Privacy Policy

Effective November 1, 2019. Document History

This Policy applies to all of the Sprouted websites, products and services, and any point of contact you might have with Sprouted.

We define the following as our "Online Services":

  • The sprouted.app websites (sprouted.app, app.sprouted.app)

This document is a sister-document to our Terms of Service document. Please make sure you read both carefully before accessing or using a Sprouted Online Service.

Our commitment to privacy

This Privacy Policy describes the what, hows, and whys of collecting your information. To make it easy to find, we make it available on our homepage and at every point where we request personally identifiable information.

In this Privacy Policy, we sometimes refer to "you". "You" may be a visitor to one of our websites or a user of our Online Services. We’ll do our best to clarify who we are referring to at various points in the policy.

This Privacy Policy also describes your choices regarding how your data is used, and how you can access, update, or delete this information.

We only collect the minimum amount of personal information necessary to fulfill the purpose of your interaction with us; we keep it only for as long as we have valid reasons to keep it; we never sell or rent it to third parties; and we only use it as this Privacy Policy describes.

Our business model is a very traditional one: we provide products and services, and customers pay us for them. In other words, you are the customer, NOT the product.

Who we are

The owner and operator of Sprouted is Releasewise B.V., a private limited liability company registered in The Netherlands. Its Chamber of Commerce registration is 75862751. The postal address is Borgerderstraat 8, 9527TD Bronneger, The Netherlands. Bitgain B.V. fully owns Releasewise B.V. and both companies are run by Erik van Eykelen (erik@releasewise.com).

Data we collect and how we use it

Below is a complete description of data we collect, and what we do with the data. If it's not listed here or in our Terms of Service, we don't do it.

We call data that identifies — or that could reasonably be used to identify — you as an individual as "Personal Data".

This data includes:

  • Financial data such as credit/debit card number.
  • Contact details, such as name, email address, postal address.
  • Other personal data, such as IP address.

You can find detailed information on how we keep your data safe in our Information Security page.

Transaction and billing information

When purchasing directly from Sprouted we collect data from you in order to complete the transaction and provide you access to our Online Service. To make it as secure as possible, your credit card information (including number, expiration date and CVC security code) is sent securely to our payment processor (see below) directly from your browser. The processor validates it and sends us a validation code we can use to finish the purchase.

The processor stores your credit card information as well as your billing contact information in order to process your monthly or annual automatic renewals, or to allow you to upgrade or downgrade your subscription without re-entering a credit card number.

We never have access to, nor store your full credit card information.

We require you to enter your billing information. This data, as well as the last four digits of your credit card which is sent to us by our payment processor, is stored in our transaction database (hereinafter "TD") in order to maintain our financial records. This information appears on your invoice, which can be accessed by anyone who has been sent the url link to your invoice. We make the invoice links purposefully long and hard to guess for added security, and we prevent search engines from indexing them.

We automatically email the public invoice link following the purchase to the email address(es) you have provided.

The history of changes to the billing contact information on the invoice made by you or our team are logged and stored in TD.

Our records may include more than one billing contact. These email addresses and related billing contact information can be updated at any time and the history of changes are logged in TD.

The data we collect in TD, including Personal Data, is not shared with third parties, except for the purposes of determining the validity of a payment. In this case we may share the name and email address associated with the purchase with the credit card holder, your company’s accounting department, or with our payment processor when responding to a chargeback.

We only send emails to the email addresses we collect in TD to communicate account activity such as purchase confirmation and subscription status (renewal, cancellation, etc.).

Personal data for online services

User account information

For our Online Services that have the concept of a "User Account", we store your name, email address, and if you upload it, a photo to use as your avatar.

We use this information to identify you as a user of the Online Service.

Cookies

For the Online Services where you have a separate User Account, we may use cookies to identify whether you have logged in. Therefore, your browser must be enabled to accept cookies from our Online Service's domain in order for you to use it.

Passwords

We store passwords only for Online Services with separate Sprouted "User Accounts". We never store these passwords in the clear. No-one can see them. We either save them in our database using best-practice cryptographic hashing, or go through a 3rd party authentication provider (see below).

It is your sole responsibility to keep your user name, password, and other sensitive information confidential. If you become aware of any unauthorized use of your account or any other breach of security, you must notify Sprouted immediately.

If you forget your password, we send you a secure link via email that lets you reset it.

Sprouted staff will never change a password for you, nor change the Owners (as defined in the Terms of Service) or Billing Administrators.

Communication with us

If you send us an email to an address that ends in '@sprouted.app', or use one of the online forms on our website sprouted.app, we collect your name and email address and any additional information and documents you send us in your correspondence.

We keep that data in our help desk software (see below) indefinitely. The customer interaction history helps us provide you with better customer service and helps us research how to improve our products and services.

We also use this information to proactively contact you if we see from our logs that you're having an issue with our Services, or if we resolved an issue you reported. If you had expressed interest in them, we also email you to notify you of beta programs or user research interviews.

Newsletter

If you chose to sign up for our newsletter we ask you to enter your email address, so that we can send you the newsletter. We keep your email address in our newsletter service provider (see below) until you unsubscribe via the link included in every newsletter.

Visiting our online services

We use Simple Analytics (see below) to help us in our marketing efforts and only track aggregate data. The Simple Analytics code we use saves no cookies on your computer.

Simple Analytics collects no IP addresses of visitors to our site. We do store IP addresses in our server logs.

Third-party vendors

In order to keep your Personal Data as secure as possible, we don't own any servers of our own. Instead, we rely on best-in-class third party services to store your data more securely than what we would be able to do ourselves.

Here's the list of our vendors we use, and links to their privacy policies:

Amazon Web Services (AWS) File storage https://aws.amazon.com/privacy/
Azure DevOps OAuth provider https://docs.microsoft.com/en-us/azure/devops/organizations/security/data-protection?view=azure-devops
Bugsnag Application monitoring https://docs.bugsnag.com/legal/privacy-policy/
‍Cloudinary Image, video, document, and audio processor, and storage https://cloudinary.com/privacy
GitHub OAuth provider https://help.github.com/en/github/site-policy/github-privacy-statement
‍GitLab OAuth provider https://about.gitlab.com/privacy/
‍Google OAuth provider https://policies.google.com/privacy
Heroku Platform-as-a-Service provider hosting our applications, databases, load balancers, app servers, backups, and firewalls https://www.heroku.com/policy/security
‍Postmark app Inbound and outbound email processor https://wildbit.com/privacy-policy
‍Pusher Websocket API provider https://pusher.com/legal/privacy-policy
‍Simple Analytics Web visitor analytics https://simpleanalytics.com/privacy
‍Stripe Payment processor https://stripe.com/privacy‍
Webflow Website hosting https://webflow.com/legal/privacy‍

How to access or control your data

You have the right to request a copy of your information, to object to our use of your information, to request the deletion or restriction of your information, or to request your information in a structured, electronic format.

Sprouted gives you a way to access your personal information and correct it via the account page.

Our Online Services give you a way to download or delete your data at any time. Once you delete your data, unless specified otherwise, we keep it in our backups for up to 60 days, then destroy it with no way to recover it.

If you have any questions or concerns about how your Personal Data is processed, or if you want a copy of your data, or want to rectify it or delete it, don't hesitate to email us at support@sprouted.app.

To protect your privacy and security, we will take reasonable steps to verify your identity before granting access or making corrections. We use this procedure to better safeguard your information. You can correct factual errors in your personally identifiable information by sending us a request that credibly shows error.

We will respond as quickly as possible, and certainly within 30 days.

In certain circumstances we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.

Data security

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

If we become aware of a data breach that affects your Personal Data, we will notify you (and the appropriate national supervisory authorities) within 72 hours.

Our detailed Information Security information is here.

Who can see my data?

The people you share them with, as described in our Online Service.

For the Sprouted Services that have the concept of Owners (as defined in Terms of Service), they will be able to see your data as well.

For Online Services some Sprouted employees will also have access, according to the following guidelines:

  • We restrict who at Sprouted can access customer data to only senior members of the team, and never to outside parties.
  • We only access your data in response to a customer support question, or to debug and fix an issue.
  • We never make changes to anything unless explicitly requested by an Owner.
  • We never share what we see with other customers, the general public, or the rest of the Sprouted staff.
  • We might give access to government authorities if requested in writing. We’ll try not to, but we don’t have the resources to fight the government. We’ll also keep your Owners(s) informed as much as we can if this happens.

Changes to this privacy policy

We may change this privacy policy from time to time. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice by adding a notice on our homepage, product login screens, or by sending you an email notification.

Contact Sprouted

Should you have questions or concerns about our Privacy Policy, our practices, or any of our legal documents please send us an e-mail at support@sprouted.app.

Document history