Back to home

GDPR & Data Protection

Last updated: July 18, 2026

Moxy and GDPR

Moxy is a Business Management System operated by Spark Development SRL, based in Romania. This page is a summary of how we approach data protection under the EU General Data Protection Regulation (GDPR). For the detailed terms, please see our Privacy Policy and Data Processing Agreement.

Roles

For data customers add into Moxy about their employees, customers, suppliers, contacts, projects, and operations, the customer is the data controller and Spark Development SRL acts as the data processor.

Data Processing Agreement

A Data Processing Agreement (DPA) is available at /dpa and sets out the processor terms, data categories, processing activities, and safeguards.

Security measures

We apply technical and organizational measures appropriate to the risk, including access control, authentication, least-privilege practices, encrypted transport where applicable, backups, logging and monitoring, secure hosting, and incident response.

Data subject rights

Subject to applicable law, individuals have the right to access, rectify, delete, restrict, or object to processing of their personal data, to data portability, and to withdraw consent where processing is based on it. Individuals also have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP). When the data is managed by a customer organization in Moxy, requests should generally be directed to that organization first.

Data retention and deletion

We keep personal data only as long as necessary for the service, contractual and legal obligations, backups, security, and dispute resolution. Customers can also manage and delete data they control within Moxy.

Diagnostics and logs

Moxy may use a self-hosted Sentry instance or a similar self-hosted diagnostics tool to detect bugs, crashes, failed requests, and performance issues. We aim to minimize personal data in diagnostics and logs and avoid intentionally collecting sensitive content. Session replay is not currently enabled. See the Privacy Policy for details.

Cookies and tracking

The public Moxy website currently does not use analytics, advertising, or tracking cookies. The application uses only strictly necessary cookies or similar technologies. See the Cookie Policy for details.

Subprocessors

A list of current subprocessors is maintained in the Data Processing Agreement. Potential categories may include hosting and infrastructure providers, email providers, support tools, diagnostics systems, and backup providers.

Contact for privacy requests

For privacy, GDPR, and data protection requests, contact Spark Development SRL at dpo@sprk.dev. For general product or commercial questions, contact hello@sprk.dev.

A note on this page

This page is a summary. The Privacy Policy and Data Processing Agreement contain the more detailed terms.