Sprigged
Privacy Policy
Last updated: June 14, 2026
Sprigged is offered only to residents of the United States and Canada. We do not offer the service to residents of the European Economic Area, the United Kingdom, Switzerland, or any other jurisdiction outside the US and Canada, and this policy is written against United States and Canadian privacy law (including the California Consumer Privacy Act and the California Privacy Rights Act, and applicable provincial Canadian privacy statutes). Sprigged does not target, market to, or knowingly accept signups from individuals located outside the US and Canada.
Sprigged is a tool for spinning up small, sharable apps for informal groups — rosters, snack rotations, gear lists. This page explains what Sprigged collects, why, and the choices you have over your data.
Sprigged is operated by Brefi LLC. If you have any question about this policy, write to [email protected].
See also: our Acceptable Use Policy, which describes what you agree to do — and not do — when using Sprigged.
What we collect
Email address
When you set up Sprigged on a new device, you may provide an email address so we can send you a one-time recovery code if you lose access to your device. The code is the only thing we send to that address as part of the product. We do not use your email for marketing, do not sell it, and do not share it with third parties for advertising.
Waitlist email address
If Sprigged is invite-only when you visit and you submit your email on the landing page to join our waitlist, we store that address with Resend so we can email you exactly once when Sprigged opens up. We also send you a brief confirmation now so you know the signup worked.
You can unsubscribe at any time via the unsubscribe link in either email; that removes you from the waitlist permanently. We do not use waitlist addresses for marketing beyond the single opening announcement, do not sell them, and do not share them with third parties.
The signup form uses Cloudflare's Turnstile widget to prevent automated submissions.
Device identifier
Sprigged uses a per-install device identifier so your apps stay bound to your device without requiring you to create an account or remember a password. This identifier is generated locally the first time you open Sprigged, and is stored on your device so the same device can prove it's the same one next time. A separate one-way hash of that identifier is stored on our servers, which is how we recognise the device when it asks for access — we never need to see the original.
Push notification tokens
If you grant notification permission, the operating system gives Sprigged a push token (Apple Push Notification service on iOS, Firebase Cloud Messaging on Android). We store this token on our servers so we can notify you when group activity happens — for example, when someone accepts an invite to a patch you maintain. The token is rotated by the OS and is not personally identifying on its own. Notification bodies contain only the minimum needed to be useful — for example, the display name of the person who joined and the name of the patch. They cross Apple's and Google's push networks during delivery; both rotate and discard tokens routinely under their own privacy policies.
Content you create
Records you add inside an app you create or join — roster rows, snack assignments, whatever your app is for — are stored in a database dedicated to that patch (your shared workspace). The content of those records belongs to you and the people you share the patch with. We don't read or analyse your records to build advertising profiles or train machine-learning models.
Operational logs
Our servers keep short-lived request logs (URL paths, response codes, timestamps) to debug errors and prevent abuse. Logs do not contain the contents of your records. We rotate them on a rolling basis (typically within 30 days).
How we use what we collect
Sprigged contains no third-party analytics, no advertising trackers, no fingerprinting, and no advertising identifiers. Nothing on this site or in the apps reports back to ad networks. The fonts (Fraunces and Inter) are self-hosted from sprigged.app — your browser does not contact Google Fonts or any other third-party font CDN when rendering this site.
We use your data only to run Sprigged: to authenticate your device, let you recover access via email, deliver notifications you've opted into, sync the records inside your patches across your devices, and keep the service available and reliable. We do not sell, rent, or trade your personal information.
Sub-processors and infrastructure
Sprigged operates with four subprocessors total. Each only sees the data it needs to do its job. The four-subprocessor invariant is a load-bearing commitment of Sprigged's privacy posture — adding a fifth is treated as a material posture change, not a quiet add.
- Cloudflare — hosting the website, the API, and DNS. Cloudflare's servers process every request you make.
- Turso — per-patch databases that store the records and members of each shared workspace.
- Resend — sending the one-time recovery email codes, the waitlist confirmation email, and the future “Sprigged is open” announcement to waitlist subscribers. Resend also stores the waitlist email address itself (their “Audiences” product) so we can send the announcement to everyone at once.
- Anthropic — Claude API for the “Build with AI” authoring feature. Anthropic processes prompts, draft spec content, and authoring-session conversation history under their commercial-API terms.
Platform-mediated channels (not subprocessors)
Separate from the four subprocessors above, Sprigged interacts with platform-mediated channels that exist to carry data the operating system or store has already taken responsibility for. These are not Sprigged's subprocessors — they are services you have already consented to at the operating-system or store level, with their own privacy regimes:
- Apple Push Notification service (APNs) — delivering notifications to iOS devices. APNs is part of iOS; Apple's privacy policy governs.
- Google Firebase Cloud Messaging (FCM) — delivering notifications to Android devices. FCM is part of Google Play Services; Google's privacy policy governs.
- Apple In-App Purchase — Sprigged Pro subscriptions on iOS. Apple's privacy policy governs the payment data.
- Google Play Billing — Sprigged Pro subscriptions on Android. Google's privacy policy governs the payment data.
- Stripe via RevenueCat — Sprigged Pro subscriptions on the web, when launched. Stripe and RevenueCat each handle payment data under their own policies.
Sprigged uses the Anthropic API to help you describe and generate apps in plain language (“Build with AI”). Three things are sent to Anthropic when you're using the authoring interface: the prompts you type, the current draft of the app spec the model is helping you build (entity names, field definitions, surface layouts you've set up), and the conversation history within that authoring session (your messages and the model's prior responses). The records inside your patches — the roster rows, snack assignments, gear lists, and other content of the apps your spec describes — are never sent to Anthropic. Specs from patches you aren't actively authoring are not sent either, nor are other members' identities. Anthropic processes Sprigged's API traffic under their commercial terms; their commercial terms explicitly prohibit training models on customer API content. Anthropic retains API traffic per their Privacy Policy and applicable sub-processor list — see Anthropic's privacy policy and commercial terms for the current details.
Crash and error reports
When Sprigged's web app encounters an unhandled JavaScript error in your browser, the app sends a small report to Sprigged's own server (the same server that serves the rest of the app — no third-party error-tracking service is involved). The report contains: the error message, the stack trace, the page URL, and your browser's user-agent string. Email addresses and other sensitive substrings are stripped client-side before the report is sent, and stripped again server-side as a second pass. Reports are kept for 90 days, then deleted.
This data flow stays inside Sprigged's existing four-subprocessor scope (Cloudflare for hosting, Turso for the database). No fifth vendor is involved. Reports are capped at 20 per page session and rate-limited at the server, so a buggy page can't flood the system.
Payments and subscriptions
Sprigged offers a free tier and a Pro subscription. When you subscribe, payment is processed by the relevant provider depending on your platform (when applicable):
- Apple In-App Purchase on iOS,
- Google Play Billing on Android, or
- Stripe via RevenueCat on the web.
Payment data we receive is limited to receipt metadata — purchase status, expiry, and a transaction ID. We never see card numbers or full billing addresses. Each payment processor handles that data under its own privacy policy. RevenueCat, when used, acts as a receipt-validation broker between the store providers and Sprigged.
Auto-renewing subscription (California Civil Code §17602(a))
Sprigged Pro is an auto-renewing subscription billed at $8 per month. Your subscription renews automatically each month, on the same calendar day you started it, and your payment method is charged at the start of each renewal period unless you cancel at least 24 hours before the period ends. You can cancel at any time and keep access through the end of the current paid period: on iOS, manage or cancel from Settings → [your name] → Subscriptions; on Android, from Google Play → Profile → Payments & subscriptions → Subscriptions; on the web, from your Sprigged account page. This disclosure is provided in a clear and conspicuous manner before purchase, as required by California Civil Code §17602(a).
Cookies and on-device storage
Sprigged uses on-device storage (IndexedDB and OPFS) to keep the device identifier and an offline copy of records in patches you've opened. Sprigged sets no cookies — signing in uses a bearer token, not a cookie. On-device storage that belongs to a patch is removed when you delete the patch — and on uninstall, the operating system reclaims app storage automatically.
Retention and deletion
Records inside a patch persist for as long as the patch exists. When you delete a patch, its database and the records inside it are removed. If you want to delete your account or any data associated with your device or email, write to [email protected] and we will action the request within 30 days.
California (CCPA/CPRA) notice
Because Sprigged is offered to residents of the United States and Canada, California residents are covered by the California Consumer Privacy Act as amended by the California Privacy Rights Act (the “CCPA/CPRA”). This section is the notice required by California Civil Code §1798.130. It is provided in addition to, not in place of, the rest of this policy.
Categories of personal information we collect
The CCPA enumerates twelve statutory categories of personal information. For each, we state whether Sprigged collects it and the purpose for which it is collected:
- Identifiers — yes: an email address (optional, recovery-only), a per-install device identifier stored locally with a one-way hash held on our servers, and (if you grant permission) an OS-issued push notification token. Purpose: device-bound authentication, account recovery, and delivering notifications you opted into.
- Customer records (Cal. Civ. Code §1798.80(e)) — limited: an email address only if you choose to provide one for recovery or join the waitlist. We do not collect name, signature, physical address, telephone number, government ID, financial account number, medical information, or health insurance information.
- Characteristics of protected classifications — no. We do not collect race, color, national origin, ancestry, sex, age, religion, disability, citizenship, marital status, military or veteran status, or any other protected characteristic.
- Commercial information — limited: receipt metadata (purchase status, renewal expiry, and a transaction ID) when you subscribe to Sprigged Pro. Purpose: entitlement enforcement for the paid tier. We do not see card numbers or full billing addresses.
- Biometric information — no. We do not collect fingerprints, faceprints, voiceprints, iris or retina scans, keystroke patterns, gait, or any other biometric identifier.
- Internet or other electronic network activity — limited: short-lived operational request logs (URL paths, response codes, timestamps, user-agent string) and, for unhandled JavaScript errors, a stack trace plus the page URL. Purpose: debugging errors and preventing abuse. Logs are rotated on a rolling basis (typically within 30 days); crash reports are kept for 90 days, then deleted. We do not build browsing histories or cross-site profiles.
- Geolocation data — no. We do not request, collect, or infer precise or coarse geolocation from your device.
- Audio, electronic, visual, thermal, olfactory, or similar sensory information — no. Sprigged does not record audio, take photos, or capture any sensor input from your device.
- Professional or employment-related information — no. We do not collect employer, job title, employment history, or any professional credential.
- Education information (as defined under FERPA) — no. We do not collect education records.
- Inferences drawn from any of the above — no. We do not build profiles, score, segment, or otherwise infer characteristics, preferences, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes about you.
- Sensitive personal information — no. We do not collect government identifiers, financial-account credentials, precise geolocation, racial or ethnic origin, religious or philosophical beliefs, union membership, the contents of your mail / email / text messages (other than what you voluntarily type into the authoring interface), genetic data, biometric identifiers, health information, or information about your sex life or sexual orientation. Because Sprigged does not collect sensitive personal information, the CPRA right to limit the use of sensitive personal information does not arise here.
Sources, business purposes, and recipients
The categories above are collected directly from you (the data you provide and the device you use) and from the operating system on your device (the push notification token, when you grant permission). We use each category solely for the operating purpose stated next to it. The recipients are the four subprocessors named in the “Sub-processors and infrastructure” section above — Cloudflare, Turso, Resend, and Anthropic — each scoped to the data its job requires, plus the platform-mediated channels (Apple Push Notification service, Firebase Cloud Messaging, Apple In-App Purchase, Google Play Billing, and Stripe via RevenueCat when applicable) that exist to carry the data they were designed to carry.
Retention
We retain each category only as long as it is needed for the operating purpose stated, and no longer:
- Email addresses (recovery and waitlist) — until you remove them via account deletion or unsubscribe; deletion is self-serve and immediate inside the app.
- Device identifier and its server-side hash, plus push notification tokens — until you delete your account or remove the device; the OS may also rotate or invalidate push tokens on its own schedule.
- Operational logs — typically rotated within 30 days; never longer than is needed for debugging and abuse-prevention.
- Crash and error reports — 90 days, then deleted.
- Records you create inside a patch (workspace) — as long as the patch exists. Deleting the patch removes its database and all records in it.
- Subscription receipt metadata — for the duration of the subscription plus the period the store provider requires us to retain it for entitlement and refund-handling purposes.
No sale or sharing of personal information
Sprigged does not sell or share your personal information, as those terms are defined under the CCPA/CPRA, and we have not done so in the preceding twelve months. We do not exchange personal information for monetary or other valuable consideration with third parties, and we do not disclose personal information to third parties for cross-context behavioral advertising. Because we do not sell or share, the CCPA/CPRA right to opt out of sale or sharing does not arise here, and we do not need to provide a “Do Not Sell or Share My Personal Information” link.
Your California rights and how to exercise them
California residents have the right to know what personal information we collect, to access and obtain a portable copy of it, to correct inaccuracies, to request deletion, to limit the use of sensitive personal information (not applicable here — see above), and to not be discriminated against for exercising any of these rights. Access, portability, and deletion are exercisable directly inside Sprigged (see the “Your rights” section below — open Sprigged → You → Account → Download my data or Delete account). For correction, or to ask a question about any of these rights, write to [email protected]. You may designate an authorized agent to make a request on your behalf by including a written, signed authorization with the request; we will verify your identity (and the agent's authority) before acting on the request.
Your rights
We honor common privacy rights regardless of where you live: access, correction, portability, deletion, objection, and consent withdrawal. We will not treat you differently for exercising any of them. The most-used rights are exercisable directly inside Sprigged, without emailing us:
- Access & portability. Open Sprigged → You → Account → Download my data. You'll get a JSON file with your account, the patches you're a member of, and the records you authored.
- Deletion. Open Sprigged → You → Account → Delete account. We remove your account, devices, push tokens, and authoring history. Patches you joined as a member keep working for everyone else.
- Patch deletion. Patch maintainers can permanently delete a patch from its settings (Danger zone → Delete patch permanently). The patch's database and all its records are removed.
- Patch archive. Patch maintainers can archive a patch (Danger zone → Archive patch) to keep it recoverable indefinitely without paying a storage cost.
- Other rights. For correction, objection, consent withdrawal, or anything else, write to [email protected].
Records you authored inside patches you share with others stay in those patches when you delete your account — your account identifier on those records simply no longer references an active account. If you want a record removed from a shared patch, the patch maintainer can delete it; you can also leave the patch first and then delete your account if that's the outcome you want.
Children
Sprigged is not directed at children under 13, and we do not knowingly collect personal data from children under 13. Sprigged is often used for things like a kids' soccer roster — in that case, the parent or coach running the patch is the Sprigged user; the children listed inside the patch are records the user manages, not separate Sprigged accounts.
Security
We use HTTPS for all traffic, store device identifiers and recovery codes in hashed form, and limit which of our systems can access patch databases. No system is perfectly secure; if we ever discover a breach that affects your data we'll let you know without unnecessary delay.
International transfers
Sprigged's infrastructure is hosted in the United States and on Cloudflare's global edge network. Sprigged is offered only to residents of the United States and Canada, so this section applies only to data flowing between those two jurisdictions and our US-hosted infrastructure.
Changes to this policy
When we change this policy, we'll update the "Last updated" date at the top. Material changes — anything that meaningfully expands what we collect or who we share it with — will also be surfaced inside the app before they take effect.
Contact
Brefi LLC
[email protected]