Privacy Policy

Last updated: February 13, 2025

This Privacy Policy describes how Sheet Gurus API ("Company," "we," "us," or "our") collects, uses, and protects your information when you use our website, application, and services (collectively, the "Service").

1. Information We Collect

1.1 Account Information

When you sign in with Google OAuth, we receive your email address and basic profile information from Google. We use this to create and manage your account.

1.2 Google Sheets Data

When you connect a Google Sheet to the Service, we access the contents of that specific spreadsheet using the drive.file scope. This means we can only access files you explicitly connect — we cannot browse or access your other Google Drive files. Sheet data is read on demand and temporarily cached (typically for 15 seconds) to improve API response times.

1.3 Usage Data

We collect information about how you use the Service, including API request counts, timestamps, and feature usage. This data is used for billing, rate limiting, and improving the Service.

1.4 Payment Information

Payment processing is handled by Stripe. We do not store your credit card numbers or payment method details on our servers. Stripe's collection and use of your payment information is governed by their Privacy Policy.

1.5 Log Data

Our servers automatically record information when you access the Service, including your IP address, browser type, request timestamps, and API endpoints accessed. This data is used for security monitoring, debugging, and abuse prevention.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process transactions and send billing-related communications
  • Monitor usage against your subscription tier limits
  • Detect, prevent, and address security issues and abuse
  • Respond to your requests, comments, or questions
  • Send important notices about changes to the Service or our policies

3. How We Share Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • Service providers: We share information with third-party vendors who help us operate the Service (e.g., Stripe for payment processing, Supabase for database hosting, Redis for caching). These providers are bound by contractual obligations to protect your data.
  • Legal requirements: We may disclose your information if required by law, regulation, or legal process, or if we have a good-faith belief that disclosure is necessary to protect the rights, property, or safety of the Company, our users, or the public.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.

4. Data Accessed via Google APIs

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only access Google Sheets data that you explicitly connect to the Service
  • We use your Google data solely to provide and improve the Service as described in this policy
  • We do not use your Google data for advertising or to serve ads
  • We do not transfer your Google data to third parties except as necessary to provide the Service, comply with applicable law, or as part of a merger or acquisition
  • Human access to your Google data is limited to security purposes, investigating abuse, complying with legal obligations, or with your explicit consent

5. Data Retention

5.1 Active Accounts

We retain your account information and usage data for as long as your account is active. Sheet data is cached temporarily (typically 15 seconds) and is not stored persistently beyond the cache window.

5.2 Account Deletion

You may request deletion of your account and associated data at any time by contacting us at [email protected]. Upon receiving your request, we will:

  • Verify your identity
  • Permanently delete your personal data within 30 days
  • Revoke all API keys and MCP tokens associated with your account
  • Send a confirmation email upon completion

5.3 Legal Obligations

Certain records (e.g., billing and transaction data) may be retained for up to 7 years to comply with tax and accounting laws.

6. Data Security

We implement industry-standard security measures to protect your information, including encryption in transit (TLS), secure database hosting, and access controls. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Cookies

We use cookies and similar technologies to maintain your session and remember your preferences. We do not use tracking cookies for advertising purposes.

8. Children's Privacy

The Service is not directed to anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at [email protected].

9. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information to them.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal information
  • Object to or restrict certain processing of your data
  • Receive a copy of your data in a portable format

To exercise any of these rights, contact us at [email protected].

11. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. Material changes will be communicated via email or a prominent notice on the Service at least 30 days before they take effect. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at [email protected].