Privacy and Technical


Sprig's privacy policy can be found here.

Data Security, PII, and GDPR

Sprig is Privacy Shield certified, PCI DSS compliant, and regularly runs 3rd-party penetration tests to identify possible vulnerabilities proactively. All Sprig SDK and the Sprig backend communication is done securely over SSL, and your data is stored in a database that is encrypted at rest.

Sprig will not implicitly collect any personally identifiable information (PII) about your users. If you wish to send user PII to Sprig, it must be done explicitly through the Sprig data collection APIs for attributes or events.

In compliance with General Data Protection Regulation (GDPR) and other data regulatory frameworks, Sprig offers functionality for data access, erasure, and opt-out for Enterprise customers. Please reach out to your customer service representative to learn more.

Network Reliability & Retries

The Sprig SDK has built-in queueing and retry functionality to make it resilient to network disruptions. This helps to ensure that you’re always working on the most current user data.

Minimum TLS Requirements:

The minimum supported Transport Layer Security protocol version for communicating with Sprig services is TLSv1.2_2019.



The following TLS versions are not supported:

  • TLSv1
  • TLSv1_2016
  • TLSv1.1_2016
  • TLSv1.2_2018