Sprinted

Privacy Policy

Last updated: March 2026

Overview

This Privacy Policy is provided by Kennedy Growth Solutions LLC, a Florida limited liability company doing business as Sprinted (“we,” “us,” or “our”), operator of the platform at sprinted.io. It explains what personal information we collect, how we use it, and your rights regarding that information. By using our service, you agree to the practices described below.

1. Information We Collect

We collect two distinct categories of data:

Account Data

  • Name and email address — provided when you create an account or purchase a subscription.
  • Phone number — collected only if you enable two-factor authentication (2FA). Used solely for SMS verification and never for marketing.
  • Payment information — billing details (card number, expiry, CVC) are entered directly into Stripe’s hosted fields. We never see or store raw card data. We retain only a Stripe customer ID and subscription ID.
  • Usage data — standard server logs including IP addresses, browser type, pages visited, and timestamps, used for security and debugging.

Uploaded Data

  • The contact lists you upload for verification — including names, phone numbers, email addresses, job titles, company names, and any other fields contained in your CSV files.
  • This data belongs to you and is processed solely to deliver verification results back to you.

2. How We Use Your Information

Account Data is used to:

  • Create and manage your account and authenticate your identity.
  • Process payments and manage your subscription via Stripe.
  • Send transactional emails (account verification, password reset, job completion notifications) via Resend. We do not send marketing emails without your explicit consent.
  • Send SMS verification codes via Twilio when 2FA is enabled.
  • Detect and prevent fraud, abuse, and unauthorized access.

Uploaded Data is used solely to:

  • Perform the lead verification services you have requested.
  • Return verified results and propensity scores to you.

Aggregate Analytics:

We may use anonymized, aggregate patterns derived from verification activity — such as optimal dial times by industry or region — to improve our services. This aggregate data contains no personally identifiable information and cannot be traced back to your specific leads or contacts.

3. What We Never Do With Your Data

  • We never sell your uploaded contact lists to any third party.
  • We never share your leads with other customers or data brokers.
  • We do not use your uploaded contacts to build competing data products for resale.
  • We do not send marketing emails to you without your explicit consent.

4. Third-Party Services

We share data with the following trusted service providers, each of whom accesses only the data necessary to perform their specific function and operates under their own privacy and security policies:

Stripe — Payment Processing

Handles all payment card data in a PCI-compliant environment. Your card details go directly to Stripe and never pass through our servers. Governed by Stripe’s Privacy Policy.

Supabase — Database & Authentication

Stores your account data and uploaded lists on AWS-hosted infrastructure. Access is controlled by row-level security policies tied to your account.

Resend — Transactional Email

Delivers emails you’ve triggered (account verification, job complete notifications, password resets). Your email address is shared with Resend only for this purpose.

Twilio — SMS Verification

Sends SMS verification codes when you initiate a 2FA request. Your phone number is shared with Twilio only when you trigger a code.

Vercel — Website Hosting

Hosts and serves the Sprinted web application. Standard request logs (IP, user agent, timestamp) may be processed by Vercel’s infrastructure.

5. Data Retention

  • Account data is retained for as long as your account is active.
  • Uploaded lists and verification results are retained for 90 days after a job is marked complete, then permanently deleted from our active systems. You may delete individual jobs and their results at any time from your dashboard.
  • Upon account deletion, all your personal data — name, email, phone, uploaded lists, and verification results — is permanently removed within 30 days. Payment records are retained for 7 years as required by law and anonymized where possible.
  • Aggregate, anonymized analytics (containing no personally identifiable information) may be retained indefinitely for service improvement purposes.

6. Cookies

We use only essential, session-based cookies required to operate the service — specifically, the authentication session cookie managed by Supabase that keeps you logged in. We do not use advertising cookies, third-party tracking pixels, or analytics cookies that follow you across other websites.

7. Your Rights

Regardless of your location, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correction — update your name or email from your account settings at any time.
  • Deletion — delete your account at any time from Account → Danger Zone, permanently removing your data.
  • Data portability — download your verification results as CSV from your dashboard at any time.
  • Opt-out of communications — transactional emails cannot be disabled while your account is active (they are required to operate the service), but you may contact us to limit non-essential communications.

California residents (CCPA): You have the right to know what personal information we collect, to request its deletion, and to opt out of the sale of personal information. We do not sell personal information.

EEA/UK residents (GDPR): Our lawful basis for processing your data is contract performance (to deliver the service you paid for) and legitimate interests (security, fraud prevention). You have the right to lodge a complaint with your local data protection authority.

8. Security

We use industry-standard security measures: encrypted connections (TLS), encrypted data at rest via Supabase/AWS, row-level security policies limiting each user’s access to their own data, and optional SMS two-factor authentication. No transmission over the internet is 100% secure; we cannot guarantee absolute security, but we are committed to protecting your data.

9. Jurisdiction

This Privacy Policy and any disputes relating to it are governed by the laws of the State of Florida, consistent with our Terms of Service.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page and notify you by email for material changes. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, please contact us at: support@sprinted.io

Kennedy Growth Solutions LLC DBA Sprinted