Effective: July 6, 2026. This describes what SproutPad collects, why, and what happens to it.
| Data | Why | Where it lives |
|---|---|---|
| Your email address | Account identity, sign-in links, approval and billing notices | Our database (Fly.io, US) |
| Payment method | Charging for domains/hosting/email/plans | Stripe only. We store tokens (customer + payment-method ids), never card numbers. |
| Audit ledger | Every agent/human action: what, why (justification), cost, undo path | Our database; exportable by you |
| Mailbox credentials | Operating mailboxes your agents create | Encrypted (AES-256-GCM) at rest; decrypted server-side only |
| Email envelopes | Inbox listings (from/subject/date/snippet) | Our database. Message bodies are never stored — they are fetched live from the mail provider per read. |
| Funnel events | Aggregate product metrics (signup → first launch) | Our database; org-linked counters, no behavioral profiles |
We do not use advertising trackers, sell data, or share it beyond the processors below.
Stripe (payments), Fly.io (hosting + database), name.com (domain registration — registrant data as required by ICANN), Cloudflare (DNS), Purelymail (mailboxes), Resend (transactional email), GitHub (encrypted database backups as private artifacts).
The audit ledger is append-only by design — it is the record that makes budgets, teardown, and billing trustworthy, and it is retained for the life of the service, including after account closure, as our legitimate financial and audit record.
On account closure (or verified erasure request): your email is replaced with an irreversible hash, Stripe tokens are deleted from our systems, sessions and sign-in identities are deleted, mailbox credentials and cached envelopes are purged, and all keys are revoked. Ledger entries survive, attributed to the pseudonymized identity — the standard reconciliation of erasure rights with append-only audit records.
Export your ledger anytime (dashboard → audit export). Close your account from the dashboard. For access/correction/erasure requests beyond that: support@sproutpad.ai. If you are in the EU/UK, these are your GDPR rights and we honor them as described above.
Secrets are hashed (keys) or encrypted (mailbox credentials) at rest; sessions are server-side and revocable; every provider call goes through our accounts, so your agents never hold provider credentials. Vulnerability reports: security.txt.