Privacy Policy
Last updated: 25 April 2026 Β· Publisher: Digital Solution Builders Β· Contact: danielbangs@dsbdigital.biz
- Sprout is a family app you run on your own device. Your data stays on your device.
- We collect no behavioural analytics, no advertising IDs, no third-party tracking.
- Children never have their own accounts. The parent is the only account holder.
- All app data β including children's names, ages, and progress β is stored locally in the app's sandboxed device storage.
- You can export or delete every byte of your family's data from Settings at any time.
This policy describes Sprout v1.x (current dogfood / private-beta releases). When Sprout adds optional cloud sync (planned Q3 2026), this policy will be updated and parents will be asked for explicit consent before any data leaves the device.
1. Scope and Roles
Sprout is published by Digital Solution Builders, a Sierra Leoneβbased studio led by Daniel Solomon Bangura. DSB is the data controller for any data Sprout collects.
This policy covers the Sprout mobile application (iOS + Android) and this website (sprout.dsbdigital.biz). It does not cover Apple App Store or Google Play distribution surfaces (governed by their own policies), nor third-party services Sprout does not yet use (no analytics SDK, no advertising network, no crash-reporting service).
2. Who can use Sprout
Sprout is designed for families with children. The intent is that an adult parent or guardian creates the account and supervises children's use.
- Parents/guardians 18+ create the account.
- Children under 13 (US) / under 16 (EU) may use Sprout only under their parent's supervision and through the parent's account. Sprout never asks children to create their own login.
- This design is intentional, to minimise the data Sprout handles for children and to comply with COPPA (US Children's Online Privacy Protection Act), GDPR-K, and the UK Age Appropriate Design Code.
3. What data Sprout collects
From the parent (account holder)
- Name (entered at signup)
- Email address (used only locally for password recovery β Sprout does not send emails)
- Password (stored only as a SHA-256 hash; the plaintext never leaves the device)
- Profile photo (optional; stored locally as a file URI)
- PIN (optional 4-digit parental-control PIN; stored only as a SHA-256 hash)
From each child (entered by the parent)
- First name
- Birth year (used for age-stage gating; no full date of birth)
- Avatar emoji or photo
- Activity records: challenges completed, points earned, badges, streaks, scripture verses memorised, books read, chores done, savings goals, allowance transactions, weekly goals, fitness/health logs
Telemetry (local-only)
Sprout records app-usage events (app_open, child_selected, pillar_visited, challenge_done) in a local event log capped at 1,000 entries. This log is never transmitted off-device. The parent can view it via Settings β Family Analytics, and can clear it at any time.
What Sprout does NOT collect
- β No advertising identifiers (IDFA, AAID)
- β No location data of any kind
- β No contacts, calendar, microphone, or camera (except when the parent explicitly picks an image for a profile photo)
- β No browsing history or cross-app behaviour
- β No biometrics
- β No third-party analytics (no Firebase, Amplitude, Mixpanel, Sentry, etc. in private-beta builds)
4. Where data is stored
All data lives in local device storage (sandboxed to the Sprout app and cleared when the user uninstalls).
Sprout v1.x has no backend server. No data is transmitted to DSB or any third party.
Optional cloud sync is planned for Q3 2026. When it launches, it will be off by default (existing parents will be asked to opt in), encrypted in transit and at rest, strictly scoped to the parent's own household (Postgres row-level security), and subject to a separate, more detailed cloud-data privacy notice that will be published before the feature ships.
5. How Sprout uses the data
- To show parents their children's progress.
- To generate age-appropriate daily challenges.
- To award badges, streaks, and points.
- To compute the parent-facing "Family Analytics" dashboard.
- To generate the optional weekly digest notification.
That's it. Sprout does not use family data for marketing, recommendation engines, AI training, or sale to third parties β full stop.
6. Data sharing
Sprout does not share family data with any third party. There are no data-sale relationships, no advertising partnerships, no analytics vendors. If law enforcement requested data, DSB has nothing on a server to provide (everything lives on the family's own device).
7. Children's data β COPPA & GDPR-K specifics
Because Sprout is designed for under-13 / under-16 users:
- No direct collection from children. All data fields about a child are entered by the verified parent account holder.
- Parental consent. By creating a Sprout account, the parent provides verifiable consent.
- Parental controls. Parents control all data via Settings: edit children, delete children, export all data, import a backup, set a parental PIN, clear telemetry.
- No behavioural advertising. Sprout will never show advertisements to anyone, including parents. This is a permanent design decision.
- No friend lists, social features, or messaging. Children cannot contact other Sprout users.
- No public profiles. Nothing about a child is ever visible outside the family's own device(s).
8. Your rights
Regardless of jurisdiction, you (the parent) have the right to:
- Access: View all your family's data via Settings β Export Data (JSON download).
- Correct: Edit any child's profile, delete activity records, etc., directly in the app.
- Delete: Use the Settings β Log Out button, which clears all local data, or uninstall the app.
- Port: The exported JSON is a standard, human-readable format you can carry to another device.
- Object: Stop using Sprout at any time, and uninstall.
EU/UK residents additionally have the right to lodge a complaint with their local data protection authority.
9. Security
- Passwords and PINs are stored only as SHA-256 hashes.
- All data is sandboxed to the app on the device.
- DSB does not have access to any family's data β there is no server to access.
- We will publish security advisories at this URL if any vulnerability is discovered.
10. Changes to this policy
We will update this policy when Sprout adds new data flows (most importantly, when cloud sync ships). Material changes will be surfaced as a one-time in-app notice.
11. Contact
Privacy questions: danielbangs@dsbdigital.biz
For complaints under EU/UK data protection law, you may also contact your local supervisory authority. A current list is at edpb.europa.eu.