Spurkle

Privacy Policy

Last updated: 2026-06-05

Spurkle ("the service") lets you send bursts of emoji confetti to friends who have also installed Spurkle on any of their devices. The main Spurkle client is a macOS desktop app; a Chrome extension is also available, and Windows and Linux desktop apps (plus potentially mobile clients later) are planned. This policy applies equally to all current and future Spurkle clients and explains what data Spurkle collects, why, where it goes, and what your rights are.

Spurkle is operated by Dallin Romney as a personal project. The short version: Spurkle stores the minimum data needed to let you sign in, find friends, and send each other emoji bursts. Nothing is sold, shared with advertisers, or used for tracking. You can delete your account at any time.

1. What data we collect

1.1 Account data (from sign-in)

You sign in to Spurkle with either Google or Apple. Spurkle uses the provider you choose only to verify your identity, and receives a minimal profile from it.

From Sign in with Google:

From Sign in with Apple:

If you use an Apple private relay address, Spurkle treats it like any other email and does not attempt to discover or reveal the real address behind it. Apple does not share a profile picture, so Spurkle uses a default avatar until you set one.

Spurkle does not request access to your Gmail, Drive, Calendar, contacts, iCloud, or any other Google or Apple service.

1.2 Profile data

1.3 Social graph

1.4 Spurkle activity

When you send or receive a spurkle, Spurkle stores a record of the event: sender, recipient, emoji character, intensity setting, duration setting, and timestamp. This powers your in-app history. Spurkle does not store any other content: there is no message text, no media, no payload beyond the chosen emoji and its settings.

1.5 Premium billing data

If you purchase Spurkle Premium through a direct-download or web build, payment is handled by Stripe. Spurkle receives and stores the information needed to manage your Premium entitlement, such as your Stripe customer ID, subscription ID, subscription status, billing provider, relevant timestamps, and payment-related webhook events. Spurkle does not collect or store your full credit card number.

1.6 Local-only data

Your authentication session (an encrypted refresh token), your Do Not Disturb preference, and your last-used send settings are stored locally on your device by whichever Spurkle client you are using (the Chrome extension uses chrome.storage.local; the macOS app uses the system keychain and local app storage; other clients use the equivalent platform mechanism). They do not leave your device except as part of routine API calls to the Spurkle backend.

1.7 What we do NOT collect

2. How we use it

3. Where the data lives

All server-side data is stored on Supabase, which hosts the database, authentication, and realtime delivery. Supabase data is encrypted at rest and in transit. The hosting region is the United States.

Sign-in is handled by Google's and Apple's identity services. We only see what the provider returns to us (see ยง 1.1).

Premium checkout and subscription management for direct-download and web builds are handled by Stripe. Stripe processes payment details under its own privacy policy; Spurkle receives only the billing and subscription records needed to keep Premium access in sync.

The static marketing site (this page) is hosted on Vercel. Vercel may log standard request metadata (IP address, user agent) for abuse detection per their privacy policy; Spurkle does not have access to those logs.

4. Sharing with third parties

Spurkle does not sell user data and does not share it with advertisers. The only third parties involved in operating the service are:

Spurkle may disclose data if required by law or to investigate abuse of the service.

5. Data retention & deletion

Your profile and spurkle history are retained for as long as your account exists. You can delete your account at any time by emailing the address in ยง 9. On deletion, all your profile data, friendships, friend requests, spurkles you sent or received, mutes, and blocks are removed from the database within 30 days.

Billing records may be retained as needed for payment processing, tax, accounting, fraud prevention, dispute handling, and legal compliance.

6. Your rights

You have the right to:

Email the address in ยง 9 to exercise any of these rights.

7. Children

Spurkle is not directed at children under 13. Spurkle does not knowingly collect data from anyone under 13. If you believe a child has signed up, please contact us and we'll remove the account.

8. Changes to this policy

If we make material changes to this policy, the "Last updated" date at the top of the page will change and existing users will be notified within the app on next sign-in.

9. Contact

Questions, deletion requests, or anything else: dallinromney@gmail.com