sprintdsprintd

Legal

Privacy Policy

How sprintd handles your data, what we collect, who we share it with, and your rights.

Last updated · 27 May 2026

1. Introduction

This Privacy Policy governs how sprintd GmbH (“sprintd”, “we”, “us”) collects, uses, stores, and discloses personal data when you visit sprintd.org, contact us through our forms, or take part in sprintd events.

This Policy is governed by the Swiss Federal Act on Data Protection (“revFADP”, in force since 1 September 2023) and, where applicable, the EU General Data Protection Regulation (“GDPR”). The lawful basis for each processing activity is set out in this Policy and is one of: your consent (Art. 6(1)(a) GDPR), the performance of a contract or pre-contractual measures (Art. 6(1)(b)), compliance with a legal obligation (Art. 6(1)(c)), or our legitimate interest in operating sprintd (Art. 6(1)(f)).

Data controller

sprintd GmbH
c/o Christoph Kohler, Brohegasse 53, 4126 Bettingen, Switzerland
UID: CHE-397.280.023
Contact: alexandros@sprintd.org

We have not appointed a Data Protection Officer. sprintd is not legally required to do so at its current scale.

2. What we collect and process

We collect personal data through forms on sprintd.org, when you apply to or participate in sprintd events, and automatically through the technical operation of our website.

Form submissions on sprintd.org

  • Waitlist: your email address.
  • Partner / sponsor inquiries: name, email, company name, and the contents of your message.
  • Builder inquiries: name, email, and (optional) your role.
  • Mentor inquiries: name, email, and the contents of your message.

Event participants (when you apply to or take part in a sprintd event)

  • Personal identification: name, contact data, nationality, employment history.
  • Application materials: motivation letters, CVs, diplomas, references, links to your work.
  • Submission data: ideas, prototypes, code, and any other materials you submit during a sprintd event. Intellectual property in your submissions is governed by separate Event Terms & Conditions, which you accept at the point of application, and is not governed by this Privacy Policy.
  • Event content: photographs and video recordings taken at sprintd events for documentation and marketing purposes (event recaps, sprintd.org, social media).
  • Alumni and community data: ongoing contact details and (where you choose to share it) employment information for community communications and future event invitations.

Technical data

IP address, access timestamps, browser and operating system information. This data is collected automatically by our hosting provider (Cloudflare) for the safe operation and security of the site.

Sensitive personal data

We do not actively collect special-category personal data (health, religion, political views, etc.). If you voluntarily disclose such data in a free-text field (for example in a motivation letter), it is processed only on the basis of your consent and only for the purpose for which you provided it.

3. Cookies

sprintd.org does not currently set any cookies, neither for analytics nor for marketing. The site uses only essential technical state (such as your language preference) that does not constitute a tracking cookie under the EU ePrivacy Directive or Swiss equivalents. If this changes in the future we will update this Policy and, where consent is required, ask for it before setting any non-essential cookies.

4. Why we collect personal data

We process personal data for the following purposes:

  • To respond to your inquiries submitted through our forms (partner, builder, mentor, general contact).
  • To notify you when the sprintd platform becomes available, if you have joined the waitlist.
  • To process applications to sprintd events.
  • To run sprintd events: participant communications, logistics, mentor matching, judging, and post-event follow-up.
  • For documentation and marketing of sprintd events through photography and video.
  • To send you community updates, alumni communications, and newsletters about sprintd events and the sprintd platform, where you have opted in.
  • For safety, security, and fraud prevention on our website and at our events.
  • To comply with Swiss legal and accounting record-keeping obligations.
  • To establish, exercise, or defend legal claims.

5. How we share your personal data

We do not sell your personal data. We share your data only with the following categories of recipients.

Subprocessors

Services that process your data on our behalf, under data processing agreements.

SubprocessorPurposeLocation
Cloudflare Inc.Website hosting, edge runtime, D1 database for form submissions, DNS, DDoS protectionGlobal (EU or US)
Resend (Drip Email Inc.)Transactional email delivery for form notificationsUnited States (EU residency available)
Google Ireland Ltd.Workspace mailbox (alexandros@sprintd.org) where form notifications are receivedEU (Ireland), possible transfer to US

Event partners and sponsors

With your consent, we may share specific event-participant information (such as your application materials or submission) with sponsors of an event you have applied to or are participating in. The scope of this sharing is described at the point of consent.

Other recipients

Our legal counsel, accountants, banks, and government authorities, where required by law or to establish, exercise, or defend legal claims.

6. International data transfers

Some of our subprocessors (in particular Resend, and potentially Cloudflare and Google Workspace) may transfer your personal data outside Switzerland and the EU/EEA, including to the United States. Such transfers are protected by Standard Contractual Clauses (SCCs) as approved by the European Commission and recognized by the Swiss Federal Data Protection and Information Commissioner (“FDPIC”), or by other recognized transfer mechanisms such as the EU-U.S. Data Privacy Framework adequacy decision.

7. Your rights

You have the following rights regarding your personal data:

  • The right to access the personal data we hold about you.
  • The right to have your data corrected or completed.
  • The right to erasure (“right to be forgotten”).
  • The right to restrict processing.
  • The right to data portability.
  • The right to withdraw consent at any time, including unsubscribing from any newsletter or community communication.
  • The right to object to processing based on legitimate interest.
  • The right not to be subject to a decision based solely on automated processing.
  • The right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC, edoeb.admin.ch) or, if you are in the EU/EEA, with your local data protection authority.

To exercise any of these rights, contact us at alexandros@sprintd.org. We may ask you to verify your identity. We may decline a request to the extent permitted by law (for example, where statutory retention obligations apply or where our overriding interests prevail).

8. How long we keep your data

Retention is determined by purpose and legal requirements:

  • Waitlist subscribers: retained until you unsubscribe.
  • Form inquiry data: retained for as long as needed to respond to your inquiry and for a reasonable follow-up period, then deleted or anonymized.
  • Event applications (rejected): deleted no later than six months after the event.
  • Event applications (accepted) and alumni data: retained with your consent for community programs and future opportunities. You may request deletion at any time.
  • Accounting and statutory records: retained for the periods required by Swiss law (typically 10 years for accounting records).

9. Security

We apply appropriate technical and organizational measures to protect your personal data, including transport encryption (HTTPS), restricted access to internal systems, hosted databases with provider-level encryption at rest, and regular review of access permissions. No system is perfectly secure. If a personal data breach occurs we will notify affected users and the relevant supervisory authority as required by applicable law.

10. Third-party websites

sprintd.org may contain links to external websites. We are not responsible for the privacy practices or content of those sites.

11. Children

sprintd events and the sprintd platform are intended for adults aged 18 or older. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have collected personal data from a minor without verifiable parental consent, we will delete it. If sprintd ever offers programs targeted at minors, we will update this Policy and implement age-appropriate consent mechanisms.

12. Changes to this Policy

We may update this Policy from time to time. The “Last updated” date at the top of this Policy reflects the most recent change. Where changes are material, we will communicate them through an appropriate channel (for example, by email to subscribers).

13. Acceptance of this Policy

By using sprintd.org or participating in sprintd events, you acknowledge this Privacy Policy. If you do not agree with it, please do not use our website or participate in our events.

14. Contact

For any question about this Policy or how we handle your personal data:

sprintd GmbH
c/o Christoph Kohler
Brohegasse 53
4126 Bettingen
Switzerland

alexandros@sprintd.org

Partner with us