Features Pricing Docs FAQ Get Started

Privacy Policy

Last updated: April 2026

The Short Version

SparkBox is a privacy-first product built by a privacy-first company. We don't want your data, we don't collect your data, and we don't sell your data. The software runs entirely on your hardware. We have no access to what runs on your server, who uses it, or what they do with it.

This policy explains the small amount of data we do collect — exclusively to run the website, deliver licenses, and provide support.

What We Don't Collect

  • No telemetry from the SparkBox software. The dashboard, modules, and services do not phone home. We have no metrics, no usage tracking, no error reporting back to us.
  • No data from your self-hosted apps. Your Pi-hole logs, Vaultwarden passwords, Jellyfin library, Nextcloud files, and everything else stays on your server. We never see it.
  • No selling or sharing of AI Troubleshooting data. The Pro/Ultimate AI Troubleshooting feature routes through our Anthropic API to provide diagnostic help. We log conversations solely to diagnose issues with SparkBox and improve the product. We never sell, share, or use your conversation data for marketing or any other purpose. See the "What We Do Collect" section below for details.
  • No analytics on the website beyond basic privacy-respecting hit counts. We do not use Google Analytics or any tracking scripts.
  • No tracking pixels, no third-party cookies, no ad networks.

What We Do Collect

When you visit tomsparkbox.com

  • Anonymous request logs. Our hosting provider (Cloudflare) receives standard web request logs: IP address, timestamp, page requested, user agent. These are retained by Cloudflare for security purposes and are not used for tracking.
  • A preference cookie only if you interact with features that need it. No tracking cookies.

When you purchase SparkBox Pro

  • Email address. Required to deliver your license key and provide support.
  • Payment information. Processed by our payment provider (Stripe or similar). We never see or store your credit card details — only a transaction ID and the last 4 digits for refund purposes.
  • License key history. We store your license key associated with your email so we can re-send it or help recover access if you lose it.

When SparkBox checks for updates

  • An anonymous HTTP request to get.tomsparkbox.com to check the latest version. This request includes no identifying information beyond a standard HTTP user agent and your server's IP address (visible to any HTTP request).

When you use AI Troubleshooting (Pro / Ultimate)

  • Your chat messages and the AI's responses are logged by us. The chat feature routes through our Anthropic API (we pay for the tokens as part of your Pro subscription).
  • Purpose of logging: strictly to diagnose issues with SparkBox, improve the product, and train our internal knowledge base so future users get better answers. We use this data only to support the product.
  • What we do not do: we do not sell chat data, share it with advertisers, use it for marketing, or use it for anything unrelated to improving SparkBox. Our third-party AI provider (Anthropic) processes messages to generate responses but does not train their models on our customer data.
  • Retention: chat logs are retained for up to 12 months, then automatically deleted.
  • Sensitive data: please do not paste passwords, API keys, or other sensitive secrets into the chat. It is designed for troubleshooting questions, not for managing credentials.

When SparkBox validates your Pro license

  • Nothing. License validation happens entirely offline on your own server using cryptographic signatures. No network request is made to validate a license key.

When you contact support

  • The contents of your email. Stored in our email system for the duration needed to resolve your issue, then archived. We do not use support data for any other purpose.

Third Parties We Use

We use a small number of third-party services to run the product. Each only receives the minimum data needed:

  • Cloudflare — hosts the website, serves release files, provides CDN and DDoS protection. Receives standard web traffic metadata.
  • Stripe (or equivalent payment processor) — processes one-time payments for SparkBox Pro. Subject to their own privacy policy.
  • Email provider — delivers license keys and support emails. Receives your email address and the content of messages.
  • Anthropic — powers the AI Troubleshooting feature. When you use AI Troubleshooting, your messages are sent through our account to Anthropic's Claude API for response generation. Anthropic does not train their models on customer API data. We log the conversations on our side for support and product improvement purposes only (see "When you use AI Troubleshooting" above).
  • Amazon Associates / affiliate networks — if you click an affiliate link on our website (UGREEN, Corsair, Hostinger, Surfshark, Incogni), you are taken to that third party's site, where their own privacy policy applies. We receive anonymous commission tracking data from these networks.

Cookies

The tomsparkbox.com website uses minimal cookies:

  • Essential cookies required for basic site functionality (e.g., remembering mobile menu state).
  • Cloudflare security cookies used for DDoS protection and bot detection.

We do not use analytics cookies, advertising cookies, or social media tracking pixels. You can block all cookies in your browser without breaking the site.

Data Retention

  • License key records: retained indefinitely so we can re-send lost keys (the license is perpetual).
  • Payment records: retained as required by tax and accounting law (typically 7 years).
  • Support emails: retained for 2 years after the support request is resolved, then deleted.
  • AI Troubleshooting conversations: retained for up to 12 months, then automatically deleted.
  • Web server logs: retained by Cloudflare according to their policy (typically 7-30 days).

Your Rights

You have the right to:

  • Access any personal data we hold about you (primarily your email and license record).
  • Correct inaccurate data.
  • Delete your data. Note: deleting your email from our records will make it impossible for us to re-send a lost license key in the future. Your license itself continues to work because it validates offline on your server.
  • Export your data in a machine-readable format.
  • Opt out of any non-essential communications.

To exercise any of these rights, email support@tomsparkbox.com.

Children

SparkBox is not directed at children under 13. We do not knowingly collect personal information from children.

International Users

SparkBox is sold globally. The small amount of data we collect (email, license records) may be stored on servers located outside your country. By purchasing SparkBox Pro, you consent to this transfer.

If you are in the EU or UK, you have rights under GDPR. We consider ourselves bound by GDPR principles globally, regardless of your location.

Security

We take reasonable security precautions to protect the data we hold: encrypted transport (HTTPS), encrypted storage where appropriate, and limited access to sensitive records. However, no system is perfectly secure. We will notify affected users of any data breach as required by applicable law.

Changes to This Policy

We may update this policy from time to time. Material changes will be announced on the website. Continued use of SparkBox after changes constitutes acceptance.

Contact

Privacy questions or data requests: support@tomsparkbox.com

Website: https://tomsparkbox.com