~/sph.sh

Privacy Policy

Privacy Policy for SPH Software Consultancy and SaaS services - How we collect, use, and protect your data

Privacy Policy#

Last updated: January 8, 2025

1. Introduction#

At SPH (Software Project Hub), we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our software consultancy services and SaaS platforms.

2. Information We Collect#

Personal Information#

  • Account Information: Name, email address, company name, job title
  • Contact Information: Phone number, mailing address (when provided)
  • Billing Information: Payment details, billing address, tax information
  • Profile Information: Professional background, preferences, settings

Technical Information#

  • Usage Data: How you interact with our services, features used, time spent
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Server logs, error reports, performance metrics
  • Cookies and Tracking: Session data, preferences, analytics information

Content and Communications#

  • User Content: Files, code, documents you upload or create using our services
  • Communications: Messages, support tickets, feedback, consultation notes
  • Analytics Data: Performance metrics, user behavior patterns

3. How We Use Your Information#

We use your information for the following purposes:

Service Provision#

  • Providing and maintaining our SaaS platforms
  • Delivering software consultancy services
  • Processing payments and managing subscriptions
  • Providing customer support

Communication#

  • Sending service-related notifications
  • Responding to inquiries and support requests
  • Sharing important updates and security alerts
  • Marketing communications (with your consent)

Improvement and Analytics#

  • Analyzing usage patterns to improve our services
  • Developing new features and functionality
  • Monitoring system performance and security
  • Conducting research and analytics

Legal and Security#

  • Complying with legal obligations
  • Protecting against fraud and abuse
  • Enforcing our terms of service
  • Maintaining system security

4. Legal Basis for Processing (GDPR/KVKK)#

We process your personal data based on:

  • Contract Performance: Fulfilling our service agreements with you
  • Legitimate Interest: Improving services, security, and business operations
  • Consent: Marketing communications and optional features
  • Legal Obligation: Compliance with applicable laws and regulations

5. Data Sharing and Disclosure#

We do not sell your personal information. We may share your data in these situations:

Service Providers#

  • Cloud hosting providers (AWS, Google Cloud)
  • Payment processors (Stripe, PayPal)
  • Analytics services (anonymized data only)
  • Customer support tools
  • Email and communication services

Legal Requirements#

  • To comply with court orders or legal processes
  • To protect our rights and property
  • To prevent fraud or illegal activities
  • To protect user safety and security

Business Transfers#

In case of merger, acquisition, or sale of assets, your information may be transferred to the new entity with equivalent privacy protections.

6. Data Security#

We implement comprehensive security measures:

Technical Safeguards#

  • End-to-end encryption for sensitive data
  • Regular security audits and penetration testing
  • Multi-factor authentication requirements
  • Secure data transmission (TLS/SSL)
  • Regular software updates and patches

Administrative Safeguards#

  • Employee training on data protection
  • Access controls and principle of least privilege
  • Regular review of data processing activities
  • Incident response procedures
  • Data backup and recovery systems

Physical Safeguards#

  • Secure data centers with controlled access
  • Environmental protection systems
  • Surveillance and monitoring systems

7. Data Retention#

We retain your information for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Maintain business records

Specific Retention Periods:

  • Account data: Retained while account is active, plus 3 years after closure
  • Billing information: 7 years for tax and accounting purposes
  • Usage logs: 2 years for security and analytics
  • Support communications: 5 years for quality assurance

8. Your Rights#

Depending on your location, you may have the following rights:

Access and Portability#

  • Request a copy of your personal data
  • Receive your data in a portable format
  • Access information about how we process your data

Correction and Updates#

  • Correct inaccurate personal information
  • Update your profile and preferences
  • Modify communication settings

Deletion and Restriction#

  • Request deletion of your personal data
  • Restrict processing of your information
  • Object to processing based on legitimate interests

Consent Management#

  • Withdraw consent for marketing communications
  • Opt-out of non-essential cookies
  • Modify privacy preferences

To exercise your rights, contact us at privacy@sph.sh

9. International Data Transfers#

As a German company, we primarily operate within the EU/EEA. When we transfer data outside the EU/EEA:

  • We ensure adequate protection through standard contractual clauses
  • We comply with GDPR requirements for international transfers
  • We implement appropriate safeguards for cross-border transfers
  • We use adequacy decisions where available

10. Cookies and Tracking#

Essential Cookies#

  • Authentication and session management
  • Security features and fraud prevention
  • Basic functionality and user preferences

Analytics Cookies#

  • Usage statistics and performance monitoring
  • Feature adoption and user behavior analysis
  • Service improvement insights

Marketing Cookies#

  • Advertising and promotional content
  • Social media integration
  • Third-party marketing platforms

You can control cookies through your browser settings or our cookie preferences center.

11. Children's Privacy#

Our services are not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

12. Third-Party Services#

Our services may integrate with third-party platforms. This policy does not cover third-party privacy practices. Please review their privacy policies separately.

13. Changes to This Policy#

We may update this Privacy Policy to reflect:

  • Changes in our services or business practices
  • Legal or regulatory requirements
  • Industry standards and best practices

We will notify you of material changes through:

  • Email notifications
  • In-app notifications
  • Website announcements

14. Contact Information#

Data Protection Officer: privacy@sph.sh General Inquiries: legal@sph.sh Address: Berlin, Germany

For GDPR-related inquiries: gdpr@sph.sh

15. Regulatory Information#

Germany (GDPR/BDSG Compliance): As a German company based in Berlin, we fully comply with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG).

European Union (GDPR Compliance): We comply with the General Data Protection Regulation (GDPR). EU residents have specific rights under this regulation.