Sprintt privacy policy

Last updated: 15 April 2026

This policy explains what we collect when you use Sprintt, what we do with it, who helps us process it, and what choices you have. We wrote it to be readable — if anything is unclear, email us and we'll clarify.

1. Who we are

Sprintt is operated by Durva Mathure. We're a small team building a product for founders; we don't have a separate legal department, but we take privacy seriously.

Operator: Durva Mathure
Privacy contact: durva@sprintt.app

2. What we collect

Depending on how you use Sprintt, we process:

• Account information. When you sign in with Google OAuth, we receive identifiers Supabase needs to keep you logged in, plus your email and name as provided by Google.
• Project data. What you enter in the product: your startup one-liner, intake answers, experiment logs, learning entries, evidence uploads, and related workspace content.
• Usage data.In-app activity we need to run the service and understand what works — for example which features you use, how often you sign in, and whether you complete experiments. We may aggregate this so it's not tied to you personally when we look at trends.
• Payment data.If you subscribe to a paid plan, Stripe handles card and billing details. We don't see or store your full card number on our servers; we receive subscription status and limited billing metadata from Stripe.

3. How we use your data

We use what we collect to:

• Run Sprintt — including AI-assisted analysis, research features, daily actions, and everything you see in your workspace.
• Send product emails you've asked for or that are part of the service (for example nudges or digest emails). You can opt out of non-essential messages using the unsubscribe link in those emails where applicable.
• Improve the product using anonymized and aggregated patterns (for example which parts of the journey people finish). We don't use this to single you out or sell profiles.

To deliver AI and market research, we send portions of your project data to third-party processors (see below). They handle data under their own terms and privacy policies, and we only send what the feature needs to work.

4. AI and third-party processing

Anthropic (Claude).Your project content that powers AI features — such as your one-liner, intake answers, and experiment logs — is sent to Anthropic's API for analysis and generation. Anthropic states that it does not train its consumer models on API data; you should still assume prompts and context leave our infrastructure and are processed on their systems. See Anthropic's privacy policy for the latest detail.

Tavily. When we run market research or web-style lookups for you, queries go to Tavily. Tavily states it does not store your queries in a way that builds a persistent profile of you; check their policy for specifics.

Stripe, Supabase, email. We use Stripe for payments, Supabase for authentication and database hosting, and email providers (for example Resend) for transactional and product mail. Each has its own policy governing subprocessors and retention.

We do not sell your personal information or your project content to data brokers or advertisers.

5. Data sharing

• We do not share your personal or project data with other Sprintt users by default. Your workspace is yours.
• Data at rest lives in Supabase with encryption; access from the app is scoped so you only read and write your own rows (row-level security).
• We may use anonymized, aggregated statistics to improve recommendations for everyone. Those stats should not identify you or your specific idea.
• If you use a shareable feature such as the Living Brief, anything you choose to put in that share is available to anyone with the link you generate. Don't share the link publicly if the content is confidential.

6. Data retention

• We keep your account and project data while your account is active and you use the service.
• After you delete your account, we aim to remove personal and project data within 30 days, subject to backups and legal holds. Aggregated metrics that no longer identify you may be kept longer.
• You can request an export or deletion anytime using the in-app controls where available, or by emailing hello@sprintt.app.

7. Cookies and local storage

• We use essential cookies (and similar technologies) so Supabase can keep your session secure after you sign in.
• We use browser localStorage for lightweight UI state — for example when you last saw the changelog. This stays on your device.
• We don't use advertising or cross-site tracking cookies.

8. Your rights

Depending on where you live, you may have rights to:

• Access — ask what we hold about you.
• Correction — update account details (for example via Google or in-app profile settings when available).
• Deletion — ask us to delete your account and associated data.
• Portability— export your project data. Paid plans may include self-serve export; otherwise contact us and we'll help where we can.
• Opt-out — unsubscribe from marketing or digest email using the link in the message.

To exercise a right, use the in-app options or email hello@sprintt.app. We'll respond within a reasonable time.

9. Security

• Traffic to our app uses TLS (HTTPS) in production.
• Supabase encrypts data at rest; we rely on their security program for database protection.
• Row-level security and application checks are designed so one user can't read another's projects.
• Access to production data for debugging is limited to people who operate the service.

10. Children

Sprintt is not intended for children under 13 (or the age required in your country). We don't knowingly collect data from children.

11. Changes

When we make material changes to this policy, we'll notify you by email to the address on your account (or a prominent notice in the product). If you keep using Sprintt after the effective date, that means you accept the updated policy. For minor clarifications, we may just update this page and the "last updated" date.

12. Contact

Questions about privacy: hello@sprintt.app