SPARK AI — Privacy Policy
Effective Date: 06 / 27 / 2025
1. Introduction
Welcome to SPARK AI, your voice-powered assistant for accessing Nigerian government services.
We value your privacy and are committed to protecting your personal data in accordance with the Nigeria Data Protection Act, 2023 (NDPA), the General Data Protection Regulation (GDPR - EU, 2018), and other applicable data protection laws.
This Privacy Policy explains how we collect, use, and protect your data when you use the SPARK AI app.
2. Information We Collect
In line with NDPA (Section 24) and GDPR (Article 5 & 6), we only collect personal data that is adequate, relevant, and limited to what is necessary.
a. Account & Voice Data
Full name (first, middle, and last name)
Unique identifiers such as email and password
Voice input when you interact with SPARK AI via the microphone
Voice data is converted into text to understand your request
Voice recordings are not stored, unless explicitly stated and with your consent (GDPR Art. 7, NDPA Sec. 26).
b. Usage Data
Types of services requested (e.g., tax complaints, service enquiries)
Frequency of use
App performance logs (diagnostics, crashes)
c. Device Information
Device type and operating system
IP address and language preference
App version
d. Optional Personal Information
When you enter personal details into embedded government forms, SPARK AI does not request or store sensitive identifiers (such as NIN, BVN, or biometric details). These inputs are handled directly by the relevant government service providers and remain under their privacy policies.
3. How We Use Your Information
Under NDPA Sec. 25 and GDPR Art. 6, we process your data based on: consent, contract necessity, and legitimate interest.
We use your information to:
Understand your commands and connect you to the correct government service
Improve AI accuracy and app performance
Diagnose issues and ensure security
Provide personalized support for premium users
4. How We Share Your Data
We do not sell your data. Sharing only occurs in line with NDPA Sec. 30 and GDPR Art. 28 (Processor obligations):
AI providers (e.g., OpenAI, Google) strictly for processing voice/text requests
Cloud and analytics services for performance monitoring
All partners operate under Data Processing Agreements (DPAs) with confidentiality and security requirements. Data is encrypted during transfer.
5. Embedded Government Forms
SPARK AI may display forms or interfaces from third-party government websites.
These are embedded securely and served directly from their original source
They remain subject to the privacy policies of those government sites
SPARK AI does not request NIN or other government ID numbers directly, and does not store form submissions
6. Data Retention
Consistent with NDPA Sec. 31 and GDPR Art. 5(1)(e), data is retained only for as long as necessary to:
Provide services
Improve AI functionality
Meet regulatory obligations
You may request deletion of your data at any time (see Section 7).
7. Your Rights
We respect your rights under NDPA (Sec. 34–38) and GDPR (Art. 12–22):
Right to access your data
Right to correction/rectification
Right to erasure (“Right to be Forgotten”)
Right to restrict or object to processing
Right to withdraw consent at any time
Right to data portability (GDPR Art. 20)
Data Protection Officer (DPO):
While SPARK AI does not process NINs, BVNs, or biometric identifiers directly, our processing of personal data as a core activity means we maintain compliance oversight through a licensed Data Protection Compliance Organization (DPCO) in Nigeria. A DPO may be designated if required by NDPC regulations or as user scale grows.
To exercise your rights, email us at sparkai.support@civicnexa.com
8. Data Security
As required by NDPA Sec. 40 and GDPR Art. 32, we maintain strong security controls:
End-to-end encryption in transit
Secure cloud storage with strict access controls
Regular security audits and vulnerability assessments
9. Children’s Privacy
SPARK AI is not intended for children under 13.
We do not knowingly collect data from children without parental consent (NDPA Sec. 35, GDPR Art. 8).
10. International Data Transfers
If your data is processed outside Nigeria or the EU, transfers are safeguarded with:
Adequacy decisions (GDPR Art. 45)
Standard Contractual Clauses (SCCs)
NDPA-approved safeguards for cross-border transfers
11. Changes to This Policy
We may update this Privacy Policy in line with NDPA Sec. 39 and GDPR Art. 13(3).
You will be notified of significant updates via the app or by email.
12. Contact Us
If you have questions about this policy or your rights, contact:
📧 sparkai.support@civicnexa.com
