Privacy Policy

Sprigged is a tool for spinning up small, sharable apps for informal groups — rosters, snack rotations, gear lists. This page explains what Sprigged collects, why, and the choices you have over your data.

Sprigged is currently available only to users in the United States and Canada. We do not currently offer the service to residents of the European Economic Area or the United Kingdom.

Sprigged is operated by Brefi LLC. If you have any question about this policy, write to hello@sprigged.app.

See also: our Acceptable Use Policy, which describes what you agree to do — and not do — when using Sprigged.

What we collect

Email address

When you set up Sprigged on a new device, you may provide an email address so we can send you a one-time recovery code if you lose access to your device. The code is the only thing we send to that address as part of the product. We do not use your email for marketing, do not sell it, and do not share it with third parties for advertising.

Device identifier

Sprigged uses a per-install device identifier so your apps stay bound to your device without requiring you to create an account or remember a password. This identifier is generated locally the first time you open Sprigged, and is stored on your device (in your browser's local storage) so the same device can prove it's the same one next time. A separate one-way hash of that identifier is stored on our servers, which is how we recognise the device when it asks for access — we never need to see the original.

Push notification tokens

If you grant notification permission, the operating system gives Sprigged a push token (Apple Push Notification service on iOS, Firebase Cloud Messaging on Android). We store this token on our servers so we can notify you when group activity happens — for example, when someone accepts an invite to a patch you maintain. The token is rotated by the OS and is not personally identifying on its own. Notification bodies contain only the minimum needed to be useful — for example, the display name of the person who joined and the name of the patch. They cross Apple's and Google's push networks during delivery; both rotate and discard tokens routinely under their own privacy policies.

Content you create

Records you add inside an app you create or join — roster rows, snack assignments, whatever your app is for — are stored in a database dedicated to that patch (your shared workspace). The content of those records belongs to you and the people you share the patch with. We don't read or analyse your records to build advertising profiles or train machine-learning models.

Operational logs

Our servers keep short-lived request logs (URL paths, response codes, timestamps) to debug errors and prevent abuse. Logs do not contain the contents of your records. We rotate them on a rolling basis (typically within 30 days).

How we use what we collect

Sprigged contains no third-party analytics, no advertising trackers, no fingerprinting, and no advertising identifiers. Nothing on this site or in the apps reports back to ad networks. The fonts (Fraunces and Inter) are self-hosted from sprigged.app — your browser does not contact Google Fonts or any other third-party font CDN when rendering this site.

We use your data only to run Sprigged: to authenticate your device, let you recover access via email, deliver notifications you've opted into, sync the records inside your patches across your devices, and keep the service available and reliable. We do not sell, rent, or trade your personal information.

Sub-processors and infrastructure

Sprigged uses a small number of third-party services to operate. Each only sees the data it needs to do its job:

• Cloudflare — hosting the website, the API, and DNS. Cloudflare's servers process every request you make.
• Turso — per-patch databases that store the records and members of each shared workspace.
• Resend — sending the one-time recovery email codes.
• Apple Push Notification service — delivering notifications to iOS devices.
• Google Firebase Cloud Messaging — delivering notifications to Android devices.
• Anthropic — Claude API for the “Build with AI” authoring feature. Anthropic processes prompts, draft spec content, and authoring-session conversation history under their commercial-API terms.

Sprigged uses the Anthropic API to help you describe and generate apps in plain language (“Build with AI”). Three things are sent to Anthropic when you're using the authoring interface: the prompts you type, the current draft of the app spec the model is helping you build (entity names, field definitions, surface layouts you've set up), and the conversation history within that authoring session (your messages and the model's prior responses). The records inside your patches — the roster rows, snack assignments, gear lists, and other content of the apps your spec describes — are never sent to Anthropic. Specs from patches you aren't actively authoring are not sent either, nor are other members' identities. Anthropic processes Sprigged's API traffic under their commercial terms; their commercial terms explicitly prohibit training models on customer API content. Anthropic retains API traffic per their Privacy Policy and applicable sub-processor list — see Anthropic's privacy policy and commercial terms for the current details.

Crash and error reports

When Sprigged's web app encounters an unhandled JavaScript error in your browser, the app sends a small report to Sprigged's own server (the same server that serves the rest of the app — no third-party error-tracking service is involved). The report contains: the error message, the stack trace, the page URL, and your browser's user-agent string. Email addresses and other sensitive substrings are stripped client-side before the report is sent, and stripped again server-side as a second pass. Reports are kept for 90 days, then deleted.

This data flow stays inside Sprigged's existing four-subprocessor scope (Cloudflare for hosting, Turso for the database). No fifth vendor is involved. Reports are capped at 20 per page session and rate-limited at the server, so a buggy page can't flood the system.

Payments and subscriptions

Sprigged offers a free tier and a Pro subscription. When you subscribe, payment is processed by the relevant provider depending on your platform (when applicable):

• Apple In-App Purchase on iOS,
• Google Play Billing on Android, or
• Stripe via RevenueCat on the web.

Payment data we receive is limited to receipt metadata — purchase status, expiry, and a transaction ID. We never see card numbers or full billing addresses. Each payment processor handles that data under its own privacy policy. RevenueCat, when used, acts as a receipt-validation broker between the store providers and Sprigged.

Cookies and local storage

Sprigged uses your browser's local storage (IndexedDB and OPFS) to keep the device identifier and an offline copy of records in patches you've opened. We don't use cookies for tracking. Local storage that belongs to a patch is removed when you delete the patch — and on uninstall, the operating system reclaims app storage automatically.

Retention and deletion

Records inside a patch persist for as long as the patch exists. When you delete a patch, its database and the records inside it are removed. If you want to delete your account or any data associated with your device or email, write to hello@sprigged.app and we will action the request within 30 days.

Your rights

We honor common privacy rights regardless of where you live: access, correction, portability, deletion, objection, and consent withdrawal. We will not treat you differently for exercising any of them. The most-used rights are exercisable directly inside Sprigged, without emailing us:

• Access & portability. Open Sprigged → You → Account → Download my data. You'll get a JSON file with your account, the patches you're a member of, and the records you authored.
• Deletion. Open Sprigged → You → Account → Delete account. We remove your account, devices, push tokens, and authoring history. Patches you joined as a member keep working for everyone else.
• Patch deletion. Patch maintainers can permanently delete a patch from its settings (Danger zone → Delete patch permanently). The patch's database and all its records are removed.
• Patch archive. Patch maintainers can archive a patch (Danger zone → Archive patch) to keep it recoverable indefinitely without paying a storage cost.
• Other rights. For correction, objection, consent withdrawal, or anything else, write to hello@sprigged.app.

Records you authored inside patches you share with others stay in those patches when you delete your account — your account identifier on those records simply no longer references an active account. If you want a record removed from a shared patch, the patch maintainer can delete it; you can also leave the patch first and then delete your account if that's the outcome you want.

Children

Sprigged is not directed at children under 13, and we do not knowingly collect personal data from children under 13. Sprigged is often used for things like a kids' soccer roster — in that case, the parent or coach running the patch is the Sprigged user; the children listed inside the patch are records the user manages, not separate Sprigged accounts.

Security

We use HTTPS for all traffic, store device identifiers and recovery codes in hashed form, and limit which of our systems can access patch databases. No system is perfectly secure; if we ever discover a breach that affects your data we'll let you know without unnecessary delay.

International transfers

Sprigged's infrastructure is hosted in the United States and on Cloudflare's global edge network. If you use Sprigged from outside the US your data will be transferred to and processed in the US.

Changes to this policy

When we change this policy, we'll update the "Last updated" date at the top. Material changes — anything that meaningfully expands what we collect or who we share it with — will also be surfaced inside the app before they take effect.

Contact

Brefi LLC
hello@sprigged.app