Privacy policy

Privacy policy of PSPO Agent

1 Introduction

This Privacy Policy comprehensively describes how SPARRING LABS, S.L. (hereinafter, “SPARRING Labs” or “we”), through its PSPO Agent platform, collects, uses, retains and protects the personal data of its users. This document aims to provide the User with all the information necessary to make informed decisions about the use of their personal data, to know their rights and to know how to exercise them effectively.

This policy complies with the General Data Protection Regulation (GDPR) and with Organic Law 3/2018 (LOPDGDD), as well as other data protection regulations applicable at European and national level.

By using our platform, you accept the practices described in this Privacy Policy. If you do not agree with any of its terms, we recommend that you refrain from using the platform.

2 Data controller

SPARRING Labs, as data controller, determines the purposes and means of processing all personal data collected through the PSPO Agent platform. This means that the company defines what data is collected, for what purpose it is used, how long it is retained and what security measures are applied to protect it. The User can trust that all decisions regarding the processing of their data are made in accordance with the principles of minimization, purpose limitation and transparency established by the GDPR.

3 Data collected

PSPO Agent collects only the personal data necessary to provide and improve the service:

4 Purpose and legal basis of processing

5 Data retention

We retain your personal data only for as long as necessary for the purposes for which it was collected, always complying with the periods required by applicable legislation. The general retention criteria are as follows:

• Your account data is maintained while the account is active.
• Upon cancellation, we delete or anonymize your data within a reasonable period.
• Upon withdrawal of marketing consent, we stop processing that data immediately.
• Certain information may be retained in a blocked state to fulfill legal obligations or address liabilities arising from the processing.

6 Data sharing

At SPARRING Labs, we treat your personal data with the utmost confidentiality. We do not sell, rent or transfer your data to third parties for commercial purposes. We only share personal information in the circumstances described below, and always with appropriate safeguards:

• Service providers (data processors): external companies that help us provide the service, acting under our instructions and without using your data for their own purposes.
• Legal requirements: when necessary to comply with a legal obligation, respond to a governmental request or judicial order.
• Corporate transactions: in the event of a merger, acquisition or sale, data may be communicated to the third party involved.

7 User rights

In accordance with the GDPR, you may exercise the following rights:

The GDPR recognizes a series of rights that allow the User to maintain control over their personal data. Each of them is detailed below with a brief description of their scope:

You may exercise any of these rights free of charge from the settings section of your account on the platform, or by writing directly to [email protected] with a description of your request and a copy of your identity document to verify your identity. SPARRING Labs undertakes to respond within a maximum period of one month from receipt of the request, informing you of the actions taken or, where applicable, the reasons why the request cannot be fulfilled. If the User considers that the processing of their data does not comply with applicable regulations, they have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD).

8 Information security

At SPARRING Labs, we take the security of your personal data very seriously. We have implemented appropriate technical and organizational measures to protect information against unauthorized access, alteration, disclosure or destruction. The measures adopted include:

9 International transfers

Data processing is carried out, as far as possible, within the European Economic Area (EEA), using cloud provider infrastructure with data centers located in the European Union. SPARRING Labs always prioritizes European providers and, when the nature of the service permits, configures its systems so that personal data does not leave EEA territory at any point in the process.

When language models used by agents are hosted outside the EEA, SPARRING Labs implements appropriate safeguards (standard contractual clauses, European Commission adequacy decisions or other valid mechanisms) before carrying out the transfer.

10 Cookies and tracking technologies

PSPO Agent uses cookies and similar technologies to improve user experience, analyze platform usage and provide personalized content. Cookies are small text files stored on your device when you visit our platform. The types of cookies we use are as follows:

• Technical cookies: essential for the operation of the platform.
• Analytics cookies: to analyze usage and improve performance.
• Preference cookies: to remember your preferences and personalize your experience.

You can manage your cookie preferences at any time through the consent banner that appears when you first visit the platform, or through your browser settings. If you choose to disable analytics or preference cookies, the basic functionality of the platform will not be affected, although some personalization features may not be available. For complete information about the cookies we use, their purpose and duration, please consult our Cookie policy.

11 Electronic communications

12 Minors

PSPO Agent is a professional product management platform aimed exclusively at users aged 18 or over acting in the course of their professional or business activity. We do not intentionally collect personal data from minors, and our registration processes are designed to verify that the User meets this minimum age requirement. If we become aware that data has been collected from a minor, we will proceed with its immediate deletion from our systems and notify the competent data protection authority if necessary. If you are a parent or legal guardian and are aware that a minor under your responsibility has provided personal data through our platform, please contact us immediately at [email protected] so that we can take appropriate measures.

13 Third-party integrations

PSPO Agent integrates with third-party services both for the internal operation of the platform and to offer publication features that the User can voluntarily activate. All providers have been carefully selected and are contractually obligated to protect your data in accordance with the GDPR. We only share the minimum information necessary to provide the corresponding service.

Internal platform services:

Publication integrations (activated by the User):

When the User connects and uses the publication integrations available on the platform, they accept that their backlog data (user stories, plans, dependencies and related artifacts) will be transmitted to the corresponding external services. These integrations are optional and the User decides which ones to activate:

SPARRING Labs does not control and is not responsible for the privacy policies, data processing practices or terms of use of these third-party services, as each operates under its own legal and contractual frameworks. Before activating any integration, we strongly recommend that the User reviews the terms and privacy policy of each external platform to ensure they are compatible with their privacy and security requirements. The User can revoke access to any integration at any time from their account settings in PSPO Agent.

14 Security incidents

In the event of a security breach that poses a risk to the User’s rights and freedoms, SPARRING Labs will notify them without undue delay in accordance with Article 34 of the GDPR, providing clear information about the nature of the incident, the data affected, the possible consequences and the measures taken or proposed to remedy the situation. In parallel, the breach will be reported to the Spanish Data Protection Agency within a maximum of 72 hours from becoming aware of it. To prevent such incidents, SPARRING Labs implements a continuous security program that includes periodic audits, data encryption both in transit and at rest, penetration testing and ongoing team training in data protection and cybersecurity.

15 Amendments

SPARRING Labs may update this Privacy Policy at any time to adapt it to changes in applicable legislation, new resolutions from data protection authorities or developments in platform features and services. When substantial modifications are made that affect how we process User personal data, we will publish the new version on the platform and provide a visible notice, either by email notification or through an informational banner on the platform itself. Continued use of the service after the publication of the new version shall be deemed acceptance of the changes introduced.

16 Contact

You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) if you consider that the processing of your personal data does not comply with applicable data protection regulations. The AEPD is the independent supervisory authority responsible for overseeing GDPR compliance in Spain, and can be contacted through its electronic office at www.aepd.es. However, we recommend that before filing a formal complaint, you contact us to try to resolve the matter directly and promptly.