sprint
n
k

Privacy Policy

Last updated: 2026-05-19 (draft)

This is a working draft for SprintNook's development phase. It will be finalised, with legal review, before public launch.

This policy explains how SprintNook handles your personal data. It is a draft for the development phase; specifics such as retention periods may still change before public launch.

Who we are

SprintNook is operated by MachineSquad Ltd, a company registered in Scotland (company number SC577669), with its registered office at 6&7 Queens Terrace, Aberdeen, AB10 1XL, United Kingdom. MachineSquad Ltd is the data controller for the personal data described here.

Because we serve users in the European Union, both the UK GDPR and the EU GDPR apply to this processing.

Data we process

We process:

  • Account data — your email address, display name, and avatar URL.
  • Workspace and session content — the boards, notes, votes, and other content you and your collaborators create.
  • Audit events — security-relevant and other significant actions, kept to protect your account.
  • Technical data — log and device information generated automatically when you use the service.

Why we process it

We process account and content data to provide the service (performance of our contract with you), technical and audit data to keep the service secure and reliable (our legitimate interests), and any other data where you have given consent or where the law requires it.

Sub-processors

We rely on a small number of providers that process data on our behalf:

  • Vercel — application hosting (EU function regions).
  • Supabase — database and authentication (Paris, eu-west-3).
  • Resend — transactional email (EU region).

Where your data is stored

Personal data is hosted within the European Union. As our company is established in the United Kingdom, data may be accessed from the UK; the UK benefits from a European Commission adequacy decision, so this transfer is permitted without additional safeguards.

How long we keep it

We keep account and content data for as long as your account is active. When you delete your account, we delete or anonymise your personal data within a reasonable period, except where we must retain limited records to meet legal obligations. Final retention periods will be published before launch.

Cookies

SprintNook uses only essential cookies: a session cookie to keep you signed in, and a preference cookie that remembers your chosen language. We do not use advertising or third-party tracking cookies.

Your rights

You have the right to access, rectify, export, or erase your personal data, and to object to or restrict certain processing. To exercise these rights, contact privacy@sprintnook.com. You also have the right to complain to a data protection authority — in France, the CNIL; in the UK, the ICO.

Security

We use technical and organisational measures appropriate to the development stage of the service, including encrypted transport and access controls, to protect personal data.

Children

SprintNook is not intended for children. You must be at least 16 years old to use SprintNook.

EU representative

An EU representative under Article 27 of the EU GDPR will be designated before public launch, and their contact details published here. [EU representative — to be appointed]

Changes to this policy

We may update this policy as the service develops. Material changes will be notified before they take effect.

Contact

For any privacy question, or to exercise your rights, contact privacy@sprintnook.com.