Privacy Policy for Sprout

Last Updated: February 2, 2025

Introduction

Welcome to Sprout ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience using our app. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Sprout mobile application.

By using Sprout, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide

Account Information:

  • Email address (if you create an account)

  • Password (encrypted and never stored in plain text)

  • Name (optional, for personalization)

  • OAuth provider information (if you sign in with Google or Apple)

App Usage Data:

  • Tasks you create (title, notes, due dates, priority)

  • Pet customization (pet type, name, pronouns)

  • App settings and preferences

  • Completion history and productivity statistics

1.2 Information Automatically Collected

Device Information:

  • Device type and model

  • Operating system version

  • Unique device identifiers

  • App version

Usage Analytics:

  • App interactions and feature usage

  • Session duration

  • Error logs and crash reports

  • Performance metrics

1.3 Information We Do NOT Collect

  • We do NOT track your location

  • We do NOT access your contacts

  • We do NOT access your camera or photos (unless you explicitly grant permission)

  • We do NOT share your data with third-party advertisers

  • We do NOT sell your personal information

2. How We Use Your Information

We use your information to:

2.1 Provide Core Services

  • Create and maintain your account

  • Sync your tasks and data across devices

  • Save your pet's progress and customization

  • Process your subscription (if you upgrade to Premium)

2.2 Improve User Experience

  • Personalize app content and features

  • Remember your preferences and settings

  • Provide AI-powered task recommendations (when you use AI features)

2.3 Maintain App Functionality

  • Monitor app performance and fix bugs

  • Prevent fraud and abuse

  • Respond to user support requests

  • Send important service updates

2.4 AI Features

When you use AI-powered features (Task Breakdown, Brain Dump, "What Should I Do Now?"):

  • Your task data is sent to OpenAI's API for processing

  • We do not store AI-generated content longer than necessary

  • AI processing is subject to OpenAI's privacy policy: https://openai.com/privacy

3. How We Share Your Information

We do NOT sell your personal information. We only share data in these limited circumstances:

3.1 Service Providers

  • Supabase (database and authentication) - stores your account and app data

  • OpenAI (AI features) - processes task data when you use AI features

  • RevenueCat (subscription management) - processes premium subscriptions

  • Google/Apple (OAuth authentication) - when you sign in with these services

All service providers are contractually required to protect your data.

3.2 Legal Requirements

We may disclose your information if required by law, court order, or to:

  • Comply with legal processes

  • Enforce our Terms of Service

  • Protect our rights, property, or safety

  • Prevent fraud or security threats

3.3 Business Transfers

If Sprout is acquired or merged with another company, your information may be transferred. You will be notified of any such change.

4. Data Storage and Security

4.1 Where We Store Data

  • Cloud Storage: Your data is stored securely on Supabase servers (AWS infrastructure)

  • Local Storage: Some data is cached locally on your device for offline access

  • Server Location: Primary servers are located in the United States

4.2 How We Protect Data

  • All data is encrypted in transit (HTTPS/TLS)

  • Database is encrypted at rest

  • Passwords are hashed using industry-standard algorithms

  • Regular security audits and updates

  • Role-based access controls (Row Level Security)

4.3 Data Retention

  • Active accounts: Data retained as long as your account is active

  • Deleted accounts: Data deleted within 30 days of account deletion

  • Completed tasks: Free users: auto-deleted after 7 days; Premium users: customizable retention

  • Backups: Retained for up to 90 days for disaster recovery

5. Your Privacy Rights

5.1 Access and Control

You have the right to:

  • Access your data: View all data we store about you

  • Update your data: Edit your profile, tasks, and settings anytime

  • Delete your data: Request complete account deletion

  • Export your data: Download your tasks and app data

  • Opt-out of analytics: Disable crash reporting and analytics (coming soon)

5.2 How to Exercise Your Rights

  • In-app: Go to Settings → Account → Manage Data

  • Email us: support@sproutapp.tech

  • Account deletion: Settings → Account → Reset Account (deletes all data)

5.3 Regional Rights

For EU/UK Users (GDPR):

  • Right to data portability

  • Right to be forgotten

  • Right to restrict processing

  • Right to object to processing

  • Right to lodge a complaint with supervisory authority

For California Users (CCPA):

  • Right to know what data is collected

  • Right to delete personal information

  • Right to opt-out of data sales (we don't sell data)

  • Right to non-discrimination for exercising rights

6. Children's Privacy

Sprout is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13.

If you believe we have collected data from a child under 13:

Parents: If you want to review or delete your child's data, contact us with verification of guardianship.

7. Third-Party Services

7.1 Authentication Providers

  • Google Sign-In: Subject to Google Privacy Policy

  • Apple Sign-In: Subject to Apple Privacy Policy

When you use these services, they may collect data according to their own policies.

7.2 AI Services

  • OpenAI API: Processes task data when you use AI features

  • We send minimal data necessary for AI functionality

  • OpenAI's data usage policy: https://openai.com/privacy

7.3 Payment Processing

  • Apple App Store: Processes iOS in-app purchases

  • Google Play Store: Processes Android in-app purchases

  • RevenueCat: Manages subscription status

We do NOT store your payment information (credit cards, etc.).

8. Cookies and Tracking

8.1 What We Use

  • Local Storage: To save your settings and preferences

  • Authentication Tokens: To keep you logged in

  • Analytics: To understand how features are used (anonymized)

8.2 What We Don't Use

  • We do NOT use advertising cookies

  • We do NOT use cross-site tracking

  • We do NOT share data with ad networks

9. International Data Transfers

If you use Sprout outside the United States:

  • Your data may be transferred to and processed in the US

  • We ensure adequate data protection through:

    • Standard contractual clauses

    • Adherence to Privacy Shield principles

    • Service provider agreements

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Changes will be posted with a new "Last Updated" date.

How we notify you:

  • In-app notification for significant changes

  • Email notification (if you have an account)

  • Continued use of the app constitutes acceptance

Your options:

  • Review changes and continue using Sprout

  • Contact us with questions or concerns

  • Delete your account if you disagree with changes

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy:

Email: support@sproutapp.tech

Mail:
Sprout App
2 Foster Close,
Derby. DE30BF

Response Time: We aim to respond within 48 hours for privacy requests, 7 days for complex requests.

12. Data Protection Officer

For EU/UK users, you can contact our Data Protection Officer at:

Email: dpo@sproutapp.tech (or support@sproutapp.tech)

Summary

What we collect: Email, tasks, pet data, usage analytics

Why we collect it: To provide the app, sync across devices, improve features

Who we share with: Only essential service providers (Supabase, OpenAI, payment processors)

Your rights: Access, update, export, and delete your data anytime

Our commitment: We never sell your data or show you ads

Legal Basis for Processing (GDPR)

We process your data based on:

  • Consent: When you create an account and use the app

  • Contract: To provide services you've signed up for

  • Legitimate Interest: To improve the app and prevent fraud

  • Legal Obligation: To comply with laws and regulations

You can withdraw consent anytime by deleting your account.

Thank you for trusting Sprout with your data. Your privacy matters to us.

This Privacy Policy is effective as of February 2, 2025 and applies to all users of the Sprout mobile application.