1. IntroductionAt
Spry Elephant LLC (“we,” “us,” or “our”), we are committed to protecting the privacy and confidentiality of our clients’ information. We specialize in software development and consulting services and may, in the course of our work, have access to data belonging to our clients and, in some cases, to their end-users. This Privacy Policy explains the types of information we collect, how we use and protect that information, and the rights and choices you have regarding your data.
2. Scope of this PolicyThis Policy applies to all client information that we collect or process in connection with our software consulting services globally. By engaging our services or otherwise providing us with information, you acknowledge that you have read and understood this Privacy Policy.
3. Types Of Data We Collect
1. Client Contact DetailsWe collect basic business contact details (e.g., names, email addresses, and business addresses) for project management, communication, and billing.
Purpose of Collection: To facilitate project collaboration, send updates, invoices, and other business communications.
2. Project-Related DataThis includes any information, documentation, code, specifications, or other materials provided to us by you to fulfill our contractual obligations.
Purpose of Collection: To develop, test, and deliver software or related services.
3. System Access CredentialsYou may grant us access to development environments, test servers, code repositories, or other systems necessary for project work.
Purpose of Collection: Strictly to perform authorized tasks related to your project (e.g., development, testing, deployment).
4. Minimal Personal Data (If Required)Our primary focus is on software development, not on managing end-user data. However, if a project requires accessing or processing personal data about your end-users (e.g., a sample dataset for testing), we will do so only under your instructions and in compliance with applicable laws.
Purpose of Collection: Provide development, troubleshooting, or testing services related to the project requirements.
Note: We do not collect any sensitive personal information beyond what is strictly required for the project scope. We also do not use your data for marketing or unrelated purposes without your explicit consent.
4. Handling of End-User DataIn certain projects, we may handle data belonging to your end-users, such as customer names, email addresses, or other personal information.
Role: We act as a
data processor on your behalf when it comes to end-user data. You, as the client, remain the data controller.
Use: We only process end-user data under your instructions and for the agreed project scope. We do not share or disclose such data to third parties except as permitted or required to deliver the services.
Security & Confidentiality: We apply all measures described in this Policy (see Section 5, “Data Security Measures”) to protect end-user data from unauthorized access or disclosure.
Compliance: If you need support addressing data subject rights (e.g., GDPR or CCPA requests) or other regulatory obligations concerning end-user data, we will cooperate as reasonably required.
5. Data Security MeasuresWe take data protection seriously and employ industry-standard measures to secure client and end-user data:
1. Secure InfrastructureWe store project data on secure servers with encryption at rest and in transit. We use reputable hosting environments that employ advanced security protocols to prevent unauthorized access.
2. Access ControlsAccess to client data is restricted to authorized personnel who need it to perform their duties. All team members are bound by confidentiality obligations and use role-based permissions and secure authentication methods.
3. Organizational and Technical Safeguards
Policies and Training: We maintain internal guidelines on secure coding, software patching, and threat monitoring.
Detection and Prevention: We use firewalls, anti-malware, and intrusion detection systems to monitor for and prevent potential breaches.
Incident Response: In the unlikely event of a security incident, we have a response plan to notify affected clients promptly and mitigate any potential harm.
4. No Absolute GuaranteeWhile we strive to maintain the highest security standards, no method of electronic storage or transmission over the internet is completely secure. We continually review and update our practices to address new risks and vulnerabilities.
6. Use of Third-Party ServicesWe may engage third-party service providers (sometimes called “sub-processors”) to help us deliver our services, such as hosting platforms, collaboration tools, or payment and invoicing systems.
Vet and Contract: We select reputable providers that demonstrate compliance with relevant data protection laws and best practices.
Limited Purpose: Any third party acts solely on our instructions and for the limited purpose of providing the agreed services.
Accountability: We remain responsible for the data they process on our behalf and take steps to ensure your data is handled securely and lawfully.
No Sale of Data: We do not sell or rent your data to any external party.
7. Data Retention & CollectionWe keep client data only for as long as necessary to fulfill the purposes outlined in this Policy or to comply with legal obligations.
During the ProjectWe retain all necessary project data (including backups or version histories) to provide our services effectively.
Project CompletionOnce a project concludes, our default practice is to return all project-related data upon request and securely delete our copies, including backups and credentials, unless agreed otherwise.
Extended RetentionIf you request or consent to further support or future development, we may securely retain your data for the duration of that extended agreement. If local laws or regulations require us to keep certain records (e.g., financial records for auditing), we will comply.
Deletion of Personal Contact DataIf you end your relationship with us or ask us to delete your contact information, we will securely remove or anonymize it, unless retention is necessary for legal compliance or to defend against legal claims.
8. Compliance with data protection Laws We operate globally and strive to comply with all relevant data protection laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA):
GDPR (for EU/EEA Residents)Data Processor Role: When processing end-user personal data on behalf of EU/EEA clients, we act as a data processor under your instruction.
Principles: We adhere to GDPR’s principles (lawfulness, fairness, transparency, purpose limitation, data minimization, etc.).
Data Subject Rights: We will assist you in responding to requests to access, rectify, or delete end-user data, or any other applicable rights.
CCPA (for California Residents)Service Provider Role: We process personal information only for the business purposes outlined in our agreement.
No Selling: We do not sell personal information.
Consumer Rights: We will support any verified requests from you or your customers seeking to exercise their CCPA/CPRA rights over the data we handle on your behalf.
Other RegionsWe aim to apply equivalent levels of protection even in regions without comprehensive data protection laws. If specific regulations apply to your project (e.g., HIPAA for healthcare data), we will work with you to meet those requirements.
9. Your RightsDepending on the jurisdiction, you may have the following rights with respect to your personal data:
Right to Access – Request a copy of the personal data we hold about you.
Right to Rectification – Request correction of inaccurate or incomplete data.
Right to Deletion – Ask us to delete your data, provided we have no lawful basis to retain it.
Right to Restrict Processing – In some cases, request that we limit our processing of your data.
Right to Object – Object to certain uses of your data.
Right to Data Portability – Request a copy of your personal data in a common, machine-readable format.
Right to Non-Discrimination – We will not deny you services or provide lower quality services if you exercise any of your privacy rights.To exercise these rights or for any privacy-related concerns, please contact us using the information provided in Section 11.
10. Children’s Privacy Our services are not directed to children, nor do we knowingly collect personal information from individuals under the age required by local laws to provide valid consent. If you believe a child has provided us with personal information, please contact us so we can delete it.
11. Contact UsIf you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out:
Spry Elephant LLCAttn: Privacy Team/Data Protection Officer
1537 North Street
Boulder, CO 80304
USA
Email:
privacy@spryelephant.com
We will respond to your inquiry as soon as possible and within any legally required timeframe.
12. Changes to This PolicyWe may update this Privacy Policy to reflect changes in our practices or in response to evolving legal requirements. When we make significant changes, we will notify clients via email or by posting a prominent notice on our website. The “Effective Date” at the top of this Policy indicates when these changes take effect. We encourage you to review this Policy periodically to stay informed of how we safeguard your information.
Thank you for trusting Spry Elephant LLC with your software development needs.We are committed to upholding the highest standards of privacy and security for our clients and their data.