Privacy Policy

Last updated: March 28, 2026

What We Collect

When you use SheetZapi, we collect the following information:

  • Account information:email address and display name provided via Google OAuth or direct sign-up
  • Google OAuth tokens:access and refresh tokens needed to read your connected Google Sheets on your behalf; we never store your Google password
  • IP addresses:logged for API requests to enable rate limiting, security monitoring, and IP allowlisting features
  • Usage analytics:request counts, endpoint activity, and error rates aggregated per sheet and per API key
  • Request logs:detailed API request logs (method, path, status, timestamp) are retained for paid plan users for up to 90 days
  • Billing information:subscription plan and payment status; card details are handled exclusively by Stripe and never touch our servers

What We Do NOT Store

SheetZapi does not store the contents of your Google Sheets. When you make an API request, we proxy the data from Google in real time and return it directly to the requester. Your spreadsheet data passes through our infrastructure but is never persisted to our database or cache beyond the TTL of your API response cache.

We also do not sell, rent, or trade your personal information to third parties for marketing purposes.

How We Use Your Data

  • Service delivery:authenticating your account, routing API requests, and applying your plan limits
  • Fraud prevention & security:detecting abuse, enforcing rate limits, and responding to suspicious activity
  • Product improvement:understanding which features are used most to prioritize development
  • Transactional emails:account creation, password reset, billing receipts, and plan change notifications; we do not send marketing emails without your explicit consent

Third-Party Services

SheetZapi uses the following third-party services to operate:

  • Supabase:authentication, database storage for account data, API keys (hashed), and sheet metadata
  • Stripe:subscription billing and payment processing; Stripe handles all card data under their own PCI-compliant infrastructure
  • Vercel:application hosting and content delivery network (CDN)

Each of these providers has their own privacy policies governing their handling of data.

Data Retention

  • API request logs are retained for 90 days, after which they are automatically purged
  • Account data (profile, API keys, sheet metadata) is deleted within 30 days of account cancellation upon request
  • Billing records may be retained longer as required by applicable law or Stripe’s policies

Your Rights

You have the right to access, correct, or delete the personal data we hold about you. To exercise these rights, email [email protected] with your request. We will respond within 30 days.

You can revoke SheetZapi’s access to your Google account at any time via your Google Account permissions.

Cookies

SheetZapi uses session cookies solely for authentication purposes (to keep you logged in to the dashboard). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

Children

SheetZapi is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

Contact

For privacy-related questions or requests, contact us at [email protected].