Privacy Policy

Last updated: May 1, 2026

1. Introduction

SparkReach provides software that helps political campaigns, committees, candidates, party organizations, and other permitted organizations manage their donor and supporter relationships, communicate with supporters, process contributions, and run events. We take privacy seriously and have written this Privacy Policy to explain — as clearly as we can — what information we collect, how we use it, when we share it, and the choices you have.

This Privacy Policy applies to information processed by SparkReach Company ("SparkReach," "we," "us," or "our") when you:

  • visit our website or application at sparkreach.app;
  • create or use a SparkReach account as a campaign, committee, organization, employee, contractor, or volunteer (a "Customer" or "Authorized User");
  • make a contribution, buy an event ticket, or fill out a form hosted on the SparkReach platform on behalf of a Customer (a "Donor" or "Supporter"); or
  • otherwise interact with us, for example by contacting support or applying for a job.

Our Terms of Service govern your use of the Services and are incorporated by reference.

2. About Our Two Roles

It's important to understand the different roles SparkReach plays:

  • When you are a Customer or Authorized User (a campaign or organization, or someone working for one), SparkReach is the controller of your account, billing, and account-related information.
  • When you are a Donor or Supporter interacting with a fundraising page, event, email, or text powered by SparkReach, SparkReach generally acts as a service provider, processor, or contractor to the Customer that operates the page or campaign. The Customer determines what information is collected, why, and how it is used. We process your information on their behalf and as described in this Privacy Policy.

If you have questions about how a specific Customer uses your information, please contact that Customer directly.

3. Information We Collect

The information we collect depends on how you use the Services.

3.1 Information You Provide Directly

Account information. When a Customer creates an account or invites Authorized Users, we collect names, business email addresses, phone numbers, job titles, organization names, and account credentials.

Billing information. For paid Subscriptions and Add-Ons, we collect billing contact details and payment information. Payment-card numbers are tokenized by our payment processor; SparkReach does not store full card numbers.

Customer-uploaded data. Customers and Authorized Users upload data into SparkReach about their contacts, supporters, donors, volunteers, and others, which may include names, postal addresses, email addresses, phone numbers, contribution history, pledge information, employer and occupation, notes, tags, custom fields, communication history, and other data the Customer chooses to record, which may include political affiliation, party or candidate preference, donor history, voter-file information, and other politically sensitive personal information that we handle in accordance with applicable law and this Privacy Policy.

Donor / Supporter information. When you contribute, buy a ticket, sign up for an event, RSVP, or fill out a form powered by SparkReach, we collect information you provide, which may include:

  • name, postal address, email address, phone number;
  • payment-card or other payment information (tokenized through our payment processor);
  • amount and frequency of contribution;
  • occupation and employer (collected to satisfy campaign-finance reporting where applicable);
  • citizenship or residency attestations and source-of-funds representations;
  • event preferences (such as dietary restrictions or accessibility needs) provided by you;
  • comments, messages, or other content you choose to provide.

Communications. When you communicate with us — by email, by chat, by phone, or through a form — we collect the contents of the communication and your contact details.

Job applications. If you apply for a job at SparkReach, we collect the information you submit (resume, cover letter, work history, references, etc.).

3.2 Information Collected Automatically

Usage data. We collect information about how you interact with the Services, such as pages and features used, actions taken, timestamps, referring URLs, and session details.

Device and connection data. We collect information about the device and connection used to access the Services, such as IP address, browser type and version, operating system, device identifiers, and language preferences.

Approximate location. We may infer approximate location (such as city or region) from your IP address. We do not collect precise GPS location through the Services.

Cookies and similar technologies. We use cookies, pixels, local storage, and similar technologies to operate the Services, remember preferences, secure sessions, measure performance, and (on our marketing site) understand how visitors find us. See Section 8 for details and your choices.

3.3 Information From Other Sources

Customers. If you are a Donor or Supporter, the Customer running the campaign may upload information about you into the Services (for example, prior contribution history, voter file data, or notes from past interactions).

Integrations and Third-Party Services. When you or your Customer connects a third-party service (such as another donation platform, a payment processor, a CRM, a voter file vendor, or an email or SMS provider), data may flow into SparkReach from that service. The categories of data depend on the integration.

Service providers. Vendors that help us run the Services (such as payment processors, fraud-prevention vendors, analytics providers, and identity-verification providers) may share information with us, such as fraud signals or verification results.

Publicly available sources. We may use information from public sources, such as government campaign-finance filings and business directories, for fraud prevention, identity verification, sales, marketing, and product improvement.

4. How We Use Information

We use information for the following purposes:

  • Providing the Services. Operating, maintaining, and securing the platform; processing transactions and Contributions; sending messages you direct us to send; running events and check-in; producing reports; and delivering features you request.
  • Account management. Creating and managing accounts, authenticating users, handling billing and renewals, and providing support.
  • Communications. Sending transactional messages (receipts, account notices, security alerts, service updates), responding to inquiries, and — with your consent or as otherwise permitted by law — sending product, marketing, or educational messages, which you can opt out of at any time.
  • Personalization. Customizing the in-product experience based on your role, preferences, and usage.
  • Analytics and product improvement. Understanding how the Services are used, diagnosing issues, conducting research, and improving features. Where feasible, we use aggregated or de-identified data for these purposes.
  • Security and fraud prevention. Detecting, investigating, and responding to security threats, fraud, abuse, suspicious activity, and violations of our Terms or policies.
  • Compliance. Meeting legal obligations and assisting Customers with theirs (for example, generating reports they need for campaign-finance filings), responding to lawful requests, and enforcing our Terms.
  • Business operations. Audits, financial reporting, due diligence, mergers, acquisitions, and other ordinary-course business activities.

Legal Bases (for EEA/UK users)

If you are in the European Economic Area, United Kingdom, or another jurisdiction that requires us to identify a legal basis, we process personal data based on (a) performance of a contract with you or with the Customer; (b) compliance with our legal obligations; (c) our legitimate interests in operating, securing, and improving the Services and our business; or (d) your consent, where required.

5. How We Share Information

We share information only as described in this Privacy Policy. We do not sell Donor contact information to third parties, and we do not send marketing or fundraising solicitations to Donors on behalf of unrelated campaigns or organizations.

5.1 With the Customer (for Donor data)

If you are a Donor or Supporter, the Customer whose campaign or organization you interacted with receives your information. The Customer is responsible for how it uses your information once it is in its possession, subject to applicable law and the Customer's own privacy practices. To exercise your rights or to ask how your information is being used, contact the Customer directly.

5.2 Service Providers and Vendors

We share information with vendors that help us operate the Services, including:

  • payment processors and card networks;
  • cloud hosting and infrastructure providers;
  • email and SMS delivery providers;
  • analytics, monitoring, and product-experience tools;
  • customer support and ticketing tools;
  • identity-verification, anti-fraud, and security vendors;
  • billing, accounting, tax, and audit providers;
  • legal and compliance advisors.

These vendors may access information only to perform services for us and are contractually required to protect the information and use it only for the purposes we authorize.

5.3 Other Donation Platforms and Other Integrations

When you (or a Customer) connect another donation platform or any other Third-Party Service, data is exchanged between SparkReach and that Third-Party Service as needed for the integration. The Third-Party Service's own privacy policy governs how it handles the data once received. We are not responsible for the data practices of Third-Party Services.

5.4 Payment Processing

Contribution and Subscription payments are handled by Stripe, our payment processor. Stripe receives the information needed to process the payment (name, payment-card details, billing address, and transaction amount). We share with Stripe only what is needed and rely on Stripe's PCI-DSS-compliant systems to handle card data.

5.5 Affiliates

We may share information with our corporate affiliates for the purposes described in this Privacy Policy. If we transfer information to an affiliate, the affiliate will handle it consistently with this Privacy Policy.

5.6 Legal Process and Safety

We may disclose information when we believe in good faith that disclosure is necessary to (a) comply with applicable law, regulation, legal process, or governmental request; (b) enforce our Terms or other agreements; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of SparkReach, our Customers, Donors, or others.

In particular, if you are a Donor whose Contribution is required to be reported to the Federal Election Commission, a state ethics commission, or another regulator (for example, because the Contribution exceeds applicable disclosure thresholds), the Customer is responsible for that reporting, and your name, address, occupation, employer, contribution amount, and similar information may become part of a public filing.

5.7 Business Transactions

If SparkReach is involved in a merger, acquisition, investment, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to confidentiality protections.

5.8 With Your Direction or Consent

We may share information at your direction or with your consent, including when you choose to share content publicly through a Service feature.

5.9 Aggregated or De-Identified Data

We may create and share aggregated or de-identified information that cannot reasonably identify any individual.

5.10 Mobile Information

We do not share mobile telephone numbers, opt-in information, or SMS consent data with third parties or affiliates for their marketing or promotional purposes. This restriction does not limit transfers to vendors that help us deliver messages you have requested.

6. Your Choices

  • Opt out of marketing email. Click the unsubscribe link in any marketing email or change your preferences in your account.
  • Opt out of SMS from SparkReach. Reply STOP to any SparkReach text message, or reply HELP for assistance.
  • Donor messages from a Customer. To opt out of messages from a particular Customer (a specific campaign or organization), use the unsubscribe or STOP mechanism in their message, or contact the Customer directly. SparkReach can help honor unsubscribe and STOP requests technically, but the Customer controls its sending lists.
  • Cookies. See Section 8.
  • Account information. Customers and Authorized Users can update most account and profile information in account settings.

7. Your Privacy Rights

Depending on where you live, you may have rights regarding your personal information, including the right to:

  • access or receive a copy of personal information we hold about you;
  • correct inaccurate personal information;
  • request deletion of personal information we have collected from you;
  • opt out of certain processing, such as targeted advertising, "sales" or "sharing" of personal information (we do not sell or share personal information for cross-context behavioral advertising as those terms are defined under U.S. state privacy laws), or profiling that produces legal or similarly significant effects;
  • restrict or object to certain processing (EEA/UK);
  • portability of personal information;
  • withdraw consent, where processing is based on consent;
  • appeal a denial of a privacy request, where state law provides an appeal process;
  • lodge a complaint with a supervisory authority (EEA/UK) or your state attorney general.

To exercise these rights as a Customer or as a Donor for the limited information SparkReach itself controls about you, please contact us at help+privacy@sparkreach.app. We will verify your identity before responding and will reply within the timeframes required by applicable law.

If you are a Donor and your request concerns information held by a Customer in their SparkReach account (for example, your contribution history with a specific campaign), please contact that Customer directly. We will assist Customers in responding where required.

We will not discriminate against you for exercising privacy rights. Some requests may be limited where we have a legal obligation to retain information, where information is necessary to defend legal claims, or where verification fails.

Authorized Agents

In some jurisdictions, you may use an authorized agent to submit a request on your behalf. We may require proof of the agent's authority and verification of your identity before responding.

Notice of Financial Incentives

We do not currently offer financial incentives in exchange for personal information.

8. Cookies and Similar Technologies

We use cookies and similar technologies in two main contexts:

On the website (sparkreach.app). Cookies and similar technologies help us understand how visitors find and use the site, measure marketing performance, and provide a consistent experience. We may use third-party analytics and advertising cookies.

Inside the application. We use strictly necessary cookies and similar tools to authenticate users, secure sessions, remember preferences, and operate features. Many in-app technologies are essential to the Services and disabling them will impair functionality.

Your choices. Most browsers let you block or delete cookies. You may also be able to manage analytics or advertising cookies through tools such as the Google Analytics opt-out, the Digital Advertising Alliance, and the Network Advertising Initiative. Your choices apply per browser and per device. We also honor Global Privacy Control ("GPC") signals where required by law.

Do Not Track. Some browsers send "Do Not Track" signals. Because there is no industry consensus on how to interpret them, we do not currently respond to DNT signals, but we honor GPC where required.

9. Retention

We keep information only for as long as needed for the purposes described in this Privacy Policy, including the period the Customer's account is active and a reasonable period thereafter for backups, dispute resolution, fraud prevention, audit, and legal compliance. When information is no longer needed, we will delete, anonymize, or de-identify it, or, where deletion is not feasible (for example, in backups), isolate and secure it until deletion is possible.

Customers may export Customer Data in account settings or by contacting support. Specific retention periods depend on the type of information and applicable legal obligations; for example, certain transaction records must be retained for tax or campaign-finance purposes.

10. Security

SparkReach uses administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit and at rest, role-based access controls, network monitoring, vulnerability management, employee training, and incident-response procedures. We also offer security features such as multi-factor authentication for Authorized Users.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at help+security@sparkreach.app.

11. International Data Transfers

SparkReach is based in the United States, and we host the Services and process information in the United States and (to the extent we use them) other countries where our service providers operate. If you access the Services from outside the United States, your information will be transferred to, processed in, and stored in the United States, where data-protection laws may differ from those in your country. Where required by law (for example, for EEA/UK personal data), we use appropriate safeguards for international transfers, such as the European Commission's Standard Contractual Clauses.

12. Minors

The Services are not intended for, and we do not knowingly direct them to, individuals under the age of 18 (or the age of majority where they live). We do not knowingly collect personal information from minors. If we learn that we have collected personal information from a minor, we will delete it and, if the individual has an account, suspend the account. If you believe we may have inadvertently collected information about a minor, please contact us at help+privacy@sparkreach.app.

13. State-Specific Disclosures

13.1 California (CCPA/CPRA)

In the prior 12 months, we have collected the categories of personal information described in Section 3 (identifiers, customer records, commercial information, internet/network activity, geolocation (approximate), professional or employment-related information, and inferences drawn from these). We collect this information for the purposes described in Section 4, from the sources described in Section 3, and disclose it as described in Section 5.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA. We do not knowingly collect or sell the personal information of consumers under 16.

California residents have the rights described in Section 7, including the right to know, the right to delete, the right to correct, the right to opt out of sale/sharing, the right to limit use of sensitive personal information, the right to non-discrimination, and the right to designate an authorized agent. To exercise these rights, see Section 7 or the "Contact" section.

13.2 Other U.S. State Laws

If you are a resident of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Delaware, Iowa, New Jersey, New Hampshire, Tennessee, Indiana, or another state that grants consumer-privacy rights, you have the rights described in Section 7 to the extent provided by your state's law. To exercise these rights, see Section 7 or the "Contact" section.

13.3 Nevada

Nevada residents may opt out of the sale of certain "covered information." We do not sell such information, but you may submit an opt-out request at help+privacy@sparkreach.app.

14. SMS and Mobile Data Disclosures (TCPA / 10DLC)

When SparkReach or a Customer sends you a text message through the Services:

  • Recurring messages may be sent, with frequency varying based on the sender's program.
  • Standard message and data rates may apply, depending on your carrier and plan.
  • You may opt out at any time by replying STOP. After opting out, you will receive a confirmation message, and no further messages will be sent for that program.
  • For help, reply HELP or contact the sender (or, for SparkReach messages, help@sparkreach.app).
  • Mobile carriers are not liable for delayed or undelivered messages.

Your mobile phone number, opt-in records, and consent data are not shared with third parties or affiliates for marketing or promotional purposes. We use this information only to deliver messages you (or the Customer) have requested, to maintain records of consent and opt-outs, and to comply with carrier and legal requirements.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this Policy. If the change is material, we will give additional notice (for example, by email to your account contact, by a notice in the Services, or by a banner on our website) before the change takes effect. We encourage you to review this Privacy Policy periodically.

16. Contact Us

If you have questions, comments, or requests about this Privacy Policy or our privacy practices, contact us at:

  • Email: help+privacy@sparkreach.app
  • Mail: SparkReach Company — Privacy, c/o Legalinc Corporate Services Inc., 131 Continental Dr, Suite 305, Newark, DE 19713, US
  • Data protection contact (EEA/UK, if applicable): help+dpo@sparkreach.app