Springpoint Insights Privacy Policy

This Privacy Policy explains how Tech Local (Pty) Ltd (registration number 2025/315373/07) processes personal information when you use Springpoint Insights, related websites, applications, dashboards, APIs, support channels, demos, billing flows, and services.

Where a signed agreement, order form, data processing agreement, or product-specific notice applies, that document applies alongside this policy and controls if there is a conflict.

We aim to meet the requirements of POPIA in South Africa and GDPR where those laws apply.

• Responsible party / controller: Tech Local (Pty) Ltd.
• Information Officer: Troy Drummond, Head of Operations & Delivery - troy@techlocal.co.za.
• Privacy requests: troy@techlocal.co.za.
• Service support: tech@eco-technology.co.za.

• Account and identity data such as name, email address, company, role, login details, account preferences, and organisation membership.
• Workspace and service data such as prompts, messages, saved queries, generated answers, dashboards, reports, feedback, files, and support requests.
• Database and integration data such as connection details, encrypted credentials, schema metadata, table and column names, query text, query results, execution logs, and integration configuration.
• Billing and commercial data such as plan, payment status, invoice details, tax or billing profile details, and limited payment metadata. Payment card details are processed by payment providers; we do not store full card numbers.
• Technical, security, and usage data such as IP address, device and browser details, cookies, session data, performance metrics, API usage, authentication events, audit events, and diagnostic logs. Where configured and where you opt in, this may also include analytics and session replay tools such as PostHog, including recordings or replays of key product events and user interactions, so we can diagnose user errors, understand confusing workflows, improve reliability, and make the service easier to use.
• Marketing preferences and communications where you opt in or where the law allows us to contact existing customers about related services.

We collect data directly from you, from your organisation, from systems you connect to the service, from vendors that help operate the service, and from technical events generated during use.

• Provide and operate the service, including account access, database connections, chat responses, dashboards, support, onboarding, and administration.
• Process prompts, schema metadata, query results, files, and other submitted data through AI systems when that processing is part of the service.
• Secure the service through authentication, logging, abuse prevention, rate limiting, vulnerability management, incident response, and audit trails.
• Manage billing, subscriptions, invoices, payment methods, renewals, cancellations, and customer communications.
• Improve reliability, quality, and performance through aggregate analytics, diagnostics, product metrics, and support learnings.
• Meet legal, tax, accounting, regulatory, dispute, and data-rights obligations.

Our legal bases include contract, legitimate interests, consent where required, and legal obligation where applicable.

Springpoint Insights uses AI-assisted processing to translate natural-language requests into database queries, explain results, generate summaries, and support related workflows. Depending on configuration, submitted data may be sent to AI model or transcription providers such as OpenAI, Groq, or similar providers.

We do not permit AI providers to train on your data unless this is expressly agreed with you or your organisation in writing, or presented as a clear opt-in.

AI outputs and generated queries can be incomplete or incorrect. You should review important outputs before relying on them, especially for business, financial, compliance, employment, or other high-impact decisions.

We use strictly necessary cookies and technical storage for authentication, routing, security, preferences, and core service functionality.

Where configured, we may use privacy-conscious analytics, performance monitoring, and error diagnostics such as Vercel Web Analytics, Vercel Speed Insights, and Sentry to understand aggregate use, detect issues, and improve reliability.

We do not use advertising pixels or cross-site marketing trackers unless we update this policy and, where required, provide consent controls first.

• Infrastructure, hosting, and deployment providers such as Vercel and related cloud services.
• Database, authentication, storage, and connected-service providers such as Supabase and customer-selected database hosts.
• AI model, transcription, and automation providers such as OpenAI, Groq, and similar providers depending on configuration.
• Email, support, and messaging providers such as Resend and Supabase Auth email services.
• Payment and billing providers such as Payfast and accounting or invoicing tools.
• Analytics, performance, diagnostics, security, legal, accounting, and compliance providers where needed.

We require appropriate data protection terms where applicable and limit vendor access to what is necessary for the relevant purpose.

Our providers may process data in South Africa, the EU, the United States, and other countries. Where GDPR applies, we use appropriate safeguards such as Standard Contractual Clauses. Under POPIA section 72, we only transfer personal information to another country where a permitted safeguard or legal basis applies.

We keep personal information no longer than necessary for the purposes described in this policy, unless a longer period is required by law, contract, security needs, dispute handling, backups, or legitimate operational needs.

We use reasonable technical and organisational measures, including encryption in transit, access controls, least-privilege permissions, environment separation, logging, monitoring, routine patching, and database row-level security where appropriate. No online service can be completely secure, but we work to protect your data.

Please contact support promptly if you suspect unauthorised access, credential exposure, or a security issue affecting your workspace.

We will not send electronic direct marketing to non-customers without prior consent where consent is required. Existing customers may receive service notices and limited related-service updates where permitted by law. Marketing messages will include a clear opt-out where required.

Subject to law, you may request access, correction, deletion, objection, restriction, and, where GDPR applies, data portability. You may also withdraw consent where processing is based on consent. To exercise your rights, email troy@techlocal.co.za. We may request information to verify your identity before acting on a request.

If we cannot resolve your concern, you can complain to the Information Regulator of South Africa. If GDPR applies, you may also complain to your local supervisory authority in the EU.

The service may link to or integrate with third-party systems, databases, cloud platforms, and tools. Their privacy practices are governed by their own notices and agreements.

We may update this policy as our products, vendors, or legal obligations change. The effective date above shows the latest version.

Tech Local (Pty) Ltd
18 Rosyth Road, Nahoon
East London, Eastern Cape, 5241
South Africa
Privacy: troy@techlocal.co.za
Support: tech@eco-technology.co.za