Privacy Policy

Sproutr is operated by Sproutr Ltd, registered in England and Wales. Our registered address and company number are available on request. You can reach us at privacy@sproutr.co.uk.

This policy explains what personal data we collect, why we collect it, how we use it, and what rights you have under UK GDPR and the Data Protection Act 2018.

Account data: When you register, we collect your name, email address, and (if you upgrade) billing details via Stripe. We do not store card numbers — Stripe handles all payment processing.

Usage data: We log which dashboard features you use, pages visited, and actions taken (e.g. site connected, article generated). This is used to improve the product and detect abuse.

Website data: If you enter your website URL into our audit tool, we crawl it to generate an SEO report. We store the domain and audit results against your account.

Communications: If you contact us via email or our contact form, we store the correspondence to help resolve your query.

To deliver the service — generating articles, running audits, sending email reports, and managing your subscription.

To communicate with you — transactional emails (new article ready, trial ending) and, if you opt in, product updates. You can unsubscribe at any time.

To comply with legal obligations — including fraud prevention, tax records, and responding to lawful requests from UK authorities.

We do not sell your data to third parties. We do not use it for advertising.

We use a small number of trusted processors to run the service:

• Clerk — authentication and user management. Data held in EU/UK data centres. • Stripe — payment processing. PCI DSS Level 1 certified. • Neon — PostgreSQL database, hosted on AWS EU (Ireland). • Resend — transactional email delivery. • Anthropic — AI article generation. Prompts and outputs are not used to train Anthropic models under our API agreement. • Vercel — hosting and infrastructure, EU edge network.

All processors are bound by data processing agreements and operate under GDPR-compatible frameworks.

Under UK GDPR, you have the right to:

• Access the personal data we hold about you • Correct inaccurate data • Request deletion of your data ("right to be forgotten") • Restrict or object to processing • Data portability — receive your data in a machine-readable format • Withdraw consent at any time (where processing is consent-based)

To exercise any of these rights, email privacy@sproutr.co.uk. We will respond within 30 days. If you are unhappy with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ico.org.uk).

We retain your account data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are required to retain it for legal or tax purposes (typically 7 years for financial records).

Anonymised, aggregated usage data may be retained indefinitely for product analytics.

We use essential cookies for authentication (session token) and a small number of analytics cookies if you consent. See our Cookie Policy for full details.

We may update this policy as the product evolves. We will notify you by email if we make material changes. The date at the top of this page always reflects the latest version.