Short version. Sheetrev runs inside your Google account. Your Stripe data is read by code executing in your own Google Sheet and written into cells in that Sheet. It does not pass through our servers, and we do not store it.
1. What We Collect
We collect the minimum needed to verify your subscription and contact you about the service:
- Email address provided when you subscribe via Stripe Checkout.
- Stripe customer ID and subscription status received from Stripe to tell the add-on whether your plan is active.
- Operational logs standard server logs (IP, user-agent, timestamp) handled by our hosting provider Vercel and retained according to Vercel's default log retention (typically 1 hour to 1 day on standard plans). We do not maintain a separate long-term log archive.
2. What We Do Not Collect
- We do not store your Stripe API key. It is saved in your Google user properties and read only by the add-on.
- We do not store the Stripe objects synced into your Sheet (customers, subscriptions, invoices, charges, payment intents).
- We do not store the contents of your Google Sheet.
- We do not use your data to train any model.
3. Google OAuth Scopes
Sheetrev requests only non-sensitive scopes:
script.container.uishow the sidebar inside the active Sheet.spreadsheets.currentonlyread and write the currently open Sheet only.script.external_requestcall the Stripe API and our license endpoint.script.scriptappinstall daily and weekly time-driven triggers.script.send_mailsend the optional weekly digest email and failure notifications to you.userinfo.emailaddress outbound emails to you and match your license to your email.
4. Where Data Lives
- Google Sheets your synced Stripe data and add-on preferences.
- Stripe the source of your subscription and billing data.
- Our backend (Vercel) only your email, Stripe customer ID, and subscription status, used for license verification.
5. Sharing, Transfer, And Disclosure Of Google User Data
We do not sell, rent, or share your Google user data with any third party for advertising, marketing, or analytics purposes. The only third parties that ever receive any data, and only the minimum needed to operate the service, are:
- Google LLC the add-on runs inside your Google Workspace account. Google receives the OAuth scopes listed above so the add-on can run inside your Sheet, send the optional digest emails, and identify you by your email address. Subject to Google's Privacy Policy.
- Stripe, Inc. we send your email address to Stripe to create your subscription via Stripe Checkout, and we read back your Stripe customer ID and subscription status to verify your license. Subject to Stripe's Privacy Policy.
- Vercel Inc. hosts our license-check endpoint and our public website. Standard server logs (IP, user-agent, timestamp) transit Vercel infrastructure. Subject to Vercel's Privacy Policy.
We do not use analytics providers, trackers, advertising networks, or AI/ML training pipelines. Google user data obtained via OAuth scopes is never used to develop, improve, or train any generalised or non-personalised AI or ML model. We may disclose data only when required by valid legal process (court order, subpoena) and we will notify you where lawfully permitted.
6. Data Protection And Security
We follow these mechanisms to protect Google user data and any sensitive data the service touches:
- Encryption in transit all communication between the add-on, our backend, Stripe, and your browser uses TLS 1.2+ (HTTPS). The add-on never makes plaintext HTTP requests.
- Encryption at rest the limited data we retain (your email, Stripe customer ID, subscription status) is stored on Vercel/Google-managed infrastructure with disk-level AES-256 encryption at rest.
- Stripe API key handling your Stripe restricted key is stored only in your own Google
UserProperties, scoped to your account, encrypted by Google. It is never transmitted to, logged by, or stored on our servers. - Least-privilege OAuth scopes we request the narrowest scopes that make the product work (e.g.
spreadsheets.currentonlyrather than full Drive access) so the add-on can only ever read or write the specific Sheet you have open. - Data minimisation Stripe objects synced into your Sheet are written directly from your Google account to your Sheet; they never transit or persist on our servers.
- Access controls only the developer (the email listed in section 8) has access to the production Vercel project, the GCP project, and the Stripe account. Access is protected by 2-factor authentication.
- Log retention we do not maintain a long-term log archive. Operational logs are handled by Vercel under their default short retention (typically 1 hour to 1 day on standard plans), then automatically purged.
- Incident response if we discover a breach affecting your data, we will notify affected users by email within 72 hours of discovery.
7. Your Rights
You can uninstall the add-on at any time from your Google account, cancel your subscription from any Stripe receipt, and request deletion of your email and subscription record from our records by emailing us.
8. Contact
Questions, deletion requests, or security reports: in.time.paid@gmail.com.
9. Changes
We will update the "last updated" date above when this policy changes. Material changes will be announced in the add-on sidebar.