1. Scope
This Privacy Policy covers how we handle information when you access or use our website, APIs, and related services (the “Service”). It doesn’t cover third parties we don’t control.
2. Information You Provide
- Account data: name, email, password (hashed), company, role.
- Content you connect or upload: spreadsheet metadata, column names, and (if you store files with us) the file contents.
- Support communications: emails, tickets, chat messages, and scheduling details.
- Billing: plan, invoices, and payment tokens processed via PCI-compliant providers.
Legacy note you provided: historically we limited file artifacts kept during certain processing flows (e.g., uploads) to short windows. Today, if you explicitly store spreadsheets or create managed projects in API Spreadsheets, those assets persist until you delete them. Transient artifacts used only to complete an operation are removed promptly (see “Data Retention & Deletion”).
3. Information Collected Automatically
When you use the Service, we automatically log IP address, device/browser type, timestamps, API routes, response codes, and similar diagnostics. We use this for reliability, security, abuse prevention, and product analytics. We analyze these logs in aggregate and do not attempt to identify you from them except as required for security or legal purposes.
4. Integrations (Google Drive, Dropbox, etc.)
- No file copy by default: connecting Google Drive or Dropbox does not cause us to download or store your files. We store only the OAuth tokens required to read/write at your direction.
- Revocation: if you revoke our access in Google/Dropbox, their platform invalidates our token; we also remove any stored tokens on our side.
- Your direction: if you ask us to import/replicate a file into API Spreadsheets, we will store the managed copy until you delete it.
5. How We Use Information
- Provide, operate, and improve the Service (including reliability, security, and support).
- Process your API requests (e.g., CRUD, imports, calculations, AI prompts you initiate).
- Communicate about updates, billing, incidents, and support tickets.
- Detect, prevent, and investigate fraud, abuse, or violations of our Terms.
- Comply with legal obligations.
6. Analytics (Google Analytics, FullStory)
We use Google Analytics and FullStory to understand feature usage and improve UX. These tools may set cookies or collect device and usage information. You can learn more or opt-out via their documentation and your browser settings. We use analytics in aggregate; we don’t sell personal data.
7. Cookies & Similar Technologies
We use necessary cookies (e.g., session) and analytics cookies. You can control cookies in your browser, but some features may not work without required cookies.
8. Data Retention & Deletion
- Managed data: spreadsheets and projects you intentionally store with us persist until you delete them.
- Transient artifacts: temporary files created solely to complete operations (e.g., an import transform) are deleted promptly after completion.
- User-initiated deletion: when you delete a file/project/integration, we delete associated instances/tokens from our systems (subject to backup cycles and legal holds).
- Backups & logs: backups and logs roll on schedules and are purged automatically after limited retention windows unless required for security, billing, or legal compliance.
9. Sharing & Disclosures
- We don’t sell your data.
- Vendors: we use reputable service providers (hosting, email, payments, analytics, support) bound by confidentiality and data-protection obligations.
- At your direction: exporting/syncing to destinations you choose (e.g., Sheets, warehouses, CRMs).
- Aggregated statistics: we may share anonymized, aggregated usage trends that do not identify individuals or your content.
- Legal: we may disclose information if required by law or to protect rights, safety, and security.
10. Security
- Encryption in transit (HTTPS/SSL) and at rest for managed data.
- Least-privilege access controls; production access limited to authorized personnel.
- Encryption key access restricted to a single designated security administrator.
- Monitoring, audit logs, and periodic reviews of controls.
11. Your Rights
Depending on your region, you may have rights to access, correct, delete, or export your personal data, and to object or restrict certain processing. To exercise rights, contact support@apispreadsheets.com. We may verify your request and, where required, respond within applicable timelines.
12. Children’s Privacy
We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us and we will delete it promptly.
13. Changes to This Policy
We may update this Policy to reflect improvements or legal requirements. We’ll post updates here and adjust the “Last updated” date. Material changes may also be announced via in-app notice or email.
14. Contact Us
Questions or concerns? Email support@apispreadsheets.com or visit our Contact page.