Skip to main content
Back to Spritz

Privacy Policy

Last updated: 2/16/2026

1. Introduction

Welcome to Spritz ("we," "our," or "us"). Spritz is a decentralized communication platform that enables real-time messaging, video calls, livestreaming, and AI agents for Web3 users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application available at app.spritz.chat.

By using Spritz, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our service.

2. Information We Collect

2.1 Wallet and Blockchain Data

  • Wallet Addresses: We collect and store your wallet address (Ethereum, Base, Solana, or other supported chains) when you connect your wallet or use passkey authentication.
  • ENS/SNS Names: We may resolve and display your Ethereum Name Service (ENS) or Solana Name Service (SNS) names if you have one associated with your wallet.
  • Transaction Data: We do not collect on-chain transaction data, but blockchain transactions are publicly visible on their respective networks.

2.2 Account Information

  • Username: If you choose to claim a Spritz username, we store it associated with your wallet address.
  • Display Name: Optional display name you provide.
  • Avatar: Pixel art avatars you create or upload.
  • Status: Your status updates and presence information.

2.3 Communication Data

  • Messages: End-to-end encrypted messages sent through our decentralized messaging system (Waku protocol). We do not have access to message content.
  • Call Data: Metadata about video and voice calls (duration, participants, timestamps). Call content is not recorded or stored by us.
  • Livestream Data: Metadata about livestreams (title, duration, viewer counts). Video content is processed by Livepeer and not stored by us.

2.4 Optional Information

  • Email Address: Only if you choose to verify your email address.
  • Phone Number: Only if you choose to verify your phone number via Twilio.
  • Social Links: Twitter, Farcaster, Lens, or other social media links you choose to add.
  • Google Calendar: If you connect your Google Calendar for scheduling, we store OAuth tokens to check your availability (busy/free times only). We never access or store your event titles, descriptions, attendees, or other private calendar data. See Section 4.5 for full details.

2.5 Technical Data

  • Device Information: Browser type, device type, operating system.
  • Usage Analytics: Aggregated usage statistics (messages sent, call duration, etc.) for analytics purposes.
  • IP Address: Collected for security and fraud prevention purposes.
  • Cookies and Local Storage: We use localStorage to store authentication credentials and preferences. We do not use tracking cookies.

3. How We Use Your Information

  • To provide and maintain our service
  • To authenticate and identify you
  • To enable communication between users
  • To facilitate video calls and livestreaming
  • To provide AI agent functionality
  • To sync calendar availability (if connected)
  • To send push notifications (with your consent)
  • To improve and optimize our service
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

4. Third-Party Services

Spritz uses the following third-party services that may collect or process your data:

4.1 Supabase

We use Supabase for database storage and real-time features. Your account data, messages metadata, and preferences are stored on Supabase servers. See Supabase Privacy Policy.

4.2 Waku Protocol

Messages are sent through the decentralized Waku network. Messages are end-to-end encrypted and not stored by Waku nodes. See Waku Protocol.

4.3 Huddle01

Video and voice calls are powered by Huddle01. Call metadata may be processed by Huddle01. See Huddle01 Privacy Policy.

4.4 Livepeer

Livestreaming is powered by Livepeer. Stream content is processed and delivered by Livepeer. See Livepeer Privacy Policy.

4.5 Google Calendar Integration

Purpose: If you choose to connect your Google Calendar, Spritz uses this integration to enable the scheduling feature, allowing other users to book calls with you based on your availability.

Data We Access:

  • FreeBusy Information: We check when you are busy or free to display available time slots. We do NOT access event titles, descriptions, attendees, or other event details.
  • OAuth Tokens: We securely store refresh tokens to maintain the connection. These tokens can only access calendar availability, not your emails, files, or other Google data.

Data We Do NOT Access: Event names, event descriptions, attendee lists, event locations, attachments, or any other Google account data.

Data Sharing & AI Disclosure: Google Calendar data obtained via the Google Calendar API is NEVER shared with, transferred to, or disclosed to any third parties. Specifically, Google Calendar data is NEVER sent to any AI/LLM services, including our AI agents feature. The calendar integration operates completely independently from our AI features. Google Calendar data is used solely within Spritz to display your availability to other Spritz users for scheduling purposes.

Disconnecting: You can disconnect your Google Calendar at any time from your Spritz settings. When disconnected, we immediately delete your stored OAuth tokens.

For more information, see Google Privacy Policy.

4.6 Other Services

5. Data Sharing, Transfer, and Disclosure

Spritz is committed to protecting your data. Here is exactly how we handle data sharing:

5.1 Google User Data

We do NOT share, transfer, or disclose Google user data to any third parties.

  • Google Calendar data is NEVER sent to AI/LLM services (including Google Gemini)
  • Google Calendar data is NEVER used to train AI models
  • Google Calendar data is NEVER sold or shared with advertisers
  • Google Calendar data is used ONLY within Spritz to display availability for scheduling

5.2 Data Segregation

Spritz maintains complete data segregation between our features:

  • Calendar Feature: Operates independently using only Google Calendar API data. This data never leaves the calendar feature context.
  • AI Agents Feature: Uses only user-provided messages and knowledge base URLs. AI agents have no access to Google Calendar data.

5.3 Third-Party Service Providers

We use the following service providers to operate Spritz. These providers process data only as necessary to provide their services and are contractually obligated to protect your data:

  • Supabase: Database hosting (account data, preferences)
  • Huddle01: Video call infrastructure (call metadata only)
  • Livepeer: Livestream processing (stream content)
  • Google Gemini: AI responses (user-provided messages only, NOT Google Calendar data)

Important: Google Calendar data is NOT shared with any of these providers.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information. However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

Messages sent through Spritz are end-to-end encrypted using the Waku protocol, meaning we cannot read your message content. Your wallet private keys are never transmitted to our servers and remain in your control.

7. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal obligations)
  • Portability: Request transfer of your data to another service
  • Objection: Object to processing of your data for certain purposes
  • Withdraw Consent: Withdraw consent for optional data processing (e.g., push notifications, calendar sync)

To exercise these rights, please contact us at the email address provided below.

8. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations. If you delete your account or request data deletion, we will delete or anonymize your data within 30 days, except where we are required to retain it for legal purposes.

9. Children's Privacy

Spritz is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using Spritz, you consent to the transfer of your information to these countries.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: privacy@spritz.chat

Website: app.spritz.chat

13. Blockchain and Decentralization

Spritz leverages blockchain technology and decentralized protocols. Please note that:

  • Wallet addresses and on-chain transactions are publicly visible on their respective blockchains
  • Messages are sent through decentralized networks and may be routed through multiple nodes
  • We cannot delete data that has been permanently recorded on a blockchain
  • Your wallet private keys are your responsibility and should never be shared

© 2026 Spritz. All rights reserved.

Privacy PolicyTerms of Service