At SparkReceipt, data security and privacy are fundamental priorities. The platform is designed to meet strict European standards, with full GDPR compliance and robust safeguards across storage, access, and encryption.
π Where Is My Data Stored?
All user data β including receipts, documents, and personal information β is stored entirely within the European Union, except where clearly disclosed:
Service | Location | Purpose |
Heroku (EU) | EU servers | Application hosting & primary database |
AWS S3 (Sweden) | Stockholm, Sweden | Primary file storage |
AWS Backup | Frankfurt, Germany | Encrypted backup storage |
Brevo (EU) | Paris, France | Email delivery (e.g. password reset, welcome) |
OpenAI (USA) | United States (Enterprise plan) | AI document processing (see privacy details below) |
π All services, except OpenAIβs API (used for AI processing), are hosted in the EU.
π§ Is My Data Used to Train AI?
No. SparkReceipt uses OpenAI's Enterprise-grade API with strict privacy settings:
Your data is never used to train models
Inputs and outputs are deleted after 30 days
You retain full ownership of your data and AI outputs
This ensures your documents remain private and protected, even when processed by AI.
π How Is My Data Protected?
β Encryption
In transit: All data is encrypted using strong TLS encryption during upload/download
At rest: Files and databases are encrypted on disk to prevent unauthorized physical access
β Secure Access Controls
Access to servers and admin tools is protected with:
Strong, random passwords
Multi-factor authentication (MFA)
Brute-force protection and rate limiting
Only authorized SparkReceipt personnel can access sensitive systems, and only for technical support when explicitly requested
ποΈ Can I Delete My Data?
Yes β you can delete your account and all personal data at any time:
Account deletion removes your data from active systems
Some system backups and logs may retain limited data for up to 30 days
No third parties have access to this data during or after the retention period
π₯ Checklist: SparkReceipt Security Highlights
β
GDPR-compliant cloud infrastructure (EU-based)
β
Encrypted data in transit and at rest
β
No data sharing with third parties
β
OpenAI API with zero training or retention beyond 30 days
β
Admin access only with MFA & strict control
β
User-controlled data deletion options
β FAQ Section
Q: Where is my data stored?
A: All data is stored within the European Union, primarily in Sweden and Germany, with the exception of AI processing via OpenAI in the U.S. under strict enterprise privacy.
Q: Is my data encrypted?
A: Yes β your data is encrypted both in transit and at rest.
Q: Who can access my documents?
A: Only authorized SparkReceipt staff, and only if you request support. No external third parties have access unless it is vital for building the service or communication, such as Brevo, for sending emails.
Q: Can I delete all my data?
A: Yes β you can delete your account and personal data at any time. Some backup data may persist for up to 30 days.
Q: Is SparkReceipt GDPR-compliant?
A: Yes β all core infrastructure and storage is hosted in the EU and adheres to GDPR standards.
Q: Is my data used to train AI?
A: No β SparkReceipt uses OpenAIβs Enterprise API, which does not use customer data for training and deletes inputs after 30 days.