Privacy Policy

Last updated: 2026-05-26

Spurkle ("the service") lets you send bursts of emoji confetti to friends who have also installed Spurkle on any of their devices. The first Spurkle client is a Chrome extension; native desktop apps for macOS, Windows, and Linux are planned, plus potentially mobile clients later. This policy applies to all Spurkle clients and explains what data Spurkle collects, why, where it goes, and what your rights are.

Spurkle is operated by Dallin Romney as a personal project. The short version: Spurkle stores the minimum data needed to let you sign in, find friends, and send each other emoji bursts. Nothing is sold, shared with advertisers, or used for tracking. You can delete your account at any time.

1. What data we collect

1.1 Account data (from Google Sign-In)

When you sign in with Google, Spurkle receives the following from Google's OAuth identity:

• Your email address
• Your Google display name
• Your Google profile picture URL
• A stable Google subject identifier (used internally to recognize you across sign-ins)

Spurkle does not request access to your Gmail, Drive, Calendar, contacts, or any other Google service.

1.2 Profile data

• The handle you choose (e.g. yourname)
• A display name (defaults to your Google display name)
• An avatar URL (defaults to your Google profile picture)

1.3 Social graph

• Friend requests you send and receive
• Your list of accepted friends
• Per-friend mute settings and your block list

1.4 Spurkle activity

When you send or receive a spurkle, Spurkle stores a record of the event: sender, recipient, emoji character, intensity setting, duration setting, and timestamp. This powers your in-app history. Spurkle does not store any other content — there is no message text, no media, no payload beyond the chosen emoji and its settings.

1.5 Local-only data

Your authentication session (an encrypted refresh token), your Do Not Disturb preference, and your last-used send settings are stored locally on your device by whichever Spurkle client you are using (for the Chrome extension this means chrome.storage.local; desktop apps will use the equivalent platform mechanism). They do not leave your device except as part of routine API calls to the Spurkle backend.

1.6 What we do NOT collect

• The Chrome extension does not read, modify, or store the contents of the web pages you visit. The confetti overlay is a transparent layer drawn on top of the active tab; the extension does not access the page's DOM, cookies, form data, or any other content. Desktop apps render confetti in their own transparent overlay window and do not read other applications' state either.
• Spurkle does not track your browsing history.
• Spurkle does not use cookies for analytics or advertising.
• Spurkle does not collect device identifiers, IP addresses for tracking, or location data.

2. How we use it

• To authenticate you and let you sign in across devices.
• To let your friends find you by handle or email.
• To deliver spurkles in real time.
• To show your sent/received history.
• To enforce safety controls (rate limits, mutes, blocks, Do Not Disturb).

3. Where the data lives

All server-side data is stored on Supabase, which hosts the database, authentication, and realtime delivery. Supabase data is encrypted at rest and in transit. The hosting region is the United States.

Sign-in is handled by Google's OAuth service. We only see what Google returns to us (see § 1.1).

The static marketing site (this page) is hosted on Vercel. Vercel may log standard request metadata (IP address, user agent) for abuse detection per their privacy policy; Spurkle does not have access to those logs.

4. Sharing with third parties

Spurkle does not sell user data and does not share it with advertisers. The only third parties involved in operating the service are:

• Google (identity provider for sign-in)
• Supabase (database, auth backend, realtime delivery)
• Vercel (hosting for this marketing site)

Spurkle may disclose data if required by law or to investigate abuse of the service.

5. Data retention & deletion

Your profile and spurkle history are retained for as long as your account exists. You can delete your account at any time by emailing the address in § 9. On deletion, all your profile data, friendships, friend requests, spurkles you sent or received, mutes, and blocks are removed from the database within 30 days.

6. Your rights

You have the right to:

• Access the data Spurkle has stored about you
• Correct inaccuracies in your profile
• Delete your account and all associated data
• Export your data in a portable format

Email the address in § 9 to exercise any of these rights.

7. Children

Spurkle is not directed at children under 13. Spurkle does not knowingly collect data from anyone under 13. If you believe a child has signed up, please contact us and we'll remove the account.

8. Changes to this policy

If we make material changes to this policy, the "Last updated" date at the top of the page will change and existing users will be notified within the app on next sign-in.

9. Contact

Questions, deletion requests, or anything else: dallinromney@gmail.com