Cyber Spark Portal logo

Privacy Policy

Last updated: April 13, 2025

CyberSpark (“we”, “our”, or “us”) operates the Cyber Spark Portal application. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our application, including integrations with third-party services such as Google Workspace and Microsoft Teams.

1. Information We Collect

We collect the following categories of information:

  • Account Information: Name, work email address, profile picture, and organizational role provided during registration or via OAuth sign-in (Google / Microsoft).
  • Work Activity Data: Project assignments, time-tracking entries, activity logs, calendar events, and meeting records you create or import within the portal.
  • Git & Development Data: Repository names, branch names, commit messages, pull request metadata, and issue titles that are synced via connected GitHub integrations.
  • Leave & HR Data: Leave requests, leave-type entitlements, approval status, and holiday calendars managed within the portal.
  • OAuth Tokens: Access tokens and refresh tokens issued by Google or Microsoft when you connect your calendar or meetings integration. These tokens are stored securely and used solely to perform the actions you authorize.
  • Usage & Technical Data: IP address, browser type, operating system, referring URLs, and pages visited, collected automatically via server logs and analytics.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Cyber Spark Portal service.
  • Authenticate your identity and manage user sessions securely.
  • Sync your calendar and meetings via Google Calendar or Microsoft Teams on your behalf, using only the permissions you grant during OAuth consent.
  • Generate attendance, activity, and leave reports for your organization.
  • Send transactional notifications (e.g., leave approvals, assignment alerts).
  • Detect and prevent unauthorized access, fraud, and security incidents.
  • Comply with applicable legal obligations.

3. Third-Party Integrations

Google Workspace

When you authorize the Google integration, we request access to your Google Calendar to read and create meeting events. We use Google's OAuth 2.0 protocol and comply with Google API Services User Data Policy, including the Limited Use requirements. We do not share your Google data with any third party, and we do not use it for advertising purposes.

Microsoft Teams

When you authorize the Microsoft integration, we request access to your Microsoft Calendar and Teams meetings via Microsoft Graph API. Tokens are stored securely and used solely to create or retrieve meeting links on your behalf. We comply with Microsoft's API Terms of Use and do not share your Microsoft data with third parties.

GitHub

If a GitHub Personal Access Token (PAT) is configured, we use it to read repository data (branches, commits, pull requests, issues) for project tracking. We do not write to or delete any GitHub resources without explicit action by an authorized administrator.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share data in the following limited circumstances:

  • Within Your Organization: Managers and administrators in your organization may view activity and leave data as permitted by their role.
  • Service Providers: We may engage trusted service providers (e.g., cloud hosting, email delivery) who process data on our behalf under strict confidentiality obligations.
  • Legal Requirements: We may disclose data if required by law, court order, or government authority.
  • Business Transfers: In the event of a merger or acquisition, user data may be transferred as part of that transaction, subject to equivalent privacy protections.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the service. Activity logs and reports may be retained for up to 36 months for organizational record-keeping. OAuth tokens are revoked and deleted when you disconnect an integration. You may request deletion of your account data at any time by contacting us at info@cyberspark.in.

6. Data Security

We implement industry-standard security measures including TLS encryption in transit, encrypted storage for OAuth tokens, role-based access controls, and regular security reviews. Despite these measures, no system is entirely secure, and we cannot guarantee absolute security.

7. Your Rights

Depending on your location, you may have the following rights regarding your data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal retention obligations.
  • Portability: Request a structured, machine-readable export of your data.
  • Revoke OAuth Access: Disconnect integrations at any time from within the portal settings or from your Google / Microsoft account settings.

To exercise any of these rights, contact us at info@cyberspark.in. We will respond within 30 days.

8. Cookies and Tracking

We use session cookies and HTTP-only authentication cookies to maintain your login session. We do not use advertising cookies or third-party tracking pixels. You may disable cookies in your browser, but doing so will prevent you from logging in.

9. Children's Privacy

Cyber Spark Portal is intended for use by professionals and employees within organizational settings. We do not knowingly collect information from individuals under the age of 18. If you believe a minor has provided us with personal data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the “Last updated” date at the top of this page. Continued use of the application after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us:

CyberSpark

Email: info@cyberspark.in