Privacy Policy

Privacy Policy

Last updated: June 2026

This policy explains how Sprint19 Labs, Inc. collects, uses, shares, secures, and retains your personal information, and the rights you have over it. We have maintained the trust of 150+ startup founders over 15+ years with enterprise-grade standards.

National Privacy Commission DPO/DPS Registered seal

Registered with the National Privacy Commission

Sprint19 Labs, Inc. is a registered Data Protection Officer / Data Processing System under the Philippine Data Privacy Act of 2012 (RA 10173). Registration valid until 11 May 2027.

NPC Registration No. PIC-005-913-2026

1. Information We Collect & Why

1.1 Business Information

Company details, business models, technical requirements, financial data, and competitive landscape information, collected to align our work with your objectives.

1.2 Contact & Communication Data

Names, emails, phone numbers, meeting recordings, and interactions on collaboration platforms, gathered to maintain clear communication.

1.3 Technical & Usage Information

Website analytics, system specifications, and performance metrics, collected to optimise service delivery and security.

1.4 Cookies & Tracking Technologies

Essential, analytics, and performance cookies. You can manage cookies through your browser controls.

2. How We Use Your Information

  • Service delivery and project management, custom development, strategic consultation, coordination, and quality assurance.
  • Business operations and improvement, partnership management, service enhancement, legal compliance, and financial processing.
  • Marketing and business development, portfolio development, testimonials, and thought leadership, with your explicit permission only.

3. Information Sharing & Disclosure

We share information only with vetted service providers (evaluated for SOC 2 and ISO 27001 certifications), where required by law, or during a business transition with advance notice.

Portfolio and marketing use of your information requires your consent. Permission can be selective and withdrawn at any time.

4. Data Security & Protection Standards

4.1 Technical Safeguards

Industry-standard encryption, role-based access controls, firewalls, intrusion detection, automated encrypted backups, and regular security testing.

4.2 Operational Safeguards

Security training, access monitoring with audit trails, documented incident response, vendor due diligence, and a compliance architecture supporting GDPR, CCPA, HIPAA, and PCI DSS.

4.3 Physical Safeguards

Secure facilities, encrypted devices with remote-wipe capability, and secure document disposal.

5. Data Retention & Disposal

Active-project data is retained for 3 years after the engagement; financial records for 7 years; marketing consents until withdrawn plus 1 year; backups for 90 days as standard.

Disposal uses DoD 5220.22-M standard electronic wiping and certified physical destruction, with destruction certificates available on request.

6. Global Privacy Rights & Compliance

6.1 GDPR Rights

For clients in the European Economic Area: rights of access, rectification, erasure, portability, restriction, and objection.

6.2 CCPA Rights

For California residents: rights to know, delete, opt out, and receive non-discriminatory service. We do not sell personal information.

6.3 International Data Transfers

We rely on Standard Contractual Clauses, adequacy decisions, and enhanced technical safeguards for cross-border transfers.

7. Third-Party Services & Integrations

We rely on trusted providers and conduct due diligence on their security certifications, privacy practices, and data-processing agreements. You retain visibility and control over third-party usage, data sharing, and deletion.

  • Development & infrastructure: GitHub, AWS, Google Cloud, Figma.
  • Communication: Slack, Zoom, Zoho Mail, Gmail.
  • Analytics & marketing: Google Analytics, Meta Pixel, Mixpanel, Hotjar.
  • Bot protection: Cloudflare Turnstile, used on our website forms to prevent spam and abuse.
  • Project management: Asana, Trello, ClickUp, Linear, Notion.

7.1 Bot Protection (Cloudflare Turnstile)

Our website forms use Cloudflare Turnstile to distinguish real visitors from automated bots and prevent spam and abuse. To make this assessment, Cloudflare may collect information such as device, browser, and interaction signals. We run Turnstile in its privacy-preserving invisible mode and do not use it to track you across websites.

Cloudflare processes this data as described in its Turnstile Privacy Addendum (https://www.cloudflare.com/turnstile-privacy-policy/).

8. Cookies & Website Analytics

We categorise cookies as strictly necessary (mandatory), performance, functional, and marketing (all optional).

We use Google Analytics with IP anonymisation to understand content value, navigation, audience geography, and technical performance, and the Meta Pixel for marketing measurement.

Analytics and marketing cookies load only after you accept them in our consent banner. We use Google Consent Mode v2, so before consent Google Analytics runs without cookies and the Meta Pixel does not fire. Your choice is stored on your device and can be changed by clearing it.

9. Children’s Privacy Protection

We do not knowingly collect information from individuals under 16. If we discover such data, we delete it immediately and apply additional safeguards.

10. Privacy Policy Updates & Notifications

We update this policy to reflect changes in our services, regulatory requirements, enhanced security, and client feedback.

Significant changes receive 30 days’ advance notice by email; minor updates are posted to this page; emergency changes are notified immediately.

11. Contact Information & Rights Requests

For privacy questions or to exercise your rights, contact our Data Protection Officer at [email protected] or +1 888-614-8819 / +63 2-3224-2036. We verify identity before responding, within 30 days (GDPR) or 45 days (CCPA).

You may also escalate to the relevant regulatory authority or seek independent legal advice.

Questions about this privacy policy?

Contact Sprint19 Labs, Inc. at [email protected] or +1 888-614-8819 / +63 2-3224-2036.

Sprint19 Labs, Inc. · Level 10-1 One Global Place, 25th Street & 5th Avenue, BGC, Taguig City 1637, Philippines · D-U-N-S 719095242

Contact us