY POLICY

Last Updated: February 3rd, 2026

TL;DR: We collect what is needed to run Spark. We extract technical patterns (not your code) to help all users. We do not sell your personal data. You can access, correct, or delete your data. EU/UK users have full GDPR rights.

1. Who We Are

This Privacy Policy describes how The Memory Company Limited ("Memco," "we," "us," or "our") collects, uses, and protects your personal information when you use Spark, our shared memory layer for AI coding agents, at spark.memco.ai (the "Services").

Data Controller: For GDPR purposes, Memco is the data controller for personal data collected through the Services.

Contact: privacy@memco.ai

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address & company name when you create an account
  • Payment Information: Billing details processed by our payment provider (we do not store full card numbers)
  • Communications: Messages you send us for support or feedback

2.2 Information from Your Use of Spark

  • Shared Memory Data: Generalized technical patterns extracted from AI agent interactions (not your actual source code)
  • Usage Data: How you interact with Spark, features used, session duration

2.3 Cookies and Similar Technologies

We use essential cookies to operate the Services and analytics cookies (with your consent) to understand usage. You can manage cookie preferences in your browser settings.

3. How We Use Your Information

3.1 To Provide the Services (Legal Basis: Contract)

  • Operate and maintain your Spark account
  • Process Shared Memory Data to enable collective learning
  • Provide customer support

3.2 To Improve Our Services (Legal Basis: Legitimate Interest)

  • Analyze usage patterns to improve features
  • Conduct research on AI-assisted development
  • Develop new products and features

3.3 To Communicate With You (Legal Basis: Legitimate Interest/Consent)

  • Send service-related notifications
  • Marketing communications (with your consent, which you can withdraw)

3.4 For Security and Legal Compliance (Legal Basis: Legal Obligation/Legitimate Interest)

  • Protect against fraud and abuse
  • Comply with legal requirements

4. How We Share Your Information

We do not sell your personal data. We may share information with:

  • Service Providers: Cloud hosting, payment processing, analytics (under strict data processing agreements)
  • Other Spark Users: Anonymized Shared Memory Data (technical patterns, not personal information)
  • Legal Requirements: When required by law, court order, or to protect rights and safety
  • Business Transfers: In connection with a merger, acquisition, or sale (you will be notified)

5. Data Retention

We retain your data for as long as needed to provide the Services and fulfil the purposes described in this Policy:

  • Account Data: Until you delete your account, plus a reasonable period for backups
  • Usage Data: while your account remains active, plus 24 months thereafter
  • Shared Memory Data: Retained indefinitely as anonymized, aggregated patterns (not linked to you)
  • Legal/Tax Records: As required by law (typically 7 years)

6. Your Rights (Including GDPR Rights)

Depending on where you live, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate personal data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Portability: Receive your data in a structured, commonly used format
  • Restriction: Request we limit processing of your data in certain circumstances
  • Objection: Object to processing based on legitimate interests or for direct marketing
  • Withdraw Consent: Withdraw consent at any time where we rely on consent for processing

To exercise these rights: Email privacy@memco.ai or use the controls in your account settings. We will respond within 30 days (or sooner as required by law).

Right to Complain: If you are in the EEA or UK, you have the right to lodge a complaint with your local data protection authority.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit and at rest, access controls, and regular security assessments.

In the event of a data breach that poses a risk to your rights, we will notify you and relevant authorities within 72 hours as required by GDPR.

8. Children's Privacy

Spark is not intended for children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Services before they take effect. Your continued use after changes constitutes acceptance.

10. Contact Us

For privacy-related questions or to exercise your rights:

Email: privacy@memco.ai

General Contact: legal@memco.ai

Website: spark.memco.ai