Privacy Policy
Last updated: 2026-06-05
Spurkle ("the service") lets you send bursts of emoji confetti to friends who have also installed Spurkle on any of their devices. The main Spurkle client is a macOS desktop app; a Chrome extension is also available, and Windows and Linux desktop apps (plus potentially mobile clients later) are planned. This policy applies equally to all current and future Spurkle clients and explains what data Spurkle collects, why, where it goes, and what your rights are.
Spurkle is operated by Dallin Romney as a personal project. The short version: Spurkle stores the minimum data needed to let you sign in, find friends, and send each other emoji bursts. Nothing is sold, shared with advertisers, or used for tracking. You can delete your account at any time.
1. What data we collect
1.1 Account data (from sign-in)
You sign in to Spurkle with either Google or Apple. Spurkle uses the provider you choose only to verify your identity, and receives a minimal profile from it.
From Sign in with Google:
- Your email address
- Your Google display name
- Your Google profile picture URL
- A stable Google subject identifier (used internally to recognize you across sign-ins)
From Sign in with Apple:
- Your email address: either your real address or, if you choose, an anonymous Apple private relay address (such as
something@privaterelay.appleid.com) that forwards messages to you - Your name, shared by Apple only the first time you sign in, and only if you allow it
- A stable Apple user identifier (used internally to recognize you across sign-ins)
If you use an Apple private relay address, Spurkle treats it like any other email and does not attempt to discover or reveal the real address behind it. Apple does not share a profile picture, so Spurkle uses a default avatar until you set one.
Spurkle does not request access to your Gmail, Drive, Calendar, contacts, iCloud, or any other Google or Apple service.
1.2 Profile data
- The handle you choose (e.g.
yourname) - A display name (defaults to your Google display name)
- An avatar URL (defaults to your Google profile picture)
1.3 Social graph
- Friend requests you send and receive
- Your list of accepted friends
- Per-friend mute settings and your block list
1.4 Spurkle activity
When you send or receive a spurkle, Spurkle stores a record of the event: sender, recipient, emoji character, intensity setting, duration setting, and timestamp. This powers your in-app history. Spurkle does not store any other content: there is no message text, no media, no payload beyond the chosen emoji and its settings.
1.5 Premium billing data
If you purchase Spurkle Premium through a direct-download or web build, payment is handled by Stripe. Spurkle receives and stores the information needed to manage your Premium entitlement, such as your Stripe customer ID, subscription ID, subscription status, billing provider, relevant timestamps, and payment-related webhook events. Spurkle does not collect or store your full credit card number.
1.6 Local-only data
Your authentication session (an encrypted refresh token), your Do Not Disturb preference, and your last-used send settings are stored locally on your device by whichever Spurkle client you are using (the Chrome extension uses chrome.storage.local; the macOS app uses the system keychain and local app storage; other clients use the equivalent platform mechanism). They do not leave your device except as part of routine API calls to the Spurkle backend.
1.7 What we do NOT collect
- The Chrome extension does not read, modify, or store the contents of the web pages you visit. The confetti overlay is a transparent layer drawn on top of the active tab; the extension does not access the page's DOM, cookies, form data, or any other content. Desktop apps render confetti in their own transparent overlay window and do not read other applications' state either.
- Spurkle does not track your browsing history.
- Spurkle does not use cookies for analytics or advertising.
- Spurkle does not collect device identifiers, IP addresses for tracking, or location data.
2. How we use it
- To authenticate you and let you sign in across devices.
- To let your friends find you by handle or email.
- To deliver spurkles in real time.
- To show your sent/received history.
- To enforce safety controls (rate limits, mutes, blocks, Do Not Disturb).
- To process Premium subscriptions and maintain the correct Premium entitlement for your account.
3. Where the data lives
All server-side data is stored on Supabase, which hosts the database, authentication, and realtime delivery. Supabase data is encrypted at rest and in transit. The hosting region is the United States.
Sign-in is handled by Google's and Apple's identity services. We only see what the provider returns to us (see ยง 1.1).
Premium checkout and subscription management for direct-download and web builds are handled by Stripe. Stripe processes payment details under its own privacy policy; Spurkle receives only the billing and subscription records needed to keep Premium access in sync.
The static marketing site (this page) is hosted on Vercel. Vercel may log standard request metadata (IP address, user agent) for abuse detection per their privacy policy; Spurkle does not have access to those logs.
4. Sharing with third parties
Spurkle does not sell user data and does not share it with advertisers. The only third parties involved in operating the service are:
- Google (identity provider for Sign in with Google)
- Apple (identity provider for Sign in with Apple)
- Supabase (database, auth backend, realtime delivery)
- Stripe (Premium checkout and subscription management)
- Vercel (hosting for this marketing site)
Spurkle may disclose data if required by law or to investigate abuse of the service.
5. Data retention & deletion
Your profile and spurkle history are retained for as long as your account exists. You can delete your account at any time by emailing the address in ยง 9. On deletion, all your profile data, friendships, friend requests, spurkles you sent or received, mutes, and blocks are removed from the database within 30 days.
Billing records may be retained as needed for payment processing, tax, accounting, fraud prevention, dispute handling, and legal compliance.
6. Your rights
You have the right to:
- Access the data Spurkle has stored about you
- Correct inaccuracies in your profile
- Delete your account and all associated data
- Export your data in a portable format
Email the address in ยง 9 to exercise any of these rights.
7. Children
Spurkle is not directed at children under 13. Spurkle does not knowingly collect data from anyone under 13. If you believe a child has signed up, please contact us and we'll remove the account.
8. Changes to this policy
If we make material changes to this policy, the "Last updated" date at the top of the page will change and existing users will be notified within the app on next sign-in.
9. Contact
Questions, deletion requests, or anything else: dallinromney@gmail.com