Privacy Policy

Effective date: 19 August 2025

This Privacy Policy explains how [Company legal name] (“SheetPilot”, “we”, “us”) collects and processes personal data in connection with our website sheetpilot.app, the admin portal, client-branded portals at yourbrand.sheetpilot.app, and the SheetPilot shift-planning product that syncs to Google Sheets.

Who we are & how to contact us

• Controller: [Company legal name], [postal address], [country].
• Email: privacy@sheetpilot.app (or your usual account contact)
• EU representative / DPO (if applicable): [Name / Contact]

Our roles

We act as controller for personal data about site visitors, prospective customers, and account admins. For personal data our customers load into SheetPilot (e.g., employee names, contact details, shifts) we act as a processor on behalf of the customer. A Data Processing Addendum (DPA) is available for customers.

What we collect

1) Website & admin accounts

• Identification: name, email, company, role.
• Account & auth: password hash or SSO identifier, login timestamps, reset tokens, email/SMS one-time codes.
• Usage & device: IP address, user agent, activity logs (e.g., portal creation, settings updates), crash reports.
• Billing: plan selections, invoices, VAT/tax IDs, partial Stripe identifiers (we do not store full card numbers).

2) Client-branded portals & planners (end users / employees)

• Profile: name, email, optional mobile/WhatsApp number.
• Shift data: dates, times, roles/locations, notes; planner actions.
• Reminder preferences: channel opt-in/out (email/SMS/WhatsApp), reminder timing.
• Messaging metadata (via Twilio): to/from identifiers, message SID, timestamps, delivery status, and error codes.
• Portal context: client subdomain, brand settings, location/sheet identifiers.

3) Data sources

• You provide data directly through our UI and APIs.
• We receive data from connected services you select, notably Google Sheets (via Google Apps Script) and webhooks you configure.
• Payments are handled by Stripe; we receive limited payment metadata (e.g., last4 token, transaction ID, status).

Why we use your data (and legal bases)

• Provide the service (set up portals, write shifts to Google Sheets, send reminders, handle authentication). Legal basis: Contract.
• Billing & accounting (collect payments, issue invoices, tax compliance). Legal basis: Contract; Legal obligation.
• Security & abuse prevention (login monitoring, audit logs, rate limiting, incident response). Legal basis: Legitimate interests; Legal obligation.
• Product improvement & support (fix bugs, respond to requests, usage analytics with minimal identifiers). Legal basis: Legitimate interests.
• Marketing communications to admins who opt-in; you can unsubscribe anytime. Legal basis: Consent / Legitimate interests (B2B, where allowed).

Payments

Payments are processed by Stripe. Stripe is a separate controller for card data. We never store full card numbers or CVCs. Transaction metadata (amount, currency, status, last4 token, customer ID) may be stored in our systems for billing and reconciliation.

Reminders (Email/SMS/WhatsApp)

• Reminder messages are sent according to each client’s configuration and employee opt-in status.
• We use Twilio to deliver SMS and WhatsApp messages. For this purpose we process phone numbers and message metadata (to/from identifiers, message SID, timestamps, delivery status, and error codes). Message content is limited to shift reminders, login/auth codes, and related operational notices.
• Twilio acts as our processor. Depending on your location and Twilio’s infrastructure, this processing may occur outside the EEA. Where applicable, transfers are protected by the EU Standard Contractual Clauses (SCCs).
• You can opt out of reminders at any time via your portal settings or by contacting your administrator.

Where data lives & international transfers

We host the website on Netlify and application data with Supabase. We also use Google Apps Script and Google Sheets for the product, and Twilio for SMS/WhatsApp delivery. Depending on the regions you select and the providers’ infrastructure, data may be processed in the EEA or transferred internationally (e.g., to the United States). Where transfers occur, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) and supplementary measures.

How long we keep data

• Account/admin records: for the life of the account and 24 months after closure (for support and audit), unless law requires longer.
• Operational logs & auth tokens: typically 12 months.
• Billing/financial records: 7 years (tax law).
• Customer data (employee/shift data): retained per the customer’s settings and our DPA; we delete/return data at contract end or upon instruction, subject to legal holds.

Sharing & processors

We do not sell personal data. We share it only with:

• Netlify – hosting and edge delivery.
• Supabase – database, authentication, storage.
• Google – Google Apps Script & Google Sheets (under your Google Workspace/Google account connections).
• Stripe – payments processing and invoicing.
• Email provider – transactional email delivery.
• Twilio (Twilio Inc./Twilio Ireland Limited) – SMS/WhatsApp delivery and status webhooks.
• Support & monitoring tools (as needed) – error reporting, uptime, ticketing.

All vendors are bound by contracts and process data only under our instructions where acting as processors.

Cookies & similar tech

We use essential cookies/Local Storage for authentication and session continuity. If you use Stripe Checkout or certain messaging/analytics features, those providers may set their own cookies or local storage. You can control non-essential cookies where offered; essential cookies are required for the service to function.

Your rights (EEA/UK and similar regimes)

You can request to access, correct, erase, or export (port) your data, or object/restrict certain processing. Where we process data as a processor for your employer/customer, please contact them first; we will support their request. You also have the right to lodge a complaint with your local data protection authority.

Security

We protect data in transit using TLS and apply access controls, least-privilege principles, encryption at rest where supported, audit logging, and routine backups. We regularly review vendors and restrict production access to authorized personnel.

Children

SheetPilot is not directed to children under 16. Do not submit children’s data unless your use case and local law permit it and we have agreed appropriate safeguards in writing.

Changes

We may update this policy from time to time. We will post the new version here and update the effective date. For material changes, we will notify account admins via email or in-app notice.

Contact

For privacy questions or requests: privacy@sheetpilot.app. Postal address: [Company legal name], [postal address], [country].

Annex: Sub-processors (summary)

• Netlify, Inc. – hosting & edge delivery
• Supabase – database/auth/storage
• Google LLC/Google Ireland – Google Apps Script & Google Sheets (as you authorize)
• Stripe, Inc./Stripe Payments Europe – payments processing
• Twilio Inc./Twilio Ireland Limited – SMS/WhatsApp delivery & status webhooks
• Email service provider – transactional email

For a signed DPA or list of current sub-processors with regions, contact privacy@sheetpilot.app.