Privacy Policy

Last updated: May 2026

The short version

• We collect only what's needed to run your workflows.
• OAuth tokens are encrypted at rest with AES-256-GCM.
• Email content is read at workflow runtime, never stored long-term.
• We never train any AI models on your data.
• You can delete your account and all data at any time.

What we collect

To provide Ferio, we collect:

• Account info: your email address (via Supabase Auth).
• OAuth tokens: Google access and refresh tokens, encrypted at rest.
• API key: your Anthropic key, encrypted at rest.
• Workflow definitions: the triggers, prompts, and actions you create.
• Spark logs: trigger data, AI output, and action results for each workflow run. Retained 7 days (Free) or 90 days (Starter).
• Billing info: handled by Stripe — we never store card numbers.

How we use Google data

When your workflows run, we read emails matching your filters and (optionally) write to Drive or send replies on your behalf. We:

• Only read emails when a workflow is active and triggered.
• Only write to Drive folders you explicitly specify.
• Never share your Gmail or Drive content with anyone.
• Never train any AI models on your Google data.

Our use of information from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

How we use Claude (Anthropic)

You bring your own Anthropic API key. When a workflow runs, the relevant email content is sent to Anthropic via your key. Anthropic's data handling is governed by their privacy policy. We don't see or store the conversations beyond the Spark log.

Sharing & sub-processors

We use the following sub-processors to operate Ferio:

• Supabase — auth and database hosting
• Vercel — frontend hosting
• Google Cloud (Cloud Run) — backend hosting
• Inngest — job queue for workflow execution
• Stripe — billing and subscription management
• Resend — transactional emails
• Sentry — error tracking

We do not sell your data to anyone, ever.

Your rights

• Access — see all data we have on you.
• Delete — request full account deletion. We delete within 7 days.
• Export — get a copy of your workflows and Spark history.
• Disconnect — revoke Google access from Settings or directly at myaccount.google.com/permissions.

Cookies

We use only essential cookies for authentication (Supabase session). No tracking, no advertising cookies.

Contact

Questions? Email hello@sparkferio.com.