PRIVACY POLICY

1. Information We Collect & Why

1.1 Business Information

What we collect:

• Company details, business model, and strategic objectives

• Technical requirements, user personas, and product specifications

• Financial information relevant to project scoping and engagement planning

• Competitive landscape and market positioning data

Why we collect it: To deliver strategic development services that align with your business objectives and provide technical consultation that drives measurable outcomes.

1.2 Contact & Communication Data

What we collect:

• Names, email addresses, phone numbers, and business addresses

• Communication preferences and time zone information

• Meeting recordings and project documentation (with explicit consent)

• Slack, email, and other collaboration platform interactions

Why we collect it: To maintain our communication excellence standards and ensure seamless collaboration across global time zones.

1.3 Technical & Usage Information

What we collect:

• Website usage data, including pages visited and interaction patterns

• Technical specifications of your existing systems and infrastructure

• Performance metrics and analytics from applications we develop

• Security logs and access patterns for systems under our management

Why we collect it: To optimize our service delivery, maintain security standards, and provide data-driven recommendations for product improvement.

1.4 Cookies & Tracking Technologies

We use essential cookies for website functionality, analytics cookies to understand user behavior (with consent), and performance cookies to optimize loading times. You can control cookie preferences through your browser settings.

2. How We Use Your Information

2.1 Service Delivery & Project Management

• Development Services: Building custom applications according to your specifications

• Strategic Consultation: Providing technical guidance and product strategy recommendations

• Project Coordination: Managing timelines, deliverables, and communication workflows

• Quality Assurance: Testing, optimization, and performance monitoring

2.2 Business Operations & Improvement

• Partnership Management: Maintaining client relationships and account development

• Service Enhancement: Analyzing usage patterns to improve our methodologies

• Legal Compliance: Meeting contractual obligations and regulatory requirements

• Financial Management: Invoicing per Net 30 payment terms, payment processing, and expense tracking

2.3 Marketing & Business Development

• Portfolio Development: Showcasing successful projects (with explicit permission)

• Testimonial Collection: Gathering and sharing client success stories

• Industry Leadership: Contributing to startup ecosystem knowledge and best practices

• Partnership Opportunities: Identifying potential collaboration and referral opportunities

Important: We never use your proprietary business information for competitive purposes or share it with other clients.

3. Information Sharing & Disclosure

3.1 Limited Sharing Scenarios

Sprint19 maintains strict confidentiality standards. We only share information in these specific circumstances:

Service Providers & Subcontractors:

• Selected third-party services essential for project delivery (hosting, analytics, etc.)

• All service providers evaluated for security certifications (SOC 2, ISO 27001) and compliance capabilities

• Sharing limited to minimum necessary information for specific services

• Data processing agreements in place with all third-party vendors

Legal Requirements:

• Court orders, legal processes, or government requests

• Protection of Sprint19's legal rights and property

• Prevention of fraud or security threats

Business Transitions:

• Potential mergers, acquisitions, or business asset transfers

• Advance notice provided to clients with opt-out options

3.2 Portfolio & Marketing Use

With your explicit written consent, we may:

• Include project screenshots and descriptions in our portfolio

• Reference your company name in client lists and case studies

• Share anonymized project metrics for industry research

• Use testimonials and success stories in marketing materials

You control this completely. Permission can be granted selectively (e.g., portfolio but not testimonials) and withdrawn at any time.

4. Data Security & Protection Standards

4.1 Technical Safeguards

• Encryption: Industry-standard encryption protocols for data transmission and storage

• Access Controls: Role-based permissions and authentication mechanisms

• Network Security: Firewalls, intrusion detection, and regular vulnerability assessments

• Backup Systems: Automated, encrypted backups with geographic redundancy

• Security Testing: Regular security assessments and vulnerability testing

4.2 Operational Safeguards

• Team Training: Regular security awareness and data protection education

• Access Monitoring: Comprehensive logging and audit trails for all data access

• Incident Response: Documented procedures for security breach identification and response

• Vendor Management: Due diligence and ongoing monitoring of all service providers

• Compliance Framework: Architecture designed to support GDPR, CCPA, HIPAA, and PCI DSS compliance requirements

4.3 Physical Safeguards

• Facility Security: Secure office environments with controlled access

• Device Management: Encrypted laptops with remote wipe capabilities

• Document Handling: Secure disposal of physical documents containing sensitive information

5. Data Retention & Disposal

5.1 Retention Periods

• Active Projects: Throughout engagement period plus 3 years for warranty support and legal compliance

• Financial Records: 7 years for tax and regulatory compliance

• Marketing Consents: Until consent is withdrawn or business relationship ends plus 1 year

• Technical Documentation: Maintained to support ongoing service delivery and security requirements

• Backup Archives: Standard 90-day retention with extended retention for compliance purposes

5.2 Secure Disposal

When retention periods expire or you request deletion:

• Data Wiping: DoD 5220.22-M standard for electronic media

• Physical Destruction: Certified destruction for physical storage media

• Third-Party Notification: Ensuring service providers also delete relevant data

• Documentation: Certificate of destruction provided upon request

6. Global Privacy Rights & Compliance

6.1 GDPR Rights (European Clients)

If you're located in the European Economic Area, you have these rights:

• Access: Request copies of your personal data

• Rectification: Correct inaccurate or incomplete information

• Erasure: Request deletion of your personal data ("right to be forgotten")

• Portability: Receive your data in machine-readable format

• Restriction: Limit how we process your personal data

• Objection: Object to processing based on legitimate interests

6.2 CCPA Rights (California Clients)

California residents have additional rights:

• Know: What personal information we collect and how it's used

• Delete: Request deletion of personal information

• Opt-Out: Opt out of sale of personal information (Note: Sprint19 does not sell personal information)

• Non-Discrimination: Equal service regardless of privacy choices

6.3 International Data Transfers

When we transfer data internationally (e.g., from US clients to our Philippines headquarters), we ensure adequate protection through:

• Standard Contractual Clauses: EU-approved data transfer mechanisms

• Adequacy Decisions: Transfers to countries with adequate protection findings

• Additional Safeguards: Technical and organizational measures for enhanced protection

7. Third-Party Services & Integrations

7.1 Service Provider Categories

• Development Tools: GitHub, AWS, Google Cloud Platform, Figma

• Communication: Slack, Zoom, Zoho Mail, Gmail

• Analytics: Google Analytics, Mixpanel, Hotjar (with consent)

• Project Management: Asana, Trello, ClickUp, Linear, Notion

7.2 Due Diligence Standards

All third-party services are evaluated based on:

• Security Certifications: We review providers' SOC 2, ISO 27001, or equivalent standards documentation

• Privacy Policies: Assessment of clear data handling and protection practices

• Compliance: Evaluation of GDPR, CCPA, and other relevant regulatory adherence

• Data Processing Agreements: Formal contracts governing data handling and security requirements

7.3 Client Control

You have complete visibility and control over:

• Which third-party services are used in your project

• What data is shared with each service

• How long data is retained by service providers

• Options for data deletion or transfer

8. Cookies & Website Analytics

8.1 Cookie Categories

• Strictly Necessary: Essential for website functionality (cannot be disabled)

• Performance: Help us understand website usage patterns (optional)

• Functional: Remember your preferences and settings (optional)

• Marketing: Track effectiveness of our content and outreach (optional)

8.2 Analytics & Tracking

We use Google Analytics with IP anonymization to understand:

• Which content is most valuable to startup founders

• How potential clients navigate our website

• Geographic distribution of our audience

• Technical performance and optimization opportunities

Your control: Use our cookie preference center to customize tracking settings, or disable analytics cookies through your browser.

9. Children's Privacy Protection

Sprint19 does not knowingly collect personal information from children under 16. Our services are designed for business professionals and startup founders. If we discover we have collected information from someone under 16, we will delete it immediately and implement additional safeguards to prevent future occurrences.

10. Privacy Policy Updates & Notifications

10.1 Change Management

We may update this Privacy Policy to reflect:

• Changes in our services or business practices

• New legal or regulatory requirements

• Enhanced security measures or technical capabilities

• Client feedback and industry best practices

10.2 Notification Process

• Significant Changes: 30-day advance notice via email with explanation of changes and impact

• Minor Updates: Website posting with effective date notification

• Emergency Changes: Immediate notification if required for security or legal compliance

• Your options: Review changes, request clarification, or terminate services if you disagree with modifications.

11. Contact Information & Rights Requests

11.1 Privacy Contact

Data Protection Officer: [email protected]
General Privacy Questions: [email protected]
Phone: +63 947 274 7484

Mailing Address:
Sprint19 Labs Inc.
Level 10-1 One Global Place
25th Street & 5th Avenue, BGC
Taguig City, 1637, Philippines

11.2 Rights Request Process

To exercise your privacy rights:

1. Email: Send detailed request to [email protected]

2. Verification: We'll verify your identity for security

3. Processing: Response within 30 days (GDPR) or 45 days (CCPA)

4. Follow-up: Confirmation when request is completed

11.3 Complaints & Escalation

If you're unsatisfied with our privacy practices:

• Internal Review: Escalate to our Data Protection Officer

• Regulatory Complaints: Contact your local data protection authority

• Legal Consultation: Seek independent legal advice regarding your rights