Trust and compliance

Privacy Policy

This policy maps the personal data Saga Sprint handles across marketing, authentication, workspace modules, support, billing, AI, and integrations.

Last updated: May 17, 2026
Contact: privacy@sagasprint.com
Company: Saga Sprint

Who we are

Saga Sprint is operated by Saga Sprint.

Data we collect

Account data: name, email, role, authentication state, workspace membership, and security settings.
Workspace data: CRM records, invoices, HR records, inventory data, project records, documents, messages, and module content entered by customers.
Billing data: plan, subscription status, invoices, payment processor identifiers, billing contact details, and tax metadata.
Support and marketing data: contact forms, email preferences, booking requests, messages, and consent records where applicable.
Technical data: IP address, user agent, device and browser metadata, logs, cookies, security events, and audit activity.
AI data: prompts, context, generated responses, tool calls, and customer-approved knowledge or memory records when AI features are enabled.

How we use data

Provide, secure, operate, and improve the Saga Sprint platform.
Authenticate users, enforce tenant isolation, apply role permissions, and write audit logs.
Process payments, subscriptions, invoices, cancellation requests, and support requests.
Send transactional emails, product notices, operational alerts, and consent-based marketing.
Operate AI-assisted workflows and integrations according to customer configuration.
Comply with legal obligations, sanctions screening, tax requirements, fraud prevention, and security investigations.

Legal basis

Contract performance for accounts, modules, billing, support, and ordered services.
Legitimate interests for security, fraud prevention, service improvement, and business operations.
Consent for optional marketing, non-essential cookies, and some integrations when consent applies.
Legal obligation for accounting, tax, sanctions, and regulatory compliance.

Sharing and subprocessors

We use vendors for hosting, database, email, payments, analytics, storage, AI providers, and integrations. The current public list is maintained on the Subprocessors page.

International transfers

Saga Sprint may process data across regions depending on the services, vendors, and integrations used by a customer. For EU, UK, or Swiss personal data, transfer safeguards are handled through the DPA or customer agreement.

Retention

Workspace records are retained while the customer account is active unless deleted by authorized users or required by law.
Audit, security, billing, and accounting records may be retained longer to protect the platform and satisfy legal obligations.
Marketing and support records are retained as needed for the original purpose or until deletion is requested where applicable.

Your rights

Depending on location, individuals may request access, correction, deletion, export, objection, restriction, withdrawal of consent, and other privacy rights available under GDPR, UK GDPR, CCPA/CPRA, Moroccan privacy law, or other applicable laws. Contact privacy@sagasprint.com.

Security

Saga Sprint uses tenant isolation, role-based access, audit logs, encryption in transit, secure cookies, hashed passwords, and controlled provider access. See the Security page for the current security posture.

sagasprint

Loading Saga Sprint...

Data we collect

Account data: name, email, role, authentication state, workspace membership, and security settings.

Workspace data: CRM records, invoices, HR records, inventory data, project records, documents, messages, and module content entered by customers.

Billing data: plan, subscription status, invoices, payment processor identifiers, billing contact details, and tax metadata.

Support and marketing data: contact forms, email preferences, booking requests, messages, and consent records where applicable.

Technical data: IP address, user agent, device and browser metadata, logs, cookies, security events, and audit activity.

AI data: prompts, context, generated responses, tool calls, and customer-approved knowledge or memory records when AI features are enabled.

How we use data

Provide, secure, operate, and improve the Saga Sprint platform.

Authenticate users, enforce tenant isolation, apply role permissions, and write audit logs.

Process payments, subscriptions, invoices, cancellation requests, and support requests.

Send transactional emails, product notices, operational alerts, and consent-based marketing.

Operate AI-assisted workflows and integrations according to customer configuration.

Comply with legal obligations, sanctions screening, tax requirements, fraud prevention, and security investigations.

Legal basis

Contract performance for accounts, modules, billing, support, and ordered services.

Legitimate interests for security, fraud prevention, service improvement, and business operations.

Consent for optional marketing, non-essential cookies, and some integrations when consent applies.

Legal obligation for accounting, tax, sanctions, and regulatory compliance.

Retention

Workspace records are retained while the customer account is active unless deleted by authorized users or required by law.

Audit, security, billing, and accounting records may be retained longer to protect the platform and satisfy legal obligations.

Marketing and support records are retained as needed for the original purpose or until deletion is requested where applicable.