Privacy Policy

1. Information We Collect

1.1 Information You Provide

Account information: Name, email address, password (hashed), and profile photo when you sign up
Payment information: Billing details processed by our payment processor (Stripe); we do not store card numbers
Uploaded files: Excel (.xlsx) and CSV files you choose to upload for analysis
Chat messages: Questions and conversation history within the AI chat interface
Support communications: Emails and messages you send to our support team

1.2 Information Collected Automatically

Usage data: Features used, files uploaded, reports generated, pages viewed
Device information: Browser type, operating system, IP address, device type
Log data: Access times, error logs, and performance metrics
Cookies: Session tokens and preference cookies (see Section 6)

2. How We Use Your Information

Purpose	Legal Basis	Data Used
Provide the Service (authentication, file storage, analysis)	Contract performance	Account info, uploaded files
Generate AI insights and chat responses	Contract performance	Anonymized metrics only
Process payments and manage subscriptions	Contract performance	Billing information
Send service notifications and updates	Legitimate interest / consent	Email address
Improve and develop the Service	Legitimate interest	Usage data (anonymized)
Comply with legal obligations	Legal obligation	As required by law
Fraud prevention and security	Legitimate interest	IP, device data, logs

We do not use your data for advertising, do not build profiles for ad targeting, and do not sell your personal information to any third parties.

3. Data Sharing & Third Parties

We share your information only with the following categories of third parties, and only as necessary:

Firebase (Google): Authentication, database storage (Firestore), and file storage (Firebase Storage). Data processed under Google's data processing agreements.
OpenAI: AI analysis. We send ONLY anonymized metric summaries — never your raw spreadsheet data. See Section 4 for details.
Stripe: Payment processing. We never store payment card details ourselves.
Cloudflare: API infrastructure and security (DDoS protection, Workers). No user data is stored.

We may also share information: (a) with your explicit consent; (b) to comply with legal obligations; (c) to protect our rights or users' safety; or (d) in connection with a merger or acquisition (with advance notice to users).

We never sell your personal data.

4. AI & OpenAI Processing

      Important: We take a privacy-first approach to AI. Your raw spreadsheet data NEVER leaves our servers. Only calculated summary metrics are sent to OpenAI.
    

When you analyze a file, our system:

Parses your file locally on our servers
Calculates aggregate metrics (total revenue, order counts, growth rates, etc.)
Sends ONLY the calculated metrics summary to OpenAI — example: {"totalRevenue": 25000, "growth": -12, "topProducts": ["Product A"]}
Receives AI-generated insights based on these metrics

OpenAI processes data in accordance with their Privacy Policy. We use OpenAI's API with data usage restrictions that prevent your data from being used to train their models.

5. Data Storage & Security

We implement industry-standard security measures including:

AES-256 encryption for files at rest in Firebase Storage
TLS/HTTPS encryption for all data in transit
Firebase Authentication with industry-standard password hashing
User-isolated data: each user can only access their own files
API rate limiting via Cloudflare Workers to prevent abuse
Regular security audits and vulnerability assessments

While we implement strong security measures, no system is completely secure. We encourage you to use a strong, unique password and enable two-factor authentication where available.

Your data is stored in Google Cloud infrastructure (Firebase) in the United States. Enterprise customers may request data residency in other regions.

6. Cookies & Tracking Technologies

6.1 Essential Cookies

We use essential cookies that are necessary for the Service to function. These include session authentication tokens and security cookies. These cannot be disabled.

6.2 Analytics Cookies

With your consent, we use privacy-respecting analytics to understand how users interact with our Service. We do not use Google Analytics or invasive tracking. Analytics data is aggregated and anonymized.

6.3 Your Cookie Choices

You can control non-essential cookies through your browser settings. Note that disabling cookies may affect some features of the Service.

7. Your Rights & Choices

Depending on your location, you have the following rights regarding your personal data:

🔍 Right to Access

Request a copy of your personal data we hold about you.

✏️ Right to Rectification

Request correction of inaccurate personal data.

🗑️ Right to Erasure

Request deletion of your personal data ("right to be forgotten").

📦 Right to Portability

Receive your data in a portable, machine-readable format.

⏸️ Right to Restrict

Request restriction of processing your personal data.

🚫 Right to Object

Object to processing based on legitimate interests.

To exercise these rights, contact us at soolo1studio2@gmail.com. We will respond within 30 days. You may also delete your account and all associated data directly from your account settings.

8. Data Retention

We retain your data for the following periods:

Account data: Until account deletion, plus 30 days for backup purposes
Uploaded files: Until you delete them or your account
Chat history: Until you delete it or your account
Payment records: 7 years (required by tax law)
Security logs: 90 days for security monitoring purposes
Anonymized analytics: Up to 2 years for service improvement

You can delete your files, chat history, and account data at any time from within the dashboard. Account deletion will remove all personal data within 30 days.

9. Children's Privacy

SheetMind AI is a business tool intended for users 18 years and older. We do not knowingly collect personal information from children under 18. If we discover we have collected data from a minor, we will delete it immediately. If you believe we have inadvertently collected such information, please contact us at soolo1studio2@gmail.com.

10. International Data Transfers

SheetMind AI is operated from the United States. If you are located outside the US, your data will be transferred to and processed in the US. We ensure appropriate safeguards are in place for such transfers, including:

Standard Contractual Clauses (SCCs) for EU/EEA data transfers
Data Processing Agreements with all third-party processors
Compliance with applicable data transfer mechanisms

11. GDPR & CCPA Rights

11.1 GDPR (EU/EEA Users)

If you are in the European Economic Area, our legal bases for processing your data are: contract performance (providing the Service), legitimate interests (security, fraud prevention, product improvement), and your consent (where required). You have all rights described in Section 7 under GDPR. To exercise them, contact soolo1studio2@gmail.com. You also have the right to lodge a complaint with your local supervisory authority.

11.2 CCPA (California Residents)

If you are a California resident, you have the right to: (a) know what personal information is collected about you; (b) know whether personal information is sold or disclosed; (c) opt-out of the sale of personal information (we don't sell it); (d) equal service and price. We do not discriminate against users who exercise CCPA rights.

12. Contact Us

For privacy-related questions, requests, or concerns:

      Privacy Officer — SheetMind AI

      Email: soolo1studio2@gmail.com

      General: soolo1studio2@gmail.com

      Response time: Within 30 days for formal requests, 24 hours for general inquiries.

      We are happy to answer any questions about how we handle your data. Don't hesitate to reach out.

If you are not satisfied with our response, you have the right to complain to the relevant data protection authority in your jurisdiction.

Table of Contents