Effective November 1, 2019. Document History
This Policy applies to all of the Sprouted websites, products and services, and any point of contact you might have with Sprouted.
We define the following as our "Online Services":
This document is a sister-document to our Terms of Service document. Please make sure you read both carefully before accessing or using a Sprouted Online Service.
Our business model is a very traditional one: we provide products and services, and customers pay us for them. In other words, you are the customer, NOT the product.
The owner and operator of Sprouted is Releasewise B.V., a private limited liability company registered in The Netherlands. Its Chamber of Commerce registration is 75862751. The postal address is Borgerderstraat 8, 9527TD Bronneger, The Netherlands. Bitgain B.V. fully owns Releasewise B.V. and both companies are run by Erik van Eykelen (email@example.com).
Below is a complete description of data we collect, and what we do with the data. If it's not listed here or in our Terms of Service, we don't do it.
We call data that identifies — or that could reasonably be used to identify — you as an individual as "Personal Data".
This data includes:
You can find detailed information on how we keep your data safe in our Information Security page.
When purchasing directly from Sprouted we collect data from you in order to complete the transaction and provide you access to our Online Service. To make it as secure as possible, your credit card information (including number, expiration date and CVC security code) is sent securely to our payment processor (see below) directly from your browser. The processor validates it and sends us a validation code we can use to finish the purchase.
The processor stores your credit card information as well as your billing contact information in order to process your monthly or annual automatic renewals, or to allow you to upgrade or downgrade your subscription without re-entering a credit card number.
We never have access to, nor store your full credit card information.
We require you to enter your billing information. This data, as well as the last four digits of your credit card which is sent to us by our payment processor, is stored in our transaction database (hereinafter "TD") in order to maintain our financial records. This information appears on your invoice, which can be accessed by anyone who has been sent the url link to your invoice. We make the invoice links purposefully long and hard to guess for added security, and we prevent search engines from indexing them.
We automatically email the public invoice link following the purchase to the email address(es) you have provided.
The history of changes to the billing contact information on the invoice made by you or our team are logged and stored in TD.
Our records may include more than one billing contact. These email addresses and related billing contact information can be updated at any time and the history of changes are logged in TD.
The data we collect in TD, including Personal Data, is not shared with third parties, except for the purposes of determining the validity of a payment. In this case we may share the name and email address associated with the purchase with the credit card holder, your company’s accounting department, or with our payment processor when responding to a chargeback.
We only send emails to the email addresses we collect in TD to communicate account activity such as purchase confirmation and subscription status (renewal, cancellation, etc.).
For our Online Services that have the concept of a "User Account", we store your name, email address, and if you upload it, a photo to use as your avatar.
We use this information to identify you as a user of the Online Service.
We store passwords only for Online Services with separate Sprouted "User Accounts". We never store these passwords in the clear. No-one can see them. We either save them in our database using best-practice cryptographic hashing, or go through a 3rd party authentication provider (see below).
It is your sole responsibility to keep your user name, password, and other sensitive information confidential. If you become aware of any unauthorized use of your account or any other breach of security, you must notify Sprouted immediately.
If you forget your password, we send you a secure link via email that lets you reset it.
Sprouted staff will never change a password for you, nor change the Owners (as defined in the Terms of Service) or Billing Administrators.
If you send us an email to an address that ends in '@sprouted.app', or use one of the online forms on our website sprouted.app, we collect your name and email address and any additional information and documents you send us in your correspondence.
We keep that data in our help desk software (see below) indefinitely. The customer interaction history helps us provide you with better customer service and helps us research how to improve our products and services.
We also use this information to proactively contact you if we see from our logs that you're having an issue with our Services, or if we resolved an issue you reported. If you had expressed interest in them, we also email you to notify you of beta programs or user research interviews.
If you chose to sign up for our newsletter we ask you to enter your email address, so that we can send you the newsletter. We keep your email address in our newsletter service provider (see below) until you unsubscribe via the link included in every newsletter.
We use Simple Analytics (see below) to help us in our marketing efforts and only track aggregate data. The Simple Analytics code we use saves no cookies on your computer.
Simple Analytics collects no IP addresses of visitors to our site. We do store IP addresses in our server logs.
In order to keep your Personal Data as secure as possible, we don't own any servers of our own. Instead, we rely on best-in-class third party services to store your data more securely than what we would be able to do ourselves.
Here's the list of our vendors we use, and links to their privacy policies:
You have the right to request a copy of your information, to object to our use of your information, to request the deletion or restriction of your information, or to request your information in a structured, electronic format.
Sprouted gives you a way to access your personal information and correct it via the account page.
Our Online Services give you a way to download or delete your data at any time. Once you delete your data, unless specified otherwise, we keep it in our backups for up to 60 days, then destroy it with no way to recover it.
If you have any questions or concerns about how your Personal Data is processed, or if you want a copy of your data, or want to rectify it or delete it, don't hesitate to email us at firstname.lastname@example.org.
To protect your privacy and security, we will take reasonable steps to verify your identity before granting access or making corrections. We use this procedure to better safeguard your information. You can correct factual errors in your personally identifiable information by sending us a request that credibly shows error.
We will respond as quickly as possible, and certainly within 30 days.
In certain circumstances we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.
To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.
If we become aware of a data breach that affects your Personal Data, we will notify you (and the appropriate national supervisory authorities) within 72 hours.
Our detailed Information Security information is here.
The people you share them with, as described in our Online Service.
For the Sprouted Services that have the concept of Owners (as defined in Terms of Service), they will be able to see your data as well.
For Online Services some Sprouted employees will also have access, according to the following guidelines: