🇪🇺

GDPR Compliance

Full compliance with the General Data Protection Regulation

Our GDPR Commitment

Sparrow is fully committed to GDPR compliance. We act as both a data controller (for our own business data) and a data processor (for customer data you store in our platform). We have implemented comprehensive technical and organizational measures to ensure the highest level of data protection for EU citizens.

Your Rights Under GDPR

  • Right to Access: Request a copy of your personal data we hold
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Data Portability: Receive your data in a structured, commonly used format
  • Right to Restrict Processing: Limit how we use your data
  • Right to Object: Object to processing of your personal data

How We Support Your GDPR Compliance

Data Processing Agreement (DPA): We provide a comprehensive DPA that defines our responsibilities as your data processor.

Data Residency Options: Choose where your data is stored (EU, US, or other regions) to meet your compliance requirements.

Data Exports: Export all customer data at any time in standard formats (JSON, CSV) for portability.

Consent Management: Tools to manage and document customer consent for data processing.

Data Retention Controls: Configure automatic deletion policies to comply with data minimization principles.

Breach Notification: We notify you within 24 hours of any data breach, enabling you to meet the 72-hour notification requirement.

Technical & Organizational Measures

Encryption

AES-256 at rest, TLS 1.3 in transit

Access Control

Role-based access, 2FA, SSO support

Audit Logging

Complete audit trail of data access

Data Minimization

Only collect necessary data

Data Transfers

When transferring personal data outside the EEA, we use Standard Contractual Clauses (SCCs) approved by the European Commission. We also assess the legal framework of the destination country and implement supplementary measures as needed to ensure adequate protection.

Contact Our DPO

To exercise your GDPR rights or ask questions about data protection:

Email: dpo@sparrow.help
Data Protection Officer: Sarah Johnson
Response time: Within 30 days as required by GDPR