Sprawl
Get Started

Privacy Policy

Last updated: April 14, 2026

1. Introduction

Sprawl ("Company," "we," "us," or "our") operates Sprawl ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using Sprawl, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • Profile picture (if provided)
  • Authentication credentials (managed by Clerk)

2.2 Usage Data

We automatically collect information about how you interact with the Service:

  • Chat messages and conversations with the AI
  • Documents and files you create
  • Automations and their configurations
  • Prompts and customizations you save
  • Feature usage and interaction patterns
  • Device information (browser type, operating system)
  • IP address and approximate location
  • Access times and session duration

2.3 Integration Data

When you connect third-party services, we may collect:

  • OAuth tokens and authentication credentials
  • Data retrieved from connected services to fulfill your requests, including summaries, extractions, and AI-generated insights derived from that data
  • Metadata about your connected accounts

2.4 Payment Information

Payment information (credit card numbers, billing addresses) is collected and processed directly by Stripe. We do not store your full payment card details on our servers.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your AI chat requests and execute tasks
  • Enable and manage third-party integrations
  • Process payments and manage subscriptions
  • Send service-related communications
  • Respond to your comments and support requests
  • Monitor and analyze usage trends and preferences
  • Detect, prevent, and address technical issues and fraud
  • Comply with legal obligations

4. Third-Party Services

We share data with the following categories of third-party services:

4.1 Authentication (Clerk)

We use Clerk for user authentication and account management. Sign-in options include Google Sign-In and GitHub. When you sign in with Google, we receive your email address, name, and profile picture from your Google account. This information is used solely for account creation and identification purposes. Clerk processes your login credentials and basic profile information. See Clerk's Privacy Policy.

4.2 Payment Processing (Stripe)

We use Stripe to process payments. When you make a purchase, your payment information is handled directly by Stripe. See Stripe's Privacy Policy.

4.3 Integrations (Composio)

We use Composio to connect to third-party services on your behalf. When you authorize integrations, Composio facilitates the connection and may temporarily process your data. See Composio's Privacy Policy.

4.4 AI Services (Anthropic)

Your chat messages are processed by Anthropic's Claude AI to generate responses and execute tasks. Anthropic may temporarily process your input to generate outputs. We encourage you not to share sensitive personal information in chat messages. See Anthropic's Privacy Policy.

4.5 Content Moderation (OpenAI)

We use OpenAI's Moderation API to screen user inputs for potentially harmful content before processing. This safety measure does not involve AI response generation. See OpenAI's Privacy Policy.

4.6 Analytics and Infrastructure

We may use analytics and hosting services to monitor Service performance and reliability. These services may collect anonymized usage data.

5. Data Retention

We retain your information for as long as:

  • Your account is active
  • Necessary to provide you with the Service
  • Required to comply with legal obligations
  • Needed to resolve disputes or enforce agreements

You can request deletion of your account and associated data at any time through your account settings or by contacting us.

Conversation history and generated content may be retained for up to 90 days after deletion for backup and recovery purposes, after which it will be permanently deleted.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

  • Encryption of data in transit (TLS/SSL)
  • Encryption of sensitive data at rest
  • Regular security assessments and updates
  • Access controls and authentication requirements
  • Secure hosting infrastructure

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

7.1 Access and Portability

You have the right to request a copy of the personal information we hold about you.

7.2 Correction

You can update or correct your account information through your account settings.

7.3 Deletion

You can request deletion of your account and personal information. Some information may be retained as required by law or for legitimate business purposes.

7.4 Opt-Out

You can opt out of marketing communications by following the unsubscribe instructions in our emails.

7.5 Integration Revocation

You can disconnect third-party integrations at any time through your account settings.

8. GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data
  • Right to Restrict Processing: Request limitation of processing
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us using the information provided below.

9. CCPA Rights (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: What personal information is collected, used, and shared
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the sale of personal information
  • Right to Non-Discrimination: Equal service regardless of exercising privacy rights

We do not sell your personal information. To exercise your CCPA rights, please contact us.

10. Cookies and Tracking

We use cookies and similar tracking technologies to:

  • Maintain your session and authentication state
  • Remember your preferences and settings
  • Analyze how the Service is used
  • Improve Service performance

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of the Service.

11. Children's Privacy

The Service is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

If you believe we have collected information from a child, please contact us immediately.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. When we transfer data internationally, we use appropriate safeguards to protect your information, including:

  • Standard contractual clauses approved by relevant authorities
  • Adequacy decisions where applicable
  • Other legally-approved transfer mechanisms

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Sprawl
Email: support@sprawl.to

For GDPR inquiries, you may also contact your local data protection authority.