Introduction
This privacy statement ("Privacy Statement") explains how Sprouter, LLC ("Sprouter," "we," "us," or "our") collects, uses, discloses, and safeguards personal information in connection with the Sprouter websites, mobile applications, and related services (collectively, the "Services"). By using the Services, you agree to the practices described in this Privacy Statement and our Terms and Conditions.
Conditions of Use
If you use the Services, your use and any dispute over privacy is subject to this Privacy Statement and our Terms and Conditions, including limitations on damages, agreement to arbitration, and application of Delaware law.
What Does Sprouter Do?
Sprouter is a customizable profile and events platform that helps individuals and businesses promote their content and, if they choose, monetize through features such as paid events and payouts to organizers. For financial features, Sprouter partners with regulated financial institutions and payment providers. Sprouter is not a bank and does not take beneficial ownership of user funds.
We are headquartered in St. Paul, Minnesota and have offices in Scottsdale, Miami, and Los Angeles.
What Personal Information Does Sprouter Collect?
We collect the following types of information from our users:
Personal Information You Provide to Us Voluntarily
We collect information you submit to the Services or authorize us to obtain, such as full name, email address, phone number, user name(s), preferences, and any content you upload. If you opt into marketing, we collect your marketing preferences (email/SMS) and honor your opt-out choices.
Financial features (selling tickets, receiving payouts, requesting a debit card, or opening a funds-holding sub-account) require additional information for identity verification and compliance, which may include:
- Legal name, date of birth, residential address
- SSN/TIN, government ID details and images
- Citizenship, business information (e.g., legal entity, EIN, beneficial owners)
- Information about your expected activity (e.g., volumes, refund/chargeback policies)
Personal Information Collected Automatically
We receive and store certain types of usage information automatically whenever you interact with the Services. For example, Sprouter may automatically receive and record information such as:
- Device type and identifiers
- IP address, browser information, app version
- Broad geolocation (e.g., country/region), time zone
- Usage & diagnostic data, and other technical data
If you connect social media accounts, we may receive limited profile information you authorize (e.g., display name, profile photo, account ID). We use this information to promote safety and security (including fraud prevention), to communicate with you, to provide analytics, and to personalize the experience.
Additionally, we may undertake automatic scanning of user profiles and links to determine whether mandatory or default sensitive content warnings should be applied to users who wish to access the relevant content, and to determine if content should be removed for violation of our Terms of Service.
Personal Information Collected from Third Parties
We may receive personal information about you from third-party sources where legally permitted, including:
- Identity verification vendors
- Sanctions-screening and fraud/risk platforms
- Payment processors, program banks/card issuers
- Analytics providers and marketing partners
Children's Data
Sprouter services are not intended for use by children under the age of 13. If you are under the age of 13, please do not use the Application or other Sprouter services and do not provide Sprouter with your personal information. If you are a parent or guardian of a child under 13 and you are aware that they have provided Sprouter with personal information, please contact us.
How Does Sprouter Use the Information It Collects?
Sprouter uses the information described in this Privacy Statement to:
- Analyze, develop, provide, secure, and improve the Services
- Inform decisions on new features and enhancements
- Communicate with you about accounts, features, updates, and support
- Enable financial features you request, including opening and administering funds-holding sub-accounts, routing and settling payments, scheduling payouts, and supporting refunds/chargebacks/disputes
- Perform identity verification (KYC), sanctions screening, fraud prevention, anti-money-laundering and other compliance checks, and maintain required records
- Enforce our Terms, protect rights and safety, and comply with legal obligations
Legal Basis for Processing Personal Information
Our legal basis for collecting and using personal information described above will depend on the personal information concerned and the specific circumstances in which we collect it.
We will normally collect personal information from you only where:
- We have your consent
- We need the personal information to perform a contract with you
- The processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms
- We have a legal obligation to collect personal information from you (e.g., KYC/AML/sanctions screening and required recordkeeping)
If we ask you to provide personal information to comply with a legal requirement we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Application Partner Treatment of Personal Information
We host the Services on cloud providers (e.g., AWS). These providers process data on our instructions to deliver the Services; this Privacy Statement—not the cloud provider's policy—governs how Sprouter handles your personal information.
For certain financial features, program banks, card issuers, and payment processors also process personal information. In some cases (e.g., providing regulated banking or issuing services), they may act as independent controllers under their own privacy notices, which will be presented or linked when you enable those features.
Will Sprouter Share Any of the Personal Information It Receives?
Sprouter does not sell personal information. We share personal information as described below to operate the Services and financial features:
- Banking/issuing/ledger partners: To open and administer funds-holding sub-accounts (FBO), perform KYC/AML/sanctions screening, process transactions, manage payouts/reserves/chargebacks, and (if applicable) issue debit cards.
- Payment processors and acquiring partners: To accept payments from buyers and settle funds to organizers.
- Identity, fraud, and risk service providers: To verify identity, prevent fraud/abuse, assess risk, and support underwriting and disputes.
- Infrastructure and support providers: Hosting, storage/backup, logging, analytics, communications, and customer support tools.
- Social login providers: If you choose to authenticate with them.
- Advertising/measurement partners: Where permitted, to measure performance or personalize advertising; you can opt out of sales/sharing or targeted advertising as described below.
- Legal and safety: To comply with law, respond to lawful requests, protect rights and safety, and enforce our Terms.
- Business transfers: As part of a merger, acquisition, financing, or sale of assets.
We may share aggregated or de-identified information that does not identify you. We require service providers to use personal information only to perform services for us and to protect it appropriately.
Does Sprouter Have or Store Any of My Credit Card Information?
Card payments facilitated through Sprouter are processed by our acquiring and card-processing partners and/or a program bank/card issuer (together, the "Card Partners"). Sprouter does not collect or store full primary account numbers (PAN), track data, or CVV/CVC on Sprouter systems. Card data you submit is sent directly to the Card Partners and is handled in accordance with PCI DSS.
Card Partners typically tokenize card data for subsequent authorized uses (for example, refunds or reversals). Sprouter may store limited card metadata—such as last four digits, expiration month/year, card brand, and processor/network tokens—along with transaction receipts and dispute/refund records, to provide support, reconciliation, fraud prevention, risk management, and compliance.
If a debit card is issued to you, the card is issued by a participating bank. Your use of any card is governed by that issuer's cardholder agreement and privacy notice in addition to this Privacy Statement.
If you link a bank account (e.g., for payouts), the account and routing numbers are collected and stored by our banking and payments partners and/or tokenization providers. Sprouter may store tokens or masked identifiers (such as last four and bank name) but not your full bank account number in plaintext.
You may request removal of stored payment methods or tokens through your account or by contacting support; removal does not affect information our banking/issuing/processing partners must retain under applicable law or network rules.
Third Party Applications/Websites
Our Services may permit you to link to other applications or websites. Such third-party applications/websites are not under Sprouter's control, and such links do not constitute an endorsement by Sprouter of those other applications/websites or the services offered through them.
The privacy and security practices of such third-party applications/websites linked to the Services are not covered by this Privacy Statement, and Sprouter is not responsible for the privacy or security practices or the content of such websites. You may refer to our Terms and Conditions for further details.
International Compliance & Disclosure
Your data may be transferred, accessed, and stored globally as necessary in accordance with this Privacy Statement. Where required, we use lawful transfer mechanisms (such as EU Standard Contractual Clauses and the UK addendum) and implement appropriate safeguards.
Sprouter shall ensure that the transfer of your personal data is carried out in accordance with applicable privacy laws, including but not limited to U.S. state privacy laws and the GDPR for data transferred within or outside of the European Economic Area (EEA).
What Rights Do You Have Regarding Your Personal Information?
Sprouter allows you to directly access the following information about you for the purpose of viewing, and in certain situations, updating that information:
- Account and user profile information
- User email address, if applicable
- User social media profile information
- User preferences
- Application specific data
Additionally, you could have additional data protection rights depending on the country or state you reside in and the applicable privacy laws.
UK and European Economic Area Residents
If you are a resident of the UK or the European Economic Area you may have additional rights, including:
- Right of Access: The right to be informed of and request access to the personal data we process about you
- Right to Rectification: The right to request that we amend or update your personal data where it is inaccurate or incomplete
- Right to Erasure: The right to request that we delete your personal data
- Right to Restrict: The right to request that we temporarily or permanently stop processing all or some of your personal data
- Right to Object: The right to object to us processing your personal data where you believe we don't have a legitimate interest to do so, and the right to object to your personal data being processed for direct marketing purposes
- Right to Data Portability: The right to request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party's service
You can view your full legal rights under GDPR at gdpr-info.eu. To exercise these rights you may contact Sprouter at support@getsprouter.com and we will respond to your request in accordance with applicable data protection laws.
Data Deletion
If you would like to have your user data deleted, you should submit a request to support@getsprouter.com. We will respond to your request within 24 hours, as well as delete all (or the requested aspects) of your user data within 30 days. We will then reply with a confirmation back to you that all of your user data has been removed from our systems.
Data Retention
We will retain your personal information for the period necessary to provide you with Sprouter services and for legitimate and essential business purposes, and in accordance with applicable legal and regulatory requirements.
Unless different retention is required by law or program rules:
- Financial/KYC records are retained for at least five (5) years after account or relationship termination, or longer if required by our banking/issuing partners or applicable law.
- Transaction records and support communications are retained for periods appropriate to regulatory, tax, accounting, and fraud-prevention requirements.
- Marketing preferences and analytics are retained as long as needed for those purposes unless you opt out or request deletion.
When a user decides to delete an account with Sprouter, we no longer need social media tokens and similar information and delete that data after 60 days. When a user removes a linked social media account on Sprouter, we remove that data upon the user's request.
How Does Sprouter Secure Your Personal Information?
We are committed to protecting personal information and implement appropriate technical and organizational measures designed to safeguard it against unauthorized access, use, alteration, and destruction. These measures include, as appropriate:
- Encryption in transit and at rest
- Least-privilege and role-based access controls
- Network segmentation
- Audit logging and monitoring
- Key management
- Secure software development and change management
- Vulnerability management
- Employee training and access reviews
- Vendor risk management
We limit access to personal information to employees and service providers with a legitimate business need. Your password protects your Sprouter account. Use a unique, strong password and keep your devices and browsers secure. Where available, we encourage enabling multi-factor authentication.
For card and bank features provided through our banking, issuing, and processing partners, card data and bank account numbers are handled in accordance with applicable standards (e.g., PCI DSS) and partner policies. Sprouter does not store full card numbers or CVV/CVC on Sprouter systems.
We maintain an incident response process. If we become aware of a personal-information breach, we will investigate and, where required by law, notify you and applicable regulators without undue delay, taking steps to mitigate potential harm.
Changes to This Privacy Statement
We may amend this Privacy Statement from time to time. The "last modified" date will be updated when changes are posted. If we make material changes (for example, new categories of personal information or new uses that are materially different), we will provide advance notice (e.g., email or in-product notice), typically at least 30 days before the effective date, unless earlier implementation is required by law or for new features that require acceptance.
Your continued use of the Services after the effective date constitutes acceptance of the updated Privacy Statement.
Questions or Concerns
If you have any questions or concerns regarding privacy on our Services, please send us a detailed message at support@getsprouter.com. We will make every effort to resolve your concerns promptly and transparently.
Addendum for Residents of California
The following section provides supplemental information to California residents, whose personal information we have collected. This section applies to the personal information we collected from California residents during the 12 months prior to the effective date of this Privacy Statement, depending on interactions with us.
1. Collection and Use of Personal Information
(a) Categories of Personal Information We Have Collected:
- Identifiers (e.g., name, alias, email, postal address, online identifiers/cookies)
- Customer records (account profile, transaction history)
- Internet or network activity (browsing/app activity, log data, device data)
- Geolocation (general—country/region/ZIP; we do not collect precise geolocation)
- Audio/visual (customer support call recordings, if applicable)
- Inferences (to personalize or improve the Services)
- Sensitive personal information (SPI) used only for permitted purposes: government identifiers (e.g., SSN/TIN), driver's license/ID details, bank account/routing numbers, and identity-verification data for KYC/AML/sanctions screening, fraud prevention, underwriting, and regulatory recordkeeping related to financial features
(b) Categories of Sources of Personal Information:
- Directly from you (when you create an account, make a purchase, browse our Platform, or use the Services)
- Directly and indirectly from activity on the Services
- Social networks (to the extent we introduce social media log-ins)
- Service Providers who provide services on our behalf
2. Categories of Personal Information Disclosed
We may disclose the following categories of personal information to service providers for a business purpose:
- Identifiers
- Personal records
- Characteristics
- Customer Accounts / Commercial information
- Online usage information
- Geolocation data
- Sensory information
- Inferences derived from personal information
We do not sell personal information and we do not believe that our sharing of information would qualify as a sale under California law. We also do not sell personal information of individuals under 16 years of age.
3. Privacy Rights
- Right to Know: You have the right to request that we disclose to you the categories and specific pieces of personal information we collect, the sources, the business purpose, and the third parties with whom we share.
- Right to Request Deletion: You have the right to request the deletion of your personal information, subject to certain exceptions permitted by law.
- Right to Opt-Out: You may submit a request to record your preference to opt out by emailing us at support@getsprouter.com.
- Right to Non-Discrimination: You have the right to not be treated in a discriminatory manner for exercising your privacy rights.
4. Exercising Your California Privacy Rights
To exercise your rights, you can contact us:
- By email at support@getsprouter.com
- By visiting our contact page
5. Do Not Track
California law requires us to let you know how we respond to web browser Do Not Track (DNT) signals. Because there currently isn't an industry standard for recognizing or honoring DNT signals, we do not respond to them at this time.
6. California's Shine the Light Law
We do not share personal information with third parties for their direct marketing purposes absent your consent as defined by California Civil Code Section 1798.83 ("Shine the Light law"). To opt-out of future sharing with third parties for their direct marketing purposes, contact us at support@getsprouter.com.
Additional State-Specific Privacy Disclosures
For residents of states with comprehensive privacy laws (e.g., CO, CT, DE, FL, IN, IA, MT, OR, TN, TX, UT, and others as they become effective):
- You may have rights to access, correct, delete, obtain a portable copy, opt out of targeted advertising, opt out of sales, and opt out of profiling in furtherance of decisions producing legal or similarly significant effects.
- Submit requests at support@getsprouter.com. We will verify and respond as required.
- If we deny your request, you may appeal by emailing support@getsprouter.com with the subject "Appeal – [Your State] Privacy Rights Request."
- We honor recognized opt-out preference signals where required by state law.
Contacting Us
Sprouter LLC
Headquarters:
3104 East Camelback Road #852
Phoenix, AZ 85016
Email: support@getsprouter.com
