Security & Data Handling

Data flow

1. Clients submit information through an online form.
2. The data is transferred via a webhook.
3. The Sprint is delivered through asynchronous email communication.

Access to data

Access to client data is limited to the individuals responsible for delivering the Sprint. Data is not shared with third parties other than the technical service providers listed on the Subprocessors page.

Data retention

Client data is retained for up to 90 days after completion of the Sprint. During this period, data may remain in working email inboxes solely for the purpose of follow-ups, clarifications, or delivery-related communication.

We do not operate a separate long-term archive of client data.

Client systems

We do not access or log into client systems. Work is performed exclusively on information provided by the client via the form or email.

Limitations

At launch, we do not offer a Data Processing Agreement (DPA), security certifications, or Non-Disclosure Agreements (NDA) as standard.