Discussion
Loading...

Privacy policy
Log in
  • About
  • Code of conduct
  • Privacy
  • About Bonfire

Spark Privacy Policy

Effective Date: 2025-06-28
Last Updated: 2025-06-28
Platform: Spark (spark.box464.social)
Software: Bonfire Social Platform

1. Introduction

IMPORTANT: Spark is a test instance. There is no guarantee that data will be kept and data could be lost at any time. Users should regularly export their data and maintain backups.

This Privacy Policy explains how Spark ("we," "us," or "our") collects, uses, processes, and protects your personal information when you use our federated social media platform. Spark is built on the Bonfire platform and operates using the ActivityPub protocol, which enables federation with other compatible social media instances.

By using Spark, you consent to the collection and use of your information as described in this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Username and display name
  • Email address
  • Password (stored in encrypted form)
  • Profile information you choose to provide (bio, avatar, header image)
  • Account preferences and settings

2.2 Content and Activity Data

  • Posts, comments, and replies you create
  • Media files you upload (images, videos, audio)
  • Likes, shares, and other interactions
  • Lists and collections you create
  • Direct messages and private communications
  • Followers and following relationships

2.3 Technical Information

  • IP addresses and device identifiers
  • Browser type and version
  • Operating system information
  • Access timestamps and session data
  • Referrer URLs and page views
  • API usage and application connections

2.4 Federation Data

Due to the federated nature of ActivityPub:

  • Your public posts are shared with other instances
  • Interaction data with users from other instances
  • Profile information visible across the fediverse
  • Follower/following relationships with remote users

3. How We Use Your Information

3.1 Platform Operation

  • Providing and maintaining the Spark service
  • Authenticating your identity and securing your account
  • Delivering content and notifications
  • Enabling social interactions and federation
  • Improving platform performance and functionality

3.2 Communication

  • Sending important service announcements
  • Responding to your support requests
  • Notifying you of security issues or policy changes
  • Optional promotional communications (with consent)

3.3 Safety and Security

  • Detecting and preventing spam, abuse, and violations
  • Investigating reported content and behavior
  • Protecting against unauthorized access
  • Complying with legal obligations

3.4 Analytics and Improvement

  • Understanding how users interact with the platform
  • Identifying areas for improvement
  • Developing new features and capabilities
  • Generating aggregated, anonymized statistics

4. Information Sharing and Disclosure

4.1 Federation and ActivityPub

  • Public posts are shared with federated instances
  • Your profile information is visible across the fediverse
  • Interactions with remote users are shared with their instances
  • Instance blocking may limit but not eliminate data sharing

4.2 Service Providers

We may share information with trusted third parties who:

  • Provide hosting and infrastructure services
  • Assist with platform maintenance and security
  • Help with legal compliance and safety measures
  • Are bound by confidentiality agreements

4.3 Legal Requirements

We may disclose information when required by:

  • Valid legal processes (subpoenas, court orders)
  • Law enforcement investigations
  • National security requirements
  • Protection of rights, property, or safety

4.4 Service Discontinuation

If Spark ceases operations, we will provide advance notice to users and facilitate data export. No business transfers or sales of user data will occur.

5. Data Retention

5.1 Test Instance Data Retention

CRITICAL WARNING: As a test instance, data may be lost without notice due to:

  • System failures or crashes
  • Software updates or migrations
  • Hardware issues
  • Intentional data resets for testing purposes
  • Platform maintenance or experiments

Users are strongly advised to regularly export their data and maintain personal backups.

5.2 Active Accounts

  • Account data is retained while your account remains active
  • Content remains available according to your privacy settings
  • Backup copies may be retained for operational purposes

5.3 Account Deletion

  • Account data is deleted within 30 days of deletion request
  • Some information may persist in backups for up to 90 days
  • Federated content may remain on other instances
  • Legal holds may extend retention periods

5.4 Inactive Accounts

  • Accounts inactive for over 2 years may be subject to deletion
  • Users will receive notice before deletion occurs
  • Data export will be available before deletion

6. Your Privacy Rights

6.1 Access and Portability

  • View and download your account data
  • Export your content in machine-readable formats
  • Request copies of information we hold about you

6.2 Correction and Updates

  • Edit your profile and account information
  • Correct inaccurate personal data
  • Update your privacy preferences

6.3 Deletion and Restriction

  • Delete your account and associated data
  • Request deletion of specific content
  • Restrict processing of your information

6.4 Objection and Withdrawal

  • Object to certain uses of your data
  • Withdraw consent for optional data processing
  • Opt out of promotional communications

7. Privacy Controls and Settings

7.1 Visibility Settings

  • Control who can see your posts (public, followers-only, private)
  • Manage follower approval settings
  • Configure search engine indexing preferences

7.2 Interaction Controls

  • Block or mute specific users
  • Filter content based on keywords or media
  • Control who can send you direct messages

7.3 Federation Settings

  • Choose whether to federate your content
  • Block specific instances or domains
  • Control cross-instance visibility

7.4 Notification Preferences

  • Customize email and push notifications
  • Set preferences for mentions and interactions
  • Control activity digest frequency

8. Security Measures

8.1 Data Protection

  • Encryption of data in transit and at rest
  • Regular security audits and monitoring
  • Secure password storage using industry standards
  • Multi-factor authentication options

8.2 Access Controls

  • Role-based access to user data
  • Regular access reviews for staff
  • Logging and monitoring of data access
  • Incident response procedures

9. Children's Privacy

  • Spark is not intended for users under 13 years of age
  • We do not knowingly collect data from children under 13
  • Parents may request deletion of their child's data
  • Enhanced protections apply for users under 18

10. International Data Transfers

  • Data may be processed in countries other than your residence
  • We ensure adequate protection through appropriate safeguards
  • EU users have specific rights under GDPR
  • Data transfer mechanisms comply with applicable laws

11. Cookies and Tracking

11.1 Cookies We Use

  • Essential cookies for platform functionality
  • Preference cookies for your settings
  • Analytics cookies for platform improvement
  • Security cookies for fraud prevention

11.2 Third-Party Cookies

  • Spark does not use any third-party cookies
  • All cookies are first-party and essential for platform operation
  • You can control cookie preferences in your browser
  • Some features may not work with cookies disabled

12. Changes to This Policy

  • We may update this policy to reflect changes in our practices
  • Significant changes will be announced on the platform
  • Users will be notified via email for material changes
  • Continued use constitutes acceptance of updated policy

13. Regional Privacy Rights

13.1 European Union (GDPR)

  • Right to be informed about data processing
  • Right of access to your data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making

13.2 California (CCPA)

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale of personal information
  • Right to non-discrimination for exercising privacy rights

13.3 Other Jurisdictions

  • We comply with applicable local privacy laws
  • Contact us for jurisdiction-specific rights
  • Additional protections may apply based on your location

14. Contact Information

For privacy-related questions, requests, or concerns:

Privacy Inquiries: admin@spark.box464.social
General Contact: admin@spark.box464.social
Admin: Jeff Sikes
Postal Address: Available upon request

Response Time: We will respond to privacy requests within 30 days (or as required by applicable law).

15. Data Controller Information

Data Controller: BOX464, LLC
Registration: LLC registered in Texas
Location: Texas, United States
Representative: Jeff Sikes, Admin

Note about Federation: Due to the federated nature of ActivityPub, some of your data may be processed by other instances in the fediverse. While we cannot control how other instances handle your data, we encourage users to review the privacy policies of instances they interact with and report any concerns to us.

This privacy policy is designed to be transparent about our data practices while acknowledging the unique aspects of federated social media. We are committed to protecting your privacy while enabling meaningful social connections across the fediverse.

Log in

Spark

This is a bonfire demo instance for testing purposes

Spark: About · Code of conduct · Privacy ·
Bonfire social · 1.0.0-rc.2.1 no JS en
Automatic federation enabled
  • Explore
  • About
  • Code of Conduct