← Back to SoloSprint

Privacy Policy

Last updated: May 18, 2026

1. Who we are

SoloSprint ("SoloSprint", "we", "us", or "our") operates https://solosprint.app. We build sprint-planning and outcome-tracking tools for solopreneurs and indie founders. This Privacy Policy explains how we collect, use, and protect your information.

2. Information we collect

  • Account information — name and email address when you create an account.
  • Workspace data — milestones, tasks, sprints, time logs, and notes you create inside the app.
  • Integration credentials — when you connect Plausible, Google Search Console, Google Analytics, or Stripe, we store OAuth tokens or API keys encrypted at rest using AES-256-GCM. We never store or log these in plaintext.
  • Third-party analytics data — when you connect an integration, we fetch metrics (e.g. visitors, clicks, MRR) from that provider on your behalf and store them as outcome signals in your workspace.
  • Usage information — basic server logs (timestamps, HTTP status codes). We do not use third-party behavioral tracking by default.

3. Google user data

When you connect Google Search Console or Google Analytics, SoloSprint requests read-only access to your Google account data via OAuth 2.0. Specifically:

  • Search Console webmasters.readonly scope. We read search traffic metrics (clicks, impressions, CTR, position) only.
  • Google Analytics analytics.readonly scope. We read aggregate behavioral metrics (active users, sessions, conversions) only.

We use this data solely to display outcome signals inside your SoloSprint workspace. We do not share, sell, or transfer Google user data to any third party. We do not use it for advertising or to build profiles outside of SoloSprint.

SoloSprint's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4. How we use your information

  • To provide and operate the SoloSprint service.
  • To sync outcome metrics from connected integrations on your request.
  • To send transactional emails (account verification, password reset).
  • To improve the product through aggregate, anonymized usage patterns.

We do not sell your data to third parties.

5. Data retention and deletion

Your workspace data is retained for as long as your account is active. You may delete your account at any time, which permanently removes your workspace, tasks, metrics, and integration credentials. Integration credentials (tokens, API keys) are wiped immediately when you disconnect an integration from Settings → Integrations.

6. Security

All integration tokens and API keys are encrypted at rest with AES-256-GCM before being written to the database. Access tokens are never returned to the browser and are not logged in server output. We use HTTPS in production.

7. Third-party services

SoloSprint is hosted on Vercel. The database is PostgreSQL hosted via Supabase. Authentication uses NextAuth.js. Each third-party service has its own privacy policy governing its use of infrastructure-level data.

8. Your rights

Depending on your location, you may have rights to access, correct, or delete personal data we hold about you. To exercise any of these rights, email privacy@solosprint.app.

9. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or an in-app notice. Continued use of SoloSprint after changes constitutes acceptance of the updated policy.

10. Contact

Questions about this Privacy Policy? privacy@solosprint.app