PRIVACY POLICY

1. INFORMATION WE COLLECT

1.1 Account Information

When you create an account, we collect:

• Email address — For account access, notifications, and support
• Name (optional) — For personalization
• Password — Hashed using bcrypt, never stored in plain text

1.2 OAuth Information

If you sign in with Google or GitHub, we receive:

• Your email address
• Your display name
• Your profile picture URL

We do not receive or store your OAuth provider password.

1.3 Telegram Information

If you link your Telegram account to Sprout, we store:

• Telegram User ID — Numeric identifier for sending messages
• Telegram Username — For display purposes

1.4 Payment Information

Payments are processed by Stripe. We do not store your full credit card number. We receive and store:

• Stripe Customer ID
• Last 4 digits of card (for display)
• Card expiration date
• Billing address (for tax purposes)

1.5 Instance and Channel Data

When you deploy instances and configure channels, we store:

• Instance configuration — Name, hardware selection, channel types
• API credentials — Bot tokens, API keys for channels (encrypted)
• Usage data — Credit consumption, uptime metrics

1.6 Technical Data

We automatically collect:

• IP address
• Browser type and version
• Device information
• Pages visited and actions taken
• Timestamps

2. HOW WE USE YOUR INFORMATION

We use collected information to:

• Provide and maintain the Service
• Process payments and manage credits
• Send transactional emails (receipts, alerts, support responses)
• Configure and manage your channel integrations
• Provide customer support
• Detect and prevent fraud or abuse
• Improve the Service based on usage patterns
• Comply with legal obligations

3. INFORMATION SHARING

We do not sell your personal information. We share data only in these circumstances:

3.1 Service Providers

We use third-party services that may process your data:

3.2 Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect our rights, property, or safety.

4. DATA RETENTION

• Active accounts: Data retained while account is active
• Deleted accounts: Data deleted within 30 days of account deletion
• Paused instances: Data retained 30 days after zero balance
• Billing records: Retained 7 years for tax/legal compliance
• Server logs: Automatically deleted after 90 days

5. DATA SECURITY

We implement industry-standard security measures:

• HTTPS encryption for all connections
• AES-256-GCM encryption for stored credentials
• bcrypt password hashing with salt
• Regular security audits
• Limited access to personal data (need-to-know basis)
• Secure cloud infrastructure with Vercel and Neon

No system is 100% secure. If you discover a security vulnerability, please report it to security@sprout.bot.

6. YOUR RIGHTS

You have the right to:

7. COOKIES

We use cookies for:

• Essential cookies: Session management, authentication
• Preference cookies: Remember your settings

We do not use advertising or tracking cookies. You can disable cookies in your browser, but this may affect Service functionality.

8. INTERNATIONAL TRANSFERS

Our servers are located in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US. By using the Service, you consent to this transfer.

9. CHILDREN'S PRIVACY

The Service is not intended for users under 18. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us immediately.

10. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically. We will notify you of material changes via email or dashboard notification. Your continued use after changes constitutes acceptance.

11. CONTACT US

For privacy-related questions or to exercise your rights: