Privacy Policy

Last updated: June 2026

1. Introduction

SheetDrops ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Irish and EU data protection laws.

SheetDrops is operated from Cork, Ireland.

2. Data Controller

The data controller responsible for your personal data is SheetDrops. For any data protection queries, contact us at support@sheetdrops.com.

3. What Data We Collect

When you use SheetDrops, we collect and process the following data:

• Account data: Your name, email address, and profile picture, obtained from Google when you sign in via Google OAuth. We do not collect or store your Google password.
• Connection data: The Google Sheet IDs you connect, tab names, layout preferences, and embed configurations you create.
• Usage data: API request counts per connection, aggregated monthly, used to enforce plan limits.
• Technical data: IP addresses for rate limiting purposes (stored temporarily in cache, not persisted). Browser User-Agent strings for security filtering.

We do not store the contents of your Google Sheets. Sheet data is fetched on demand, cached temporarily (up to 5 minutes) for performance, and served to the requesting website. Cached data is automatically deleted when the cache expires.

4. Legal Basis for Processing

We process your personal data on the following legal bases under GDPR Article 6:

• Contract (Art. 6(1)(b)): Processing your account and connection data is necessary to provide the Service you signed up for.
• Legitimate interest (Art. 6(1)(f)): Processing IP addresses and User-Agent data for security, rate limiting, and abuse prevention.
• Consent (Art. 6(1)(a)): Where required, we will obtain your explicit consent before processing data for purposes not covered above.

5. How We Use Your Data

We use your data to:

• Provide, maintain, and improve the Service
• Authenticate your identity and manage your account
• Enforce plan limits and track usage
• Protect against abuse, fraud, and security threats
• Communicate with you about your account or Service changes

We do not sell your personal data. We do not use your data for advertising or profiling.

6. Data Storage and Security

Your data is stored on Cloudflare's infrastructure, which operates data centres globally including within the EU. Cloudflare acts as a data processor on our behalf. We use encryption in transit (HTTPS/TLS) for all data transfers.

Google Sheet data is accessed via Google's API using a service account with read-only permissions. We cannot modify your Google Sheets data.

7. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law. Usage logs are retained for billing purposes and deleted after 12 months. Cached sheet data is automatically deleted after 5 minutes.

8. Third-Party Processors

We use the following third-party services to operate SheetDrops:

• Cloudflare: Hosting, CDN, database, and caching (data processor)
• Google: Authentication via Google OAuth and Google Sheets API access
• Stripe: Payment processing for paid subscriptions (when applicable)

Each processor is bound by their own privacy policies and data processing agreements. We only share the minimum data necessary for each service to function.

9. International Data Transfers

Cloudflare may process data outside the EEA. Cloudflare participates in the EU-US Data Privacy Framework and implements Standard Contractual Clauses (SCCs) to ensure adequate data protection for international transfers.

10. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your personal data ("right to be forgotten")
• Right to restrict processing: Request limitation of how we process your data
• Right to data portability: Request your data in a machine-readable format
• Right to object: Object to processing based on legitimate interest
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at support@sheetdrops.com. We will respond within 30 days.

11. Cookies

SheetDrops uses a single essential cookie (sheetdrop_session) to maintain your login session. This cookie is strictly necessary for the Service to function and does not require consent under GDPR. We do not use tracking cookies, analytics cookies, or any third-party cookies.

12. Children's Privacy

SheetDrops is not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

14. Complaints

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Irish Data Protection Commission (DPC) at www.dataprotection.ie.

15. Contact

For any privacy-related questions or requests, contact us at support@sheetdrops.com.