Privacy Policy for Advanced Spreadsheets Processor API.

This Privacy Policy explains how APPS4GS ltd. ("we", "us") collects, uses, and protects personal data when you use Advanced Spreadsheets Processor for Google Workspace (the "Service"), a SaaS platform that processes spreadsheets on your Google Drive based on parameters you provide via our API.

If anything in this policy conflicts with mandatory local law, the law prevails.

At a glance

The Service performs spreadsheet operations such as merge, combine, compare, filter, sort, and export/import.
You connect your Google account via Google OAuth.
We access only the files involved in the task you request (or a scheduled task you configured).
We do not store spreadsheet contents and do not sell or share spreadsheet contents.
We store only what is needed to run the Service, such as your email (subscription/account) and OAuth tokens (to access your files when you request a job).

1. Who we are

Controller: APPS4GS ltd., Gagaring str. 55, Gomel, Belarus
Contact: support@apps4gs.com
Website: appscript.pro

If you use the Service on behalf of an organization, that organization may be the controller for some processing, and we may act as a processor for the organization. See Section 12.

2. What the Service does

The Service automates spreadsheet operations such as merge, combine, compare, filter, sort, and export/import.

To do this, you authorize access to specific Google Drive files using Google OAuth. The Service processes only the files involved in your requested task and either updates an existing spreadsheet or creates a new spreadsheet in your Google Drive.

3. Data we collect

We aim to collect the minimum data necessary to operate the Service.

3.1 Account and subscription data

We collect and store:

Email address (used to create or identify your account and check subscription status)
Subscription metadata (for example plan name, status, renewal dates, and transaction identifiers)

We do not require you to provide sensitive personal data.

3.2 Google OAuth data (tokens)

When you connect Google Drive/Google Sheets:

We receive OAuth refresh tokens and store them to keep your connection active and to execute tasks you request.
We store tokens in Google Cloud Secret Manager ("GCP Secrets").
You can revoke tokens at any time from your Google Account settings.

3.3 Task configuration data (minimal)

When you submit a task via our API, we process the parameters you provide (for example operation type, options, and file identifiers).

If you enable scheduled tasks, we store the minimum configuration needed to run them, such as:

File identifiers
Task parameters
Schedule

3.4 Operational logs

We maintain limited logs for reliability, security, and debugging. Logs may include:

Request metadata (timestamps, status codes)
Technical identifiers (IP address, user agent)
Internal identifiers needed to trace a job

We do not store spreadsheet contents in logs.
Retention: 365 days, unless a longer retention is required for security or legal reasons.

4. Data we do not collect or store

We do not:

Store the contents of your spreadsheets (cell values, formulas, tabs, or attachments) as a database of user data
Sell your data
Use Google user data for advertising, profiling, or building marketing audiences

During processing, spreadsheet contents may be handled transiently in memory to perform the operation you requested. We do not persist that content after the job completes, except to the extent it is written back to the target spreadsheet(s) on your Google Drive as part of the task.

5. How we use personal data

We use the data described above to:

Provide the Service and execute your API requests
Authenticate you and maintain your connection to Google services
Check subscription status and provide support
Prevent abuse, secure the platform, and troubleshoot failures
Comply with legal obligations

6. Legal bases (EEA/UK)

Where the GDPR or UK GDPR applies, we rely on:

Performance of a contract (to deliver the Service you request)
Legitimate interests (to secure, maintain, and improve reliability of the Service)
Consent (where required, for example when you connect your Google account through OAuth or for optional cookies)
Legal obligation (where applicable)

7. Google Drive and Google Sheets access

7.1 Your intention and scope limitation

We access your Google Drive/Sheets only:

When you explicitly trigger a task via the API, or
When a scheduled task you configured runs

We do not access files unrelated to the task.

7.2 Least privilege

We request OAuth scopes that are necessary for the Service to function. We do not request broader access than needed.

7.3 Limited Use requirements

Our use of information received from Google APIs is limited to providing or improving user-facing features of the Service. We do not use or transfer Google user data for advertising.

8. Sharing and disclosure

We do not share your spreadsheet contents with third parties.

We may share limited personal data with:

Infrastructure providers (for example Google Cloud Platform) to host and run the Service
Payment processor: PayPro Global (to process payments and manage subscription transactions; we do not store full payment card details)
Professional advisors (legal, accounting) when needed
Authorities when required by law

We require service providers to protect data and use it only to provide services to us.

9. International data transfers

We use Google Cloud Platform ("GCP") to process requests in EU and US regions.
If your personal data is transferred outside the EEA/UK, we use appropriate safeguards (such as Standard Contractual Clauses) where required.

10. Security

We use administrative, technical, and organizational measures designed to protect personal data, including:

TLS/HTTPS encryption in transit
Access controls and least-privilege principles
Encryption at rest for stored sensitive data (such as OAuth tokens and scheduled task configuration stored in Google Cloud Secret Manager)
Monitoring and incident response procedures

No method of transmission or storage is 100% secure, but we work to protect your data using industry-standard practices.

11. Data retention

We retain personal data only for as long as necessary:

Email and subscription data: while your account is active and as required for legal or accounting purposes
OAuth tokens: until you disconnect Google Drive/Sheets, revoke access, or delete your account
Scheduled task configuration: while scheduled tasks are enabled
Operational logs: 365 days, unless a longer retention is required for security or legal reasons

You can request deletion of your account data at any time (see Section 13).

12. If you use the Service for your organization (Processor terms)

If you use the Service to process data on behalf of an organization, we may act as a processor and the organization acts as the controller. We can provide a Data Processing Agreement (DPA) on request.

13. Your rights

Depending on your location and applicable law, you may have rights to:

Access, correct, or delete your personal data
Object to or restrict processing
Data portability
Withdraw consent (where processing is based on consent)
Lodge a complaint with a supervisory authority

To exercise rights, contact us at support@apps4gs.com.

14. Cookies and tracking technologies

The Service is provided primarily via API. We do not use cookies or similar tracking technologies in connection with API requests.
If we offer a web dashboard or website features in the future that use cookies or similar technologies, we will update this section accordingly.

15. Children's privacy

The Service is not directed to children under 13 (or another age required by local law). We do not knowingly collect personal data from children.

16. Changes to this policy

We may update this policy from time to time. We will post the updated version on our website and update the effective date.

Privacy Policy for Advanced Spreadsheets Processor for Google Workspace