Privacy and Technical


Sprig's privacy policy can be found here.

Data Security, PII, and GDPR

Sprig is Data Privacy Framework certified, PCI DSS compliant, and regularly runs 3rd-party penetration tests to identify possible vulnerabilities proactively. All Sprig SDK and the Sprig backend communication is done securely over SSL, and your data is stored in a database that is encrypted at rest.

Sprig will not implicitly collect any personally identifiable information (PII) about your users. If you wish to send user PII to Sprig, it must be done explicitly through the Sprig data collection APIs for attributes or events.

In compliance with General Data Protection Regulation (GDPR) and other data regulatory frameworks, Sprig offers functionality for data access, erasure, and opt-out for Enterprise customers. Please reach out to your customer service representative to learn more.

Replays Privacy

Replays prioritize privacy to ensure sensitive customer information is not captured, which can be controlled in Settings > Replays > User privacy. Sprig Admins must customize privacy settings before launching Replay.
Replay clips blur out all form content on screen by default, but you can also opt to hide all images, password fields, and/or specific CSS selectors.

AI Analysis Privacy

Sprig AI Analysis leverages OpenAI’s latest GPT large language models. Sprig response data sent to OpenAI's API is automatically deleted after 30 days and is not used to train OpenAI's AI models.

Network Reliability & Retries

The Sprig SDK has built-in queueing and retry functionality to make it resilient to network disruptions. This helps to ensure that you’re always working on the most current user data.

Minimum TLS Requirements:

The minimum supported Transport Layer Security protocol version for communicating with Sprig services is TLSv1.2_2019.



The following TLS versions are not supported:

  • TLSv1
  • TLSv1_2016
  • TLSv1.1_2016
  • TLSv1.2_2018