Privacy Policy

1. Introduction

Welcome to Sprivo ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application and services.

By using Sprivo, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Personal Information

We collect personal information that you provide to us, including:

• Account Information: Name, email address, phone number, and password
• Profile Information: Job title, department, organization details
• Business Data: CRM contacts, sales records, inventory data, quotes, documents
• Communication Data: Emails, messages, and other communications via our platform

2.2 Automatically Collected Information

When you use our services, we automatically collect:

• Usage Data: Pages viewed, features used, time spent, click patterns
• Device Information: Browser type, operating system, device type, screen resolution
• Technical Data: IP address, session data, cookies, and local storage data
• Location Data: General location based on IP address (not precise geolocation)

2.3 Third-Party Integrations

If you connect third-party services (e.g., Microsoft Outlook, Shopify), we collect and store access tokens and data from those services as authorized by you.

3. How We Use Your Information

We use your information for the following purposes:

• Provide Services: To operate and maintain our platform, including CRM, sales, inventory, and document management features
• Account Management: To create and manage your user account and organization
• Communication: To send you updates, notifications, and support messages
• Analytics: To analyze usage patterns and improve our services
• Security: To detect, prevent, and address fraud, security issues, and technical problems
• Compliance: To comply with legal obligations and enforce our Terms of Service
• Personalization: To customize your experience and provide relevant features

4. Data Sharing and Disclosure

4.1 Within Your Organization

Your data is shared with other users in your organization according to role-based access controls (RBAC). Admins have broader access, while Reps and other roles have limited access.

4.2 Service Providers

We may share your information with third-party service providers who perform services on our behalf:

• Cloud hosting providers (e.g., Vercel, Fly.io, Supabase)
• Email service providers
• Analytics and monitoring tools
• Customer support platforms

4.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental request, or to protect our rights, property, or safety.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

We do NOT sell your personal information to third parties.

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: Data is encrypted in transit (HTTPS/TLS) and at rest
• Password Protection: Passwords are hashed using bcrypt (work factor 12)
• Access Controls: Role-based permissions limit data access
• Regular Backups: Automated database backups for disaster recovery
• Monitoring: Continuous security monitoring and logging

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. Specifically:

• Active Accounts: Data retained while your account is active
• Deleted Accounts: Data deleted within 30 days of account deletion request (unless legal retention required)
• Business Records: Sales, CRM, and financial data may be retained longer for compliance purposes
• Logs: Access logs and analytics data retained for 90 days

7. Your Privacy Rights

Depending on your location, you may have the following rights:

7.1 Access and Portability

• Request a copy of your personal data in a portable format
• Access your account settings to view and update information

7.2 Correction

• Update or correct inaccurate personal information through your account settings

7.3 Deletion

• Request deletion of your account and associated data
• Note: Some data may be retained for legal or legitimate business purposes

7.4 Objection and Restriction

• Object to certain processing of your personal data
• Request restriction of processing under certain circumstances

7.5 Withdraw Consent

• Withdraw consent for data processing at any time (where consent is the legal basis)

To exercise these rights, contact us at privacy@sprivo.com or use the data export/deletion features in your account settings.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

• Essential Cookies: Required for authentication and security (JWT tokens)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how you use our services
• Local Storage: Store offline data and PWA functionality

You can control cookies through your browser settings. Note that disabling essential cookies may limit functionality.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

10. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending an email notification for material changes

Your continued use of our services after changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

13. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

• Right to be informed about data processing
• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

Our legal basis for processing your data includes: consent, contract performance, legal obligations, and legitimate interests.

You have the right to lodge a complaint with your local data protection authority.

14. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

• Know what personal information is collected
• Know whether personal information is sold or disclosed
• Access your personal information
• Request deletion of your personal information
• Opt-out of the sale of personal information (we do not sell data)
• Non-discrimination for exercising your rights