Privacy — by design
Supasprinkles is built to observe systems, not individuals. We help teams understand how product operations behave over time — where work flows, where drift emerges, and how systems can correct themselves. To do that responsibly, we minimise data collection, limit retention, and make data usage transparent by default.
Our commitments
Privacy is not a legal afterthought — it is an operational property of the system.
What data we collect
We collect data in categories, not as an undifferentiated stream.
1. Account and organisational information
- Name, email address
- Organisation name
- User role and permissions
- Authentication metadata
This data is required to manage access and security.
2. Operational metadata
This is the core data Supasprinkles works with. Examples include:
- Workflow state changes
- Status transitions
- Timestamps and sequence information
- Configuration and integration metadata
This data allows the system to observe how work flows, not what individuals say or think.
3. Integration data
When you connect third-party tools (e.g. issue trackers, documentation tools, finance systems), we ingest only the fields required to model operational behaviour.
We do not ingest:
- Private messages
- Free-form content unless explicitly required
- Personal data unrelated to operational state
Each integration clearly defines what data is accessed and why.
4. Support and communication data
If you contact us (support tickets, emails, feedback), this data is used only to respond to your request.
What we do not collect
To be explicit, Supasprinkles does not:
- Track individual productivity or performance
- Monitor private conversations
- Record keystrokes or screen activity
- Sell or broker customer data
- Use customer data to train shared AI models
Our focus is system behaviour, not individual surveillance.
How we use data
Operational Purpose
- • Making operational flow observable
- • Detecting drift and inconsistency
- • Supporting system correction and alignment
- • Providing analytics and insights you explicitly enable
- • Maintaining platform security and reliability
Non-Purpose
We do not repurpose data for advertising or unrelated analysis.
Automation and intelligence
Supasprinkles uses automated systems to:
- Classify operational signals
- Detect patterns and deviations
- Enforce retention and access policies
These systems operate within your organisation’s data boundary. We do not use customer data to train external or shared models.
Data retention and deletion
We retain data only for as long as it is needed to operate the system.
- Default retention policies are applied per data category
- Retention periods can be configured by organisation
- Data can be deleted or exported upon request
- Deleted data is permanently removed from active systems within a defined period
Retention is enforced automatically — not manually.
Data sharing
We share data only when required to operate the service (e.g., secure infrastructure providers, auth services).
All third parties are contractually bound to:
- Use data only for the agreed purpose
- Maintain appropriate security controls
- Comply with applicable data protection laws
We do not share data with advertisers or data brokers.
Security and access controls
International data transfers
Where data is processed outside the UK or EU, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and equivalent legal protections.
Your rights
Depending on your location, you may have the right to access, correct, delete, or export your data.
Requests can be made by contacting us at: privacy@supasprinkles.com
Changes to this policy: We may update this policy to reflect changes in the platform or legal requirements. We will update the "Last updated" date and communicate material changes.
Contact us:
Supasprinkles Ltd
Email: privacy@supasprinkles.com
Last updated: January 2, 2026