Privacy Policy

1. Controller Information

Controller: Thicle Sarl-S, 8352 Dahlem, Luxembourg (Company number B265768, VAT LU33898674).

Contact for privacy requests: info@affispark.io.

2. Scope

This Privacy Policy applies to personal data processed through AffiSpark websites, dashboards, APIs, support channels, billing operations, and related communications.

Third-party products linked from AffiSpark are governed by their own privacy policies.

3. Processing Roles

For account, billing, operations, and security data, Thicle Sarl-S generally acts as a controller.

For customer business data processed to deliver affiliate-program functionality, Thicle Sarl-S generally acts as a processor/service provider under customer instructions.

4. Categories of Data We Process

Account and identity data (such as email address, account identifiers, and login metadata).

Organization and affiliate program data (such as affiliate profiles, referral links, conversions, commissions, and payout data).

Billing and subscription data (such as Stripe customer and subscription metadata, invoicing status, and plan details).

Technical and security data (such as IP address, user agent, event logs, webhook logs, and request diagnostics).

Support communication data sent to info@affispark.io.

5. Purposes and Legal Bases (GDPR)

Contract performance (Article 6(1)(b) GDPR): account management, service delivery, support, and billing operations.

Legitimate interests (Article 6(1)(f) GDPR): service reliability, product improvement, fraud prevention, abuse detection, and incident response.

Legal obligations (Article 6(1)(c) GDPR): compliance with tax/accounting duties and lawful requests.

Consent (Article 6(1)(a) GDPR): where required for specific tracking or communications.

6. Cookies and Similar Technologies

AffiSpark uses cookies and local storage for authentication, session security, and referral attribution.

Where required by law, non-essential tracking technologies are subject to consent mechanisms.

7. Data Sharing and Recipients

We share personal data with trusted service providers necessary to operate AffiSpark, including Supabase (auth/data infrastructure), Vercel (hosting), Stripe (billing), and optional PostHog (analytics).

We may also disclose data to professional advisers or authorities where legally required.

AffiSpark does not sell personal data for monetary consideration.

8. International Transfers

Data may be processed outside the EEA/UK/Switzerland depending on provider infrastructure.

Where required, we rely on recognized transfer safeguards such as adequacy decisions and/or Standard Contractual Clauses.

9. Data Retention

We retain personal data only as long as necessary for service operation, security, legal compliance, and dispute handling.

Financial and billing records may be retained for legally required retention periods.

Security and technical logs are retained according to operational security needs and then deleted or anonymized.

10. Security Measures

We apply technical and organizational safeguards appropriate to processing risk, including role-based access control and infrastructure-level protections.

No system can be guaranteed completely secure, and customers remain responsible for their own security controls on connected systems.

11. Data Subject Rights

Where applicable, you may request access, rectification, deletion, restriction, objection, portability, and withdrawal of consent for consent-based processing.

Requests may be sent to info@affispark.io.

12. Supervisory Authority

If you are in the EEA, you may lodge a complaint with your local supervisory authority, including Luxembourg CNPD.

13. U.S. State Privacy Notice

Where applicable U.S. state privacy laws apply, residents may have additional rights such as access, correction, deletion, portability, and non-discrimination for exercising privacy rights.

AffiSpark does not sell personal data and does not provide cross-context behavioral advertising as part of core product operation.

14. Children's Data

AffiSpark is not intended for children under 16, and we do not knowingly collect personal data from children.

15. Changes to This Policy

We may update this Privacy Policy periodically. Updated versions become effective when published with a revised date.

16. Contact

For privacy questions or rights requests, contact info@affispark.io.