Privacy Policy
Effective: May 2026
SPR{k3 is a product of Dan Aridor Holdings Ltd, Israel ("we", "us", "our"). This policy describes how we collect, use, and protect personal data through our website and services at defend.sprk3.com, in compliance with the Israeli Protection of Privacy Law, 5741-1981, as amended by Amendment No. 13 ("PPL").
1. Data we collect
Account registration
When you sign up for SPR{k3 services, we collect your email address and, optionally, your name or organization name. We generate an API key for your account.
Service usage (Defend agent)
The SPR{k3 Defend agent running on your machine sends metadata only to our server. This includes: event type, timestamp, severity level, trust score, pattern ID (if a detection fires), tool name (not tool arguments), latency, and token counts. We never receive prompts, responses, file contents, credentials, tool inputs, tool outputs, or any content from your machine.
Service usage (Scan)
The SPR{k3 Scan binary runs locally on your machine. If configured with an API key, it sends finding metadata (file path hash, pattern ID, severity) to our server for dashboard display. Source code never leaves your machine.
Website
We do not use cookies, tracking pixels, or third-party analytics on defend.sprk3.com. We do not collect IP addresses for analytics purposes. Server access logs are retained for 30 days for security monitoring and then deleted.
2. Purpose of processing
We process personal data for the following purposes only:
- Providing and operating SPR{k3 services (Defend, Scan, Defend Agents)
- Authenticating your account and API access
- Displaying findings and trust scores on your dashboard
- Sending service-related communications (security alerts, product updates)
- Improving our detection patterns and service quality
We do not use your data for advertising, profiling, or sale to third parties.
3. Data minimization
We collect only the minimum data necessary to provide our services. The SPR{k3 architecture enforces this at the transport layer: content fields are stripped from events before any network transmission. The server physically cannot receive content data.
4. Data retention
Account data (email, API key) is retained for the duration of your account. Event metadata is retained for 12 months, then automatically deleted. Server access logs are retained for 30 days. You may request earlier deletion at any time.
5. Data security
All data in transit is encrypted using TLS. Data at rest is stored in encrypted databases on servers located in Germany (Hetzner). Access is restricted to authorized personnel only. We conduct regular security assessments of our own infrastructure.
6. Data transfers
Your account and event metadata is stored on servers in Germany. Germany is recognized by Israel as providing adequate data protection. We do not transfer data to any other jurisdiction.
7. Your rights
Under the PPL, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Withdraw consent for data processing
- Request a copy of your data in a structured format
To exercise any of these rights, contact us at support@sprk3.com. We will respond within 30 days.
8. Data breach notification
In the event of a data breach that may affect your personal data, we will notify the Israeli Privacy Protection Authority (PPA) immediately and notify affected individuals without undue delay, as required by the PPL.
9. Contact
For any privacy-related questions or requests:
Email: support@sprk3.com
Dan Aridor Holdings Ltd
Israel
Last updated: May 2026