Privacy Policy
Effective date: 4/11/2025
Who we are
SparkCert (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal information when you use our web application.
We operate in the United Kingdom and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Personal Data We Collect
When you create an account on SparkCert, we collect:
- Name
- Email address
- Password (securely hashed, never stored in plain text)
We do not collect sensitive personal data.
2. How We Use Your Data
We use your personal data to:
- Create and manage your user account
- Authenticate you when logging in
- Provide secure access to the SparkCert platform
- Send essential service-related notifications, if required
We do not sell or share personal data with advertisers or unrelated third parties.
3. Legal Basis for Processing
Under UK GDPR, we process your data based on:
- Performance of a contract - required to provide your account
- Legitimate interests - to maintain platform security and functionality
4. Cookies
We only use strictly necessary cookies:
| Cookie name | Purpose | Category |
|---|---|---|
| laravel_session | Maintains your logged-in session | Strictly necessary |
| XSRF-TOKEN | Protects against CSRF attacks | Strictly necessary |
As these cookies are required for the app to function, no cookie consent banner is required.
5. Analytics - Fathom (Cookieless & Privacy-focused)
We use Fathom Analytics to understand how users interact with our platform and to improve our service.
- Does not use cookies
- Does not store or collect personal data
- All analytics data is anonymised
- Fully compliant with UK GDPR, EU GDPR, and other privacy laws
Because no personal data is collected, no consent banner is required.
6. Data Security
We store your data securely and use industry-standard security practices to prevent unauthorized access, disclosure, or loss. Passwords are encrypted and hashed following best practices.
7. Data Retention
We retain your personal data for as long as your account is active. If you delete your account, your personal data will be permanently removed within a reasonable timeframe.
8. Your Rights
Under UK GDPR, you have the right to:
- Access your personal data
- Request corrections to inaccurate data
- Request deletion of your data
- Request a copy of your data (data portability)
To exercise these rights, contact us using the details below.
9. Contact Us
Email: support@spark-cert.co.uk
Subject line: "Privacy Request – SparkCert"
10. Changes to This Policy
We may update this Privacy Policy occasionally. When we do, we will update the effective date at the top of the page.