Privacy Policy

Effective: February 2, 2026

Plain English Summary

SparkCEP is a platform for medical device reps. You trust us with your product data, your contacts, and your communications. Here's how we handle that trust:

  • We collect only what's needed to run the platform.
  • Your contact lists and surgeon relationships are yours. Period.
  • We never sell, rent, or share your data with anyone.
  • We don't run ads or build profiles on you.
  • You can delete your account and data whenever you want.

The rest of this policy covers the details.

Who This Covers

This policy applies to everyone who uses SparkCEP:

  • Distributors and reps who create accounts, manage products, and send communications
  • Surgeons and visitors who browse distributor pages or submit contact forms

SparkCEP, Inc. ("SparkCEP," "we," "us") is responsible for the platform and this policy.

What We Collect and Why

When you create an account

We collect your name, email, phone number, company name, and role. We need this to set up your account, authenticate you, and provide support.

When you use the platform

We collect the content you create—product listings, brand page details, rep profiles, contact records, email drafts, and announcements. This is your data. We store and process it so the platform works for you.

When someone visits a distributor page

If a surgeon or visitor browses a distributor's brand page or product catalog, we collect standard technical data: browser type, device, IP address, and pages viewed. If they submit a contact form, we collect whatever they provide (name, email, phone, role, message).

Contact form submissions belong to the distributor whose page was visited. We store them on the distributor's behalf.

When emails are sent through SparkCEP

We track whether recipients opened an email and clicked any links. This data is available to the distributor who sent the email so they can follow up effectively.

What we don't collect

We don't collect financial information, health records, social media profiles, or anything beyond what's described above.

How Your Data Is Protected

Encryption
All data is encrypted in transit using TLS and encrypted at rest in our database.
Isolation
Every distributor's data is isolated at the database level. Row-level security policies ensure you can only access your own contacts, products, and communications. Other distributors on the platform cannot see your data under any circumstances.
Authentication
Accounts are protected by secure authentication and session management. We recommend using a strong, unique password.
Infrastructure
SparkCEP runs on Supabase (database and auth), Vercel (hosting), and Resend (email delivery). These providers are bound by their own security practices and process data on our behalf—not for their own purposes.

What We Will Never Do

We want to be explicit:

  • We will never sell your data. Not to marketers, not to data brokers, not to anyone.
  • We will never share your contact lists. Your surgeon relationships stay between you and your surgeons.
  • We will never serve ads. SparkCEP is a paid platform, not an ad-supported one.
  • We will never use your data to compete with you. Your product and contact information is off-limits for any purpose other than delivering the platform to you.
  • We will never contact your surgeons. Emails to your contacts come from you, through SparkCEP. We don't inject our own messaging.

Who Sees Your Data

  • You and your team. Only authorized users on your account can access your products, contacts, and communications.
  • SparkCEP staff. Our team may access account data when providing support you've requested or investigating a security issue. This access is logged and limited to what's necessary.
  • Our infrastructure providers. Supabase, Vercel, and Resend process data as part of running the platform. They don't have independent rights to your information.
  • Law enforcement. We will comply with valid legal requests (subpoenas, court orders). If permitted, we'll notify you before disclosing anything.
  • No one else.

Cookies and Tracking

  • We use session cookies to keep you logged in. That's it.
  • We don't use advertising cookies, retargeting pixels, or third-party analytics trackers.

For Surgeons and Visitors

If you submitted a contact form on a distributor's page or received an email through SparkCEP:

  • Your information is managed by the distributor, not SparkCEP directly.
  • Every email includes an unsubscribe link. One click and you're off their list.
  • If you want your information deleted, contact the distributor or email us at support@sparkcep.com and we'll handle it.

Contact support@sparkcep.com for any of the above.

Data Retention

  • We keep your data for as long as your account is active. If you cancel, we delete everything within 30 days unless legal obligations require otherwise.
  • Email engagement data (opens, clicks) is retained for 12 months, then purged.
  • Server logs are retained for 90 days for security and troubleshooting purposes.

Children

SparkCEP is a business platform for medical device professionals. It is not designed for or directed at anyone under 18. We don't knowingly collect data from minors.

Changes to This Policy

If we make meaningful changes, we'll email you before they take effect. Minor clarifications or formatting updates won't trigger a notification, but the updated date at the top will always reflect the latest version.

Questions

Email: support@sparkcep.com

Web: sparkcep.com