Clicky

Privacy Policy

Last updated: April 17, 2026

1. Introduction

Made to Spark ("we," "our," or "us") operates a content creation and social media publishing platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. We are committed to protecting your privacy and ensuring your personal data is handled in a transparent and secure manner.

By using our service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the service.

2. Information We Collect

2.1 Personal Information

We collect information you provide directly to us, including:

  • Account Information: Name, email address, and password when you create an account.
  • API Credentials: API keys for third-party services like OpenAI, Ideogram, or Anthropic (stored using industry-standard encryption).
  • User Content: Keywords, topics, article content, and specifications you submit for image or text generation.
  • Generated Assets: AI-generated images, titles, descriptions, and analysis data produced through your use of the service.
  • Payment Data: Payment information and transaction history (processed securely by Stripe; we do not store your full credit card details).
  • Support Communications: Information you provide when contacting our support team.

2.2 Usage and Technical Data

We automatically collect certain information when you visit or use our service:

  • Log Data: IP address, browser type, operating system, referring URLs, and pages viewed.
  • Usage Patterns: Time spent on pages, features used, and frequency of visits.
  • Device Information: Device type, screen resolution, and language preferences.
  • Tracking Technologies: We use cookies, Meta Pixel, and Partnero tracking to understand service performance and attribution.

3. How We Use Your Information

We process your information for the following purposes:

  • Service Delivery: To provide and maintain the Pinterest Pin Generator, process your generation requests, and manage your account.
  • AI Generation: To facilitate the creation of AI-powered images and content based on your inputs.
  • Automation & Scheduling: To enable the scheduling and automated publishing of content to your connected Pinterest boards, Facebook Pages, and Instagram accounts.
  • Communication: To send service updates, security alerts, and marketing communications (where permitted).
  • Payment Processing: To manage subscriptions, process transactions, and prevent billing fraud.
  • Optimization: To analyze usage trends, improve our AI prompts, and enhance user experience.
  • Compliance: To enforce our terms, comply with legal obligations, and protect our rights.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the context:

  • Contractual Necessity: To fulfill our agreement to provide the service to you.
  • Legitimate Interests: For service improvement, security, and limited marketing that does not override your privacy rights.
  • Legal Obligation: To comply with tax, accounting, or regulatory requirements.
  • Consent: Where you have given explicit permission (e.g., for non-essential cookies or marketing).

5. Information Sharing and Disclosure

We share your data only with specific categories of third parties to enable our service:

5.1 AI and Technical Partners

Data shared with these partners is strictly for generating your requested content:

  • AI Platforms: OpenAI, Anthropic (Claude), Google Gemini, Ideogram, Runware, and Freepik.
  • Media & Search: Unsplash, DepositPhotos, and Serper.
  • Product Data: Amazon (product information via Amazon Creators API and DataForSEO).
  • Technical Tools: ScreenshotOne (for web captures).

5.2 Publishing Integrations

When you connect third-party platforms, we share content you choose to publish:

  • Pinterest: Pin images, titles, descriptions, and board selections via the Pinterest API.
  • Facebook: Images and post content to your connected Facebook Page via the Meta Graph API.
  • Instagram: Images and captions to your connected Instagram Business or Creator account via the Instagram Content Publishing API.
  • WordPress: Article content and images to your connected WordPress site via its REST API.
  • Shopify: Article content and images to your connected Shopify store via its Admin API.
  • Etsy: We retrieve product listings and images from your connected Etsy shop (read-only access).

5.3 Business & Marketing Partners

  • Payments: Stripe (Payment processing).
  • Tracking & Analytics: Partnero (Affiliate tracking), Meta Pixel (Advertising analytics).
  • Communication: Email delivery services.

Note: We ensure all third-party partners provide adequate data protection through Standard Contractual Clauses (SCCs) where international transfers are involved.

6. Data Security

We implement appropriate security measures to protect your personal information:

  • Encryption of sensitive data in transit and at rest
  • Secure API key storage using Laravel's encryption
  • Regular security audits and updates
  • Access controls and authentication
  • Secure data centers and infrastructure

7. Data Retention

We follow a strict data minimization and retention policy:

  • Active Accounts: Account data is retained as long as your account exists.
  • Generated Images: Stored for up to 60 days, after which they are automatically deleted from our primary storage.
  • Temporary Assets: Resized images and temporary processing data are typically deleted within 7 days.
  • Unverified Accounts: Accounts that do not verify their email address are automatically deleted after 10 days.
  • Platform Tokens: When you disconnect a third-party platform (Pinterest, Facebook, Instagram, etc.), all stored access tokens and connection data are permanently deleted immediately.
  • Legal Records: Transactional and tax-related data are retained for the statutory period required by French law.

8. Your Rights

Depending on your location, you have several rights regarding your data:

  • Access & Portability: Obtain a copy of your data in a structured, machine-readable format.
  • Rectification: Correct inaccurate or incomplete information.
  • Erasure ("Right to be Forgotten"): Request full deletion of your account and associated data.
  • Restriction: Request that we limit the processing of your data.
  • Withdrawal of Consent: Revoke permissions at any time (e.g., for Pinterest, Facebook, or Instagram access, or marketing).

To exercise these rights, please contact us at the email address provided below.

9. Platform Integrations

Our Service integrates with several third-party platforms. All integrations use secure OAuth tokens or API credentials — we never see or store your passwords for these services.

9.1 Pinterest

  • Authorization: We use secure OAuth tokens to access your Pinterest boards and publish pins.
  • Data Handling: We only fetch the boards and pins necessary to provide the service.
  • Revocation: You can disconnect your Pinterest account at any time via your Profile Settings within our app, or by revoking access in your Pinterest account settings.
  • Third-Party Terms: Your use is also subject to the Pinterest Terms of Service and Pinterest Privacy Policy.

9.2 Facebook

  • Authorization: We use Meta's OAuth 2.0 flow to obtain a secure Page Access Token. We request the following permissions: pages_show_list (to list your Pages), pages_manage_posts (to publish content), and pages_read_engagement (to verify the connection).
  • Data Stored: We store your Facebook Page ID, Page name, and an encrypted Page Access Token. We do not store your Facebook password or personal profile data.
  • Data Handling: We only publish images and post content you explicitly schedule or trigger. We do not read your Page's existing posts, comments, or audience data.
  • Revocation: You can disconnect your Facebook Page at any time via Settings > Integrations within our app. You can also revoke access from your Facebook Business Integrations settings. Upon disconnection, your stored token and Page data are permanently deleted.
  • Third-Party Terms: Your use is also subject to the Meta Terms of Service and Meta Privacy Policy.

9.3 Instagram

  • Authorization: We use Instagram's OAuth 2.0 flow to obtain a long-lived access token. We request the following permissions: instagram_basic (to verify your account) and instagram_content_publish (to publish images on your behalf).
  • Data Stored: We store your Instagram user ID, username, and an encrypted access token. Tokens are automatically refreshed before expiry. We do not store your Instagram password.
  • Data Handling: We only publish images and captions you explicitly schedule or trigger. We do not read your existing posts, stories, followers, or direct messages.
  • Account Requirements: Instagram publishing requires a Business or Creator account. Personal Instagram accounts are not supported by the Instagram Content Publishing API.
  • Revocation: You can disconnect your Instagram account at any time via Settings > Integrations within our app. You can also revoke access from your Instagram Manage Access settings. Upon disconnection, your stored token and account data are permanently deleted.
  • Third-Party Terms: Your use is also subject to the Instagram Terms of Use and Meta Privacy Policy.

9.4 WordPress

  • We connect to your WordPress site via its REST API using application passwords you provide.
  • We publish articles and upload images on your behalf when you initiate publishing.
  • You can disconnect your WordPress site at any time via Settings > Integrations.

9.5 Shopify

  • We connect to your Shopify store via its Admin API using an access token from a custom app you create.
  • We publish articles and upload images on your behalf when you initiate publishing.
  • You can disconnect your Shopify store at any time via Settings > Integrations.

9.6 Etsy

  • We connect to your Etsy shop via OAuth 2.0 with read-only access to your listings.
  • We retrieve product images and titles to use in pin creation. We do not modify or publish anything to your Etsy shop.
  • You can disconnect your Etsy shop at any time via Settings > Integrations.

10. Cookies and Tracking

We use cookies to ensure the functionality and security of our site:

  • Essential: Required for login, security, and payment processing.
  • Performance: Helps us understand how users interact with the site.
  • Marketing: Used for attribution and ad performance tracking.

You can manage your preferences via our cookie consent banner. Declining non-essential cookies will not impact your ability to use the service.

11. International Transfers

As we use global partners (like OpenAI and Stripe), your data may be transferred to the United States. We ensure these transfers comply with GDPR through the use of Standard Contractual Clauses or other approved legal mechanisms.

12. Children's Privacy

Our service is for users aged 18 and older (or with parental consent). We do not knowingly collect data from children under 13. If we discover such data, it will be deleted immediately.

13. Lodging a Complaint

If you believe we have not handled your data correctly, you have the right to lodge a complaint with your local data protection authority. In France, this is the **CNIL** (Commission Nationale de l'Informatique et des Libertés).

14. Contact Information

For any privacy-related inquiries, data requests, or to contact our Data Protection Officer:

  • Email: info@madetospark.com
  • Data Protection Officer: Paul P.
  • Address: 21 Rue de l'Eglise, 94300 Vincennes, France
  • Entity: Made to Spark
  • SIREN: 940117690

Cookies & Privacy

We use cookies to improve your experience and analyze traffic. Read our Privacy Policy.