Welcome to Sheetminer Limited. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we handle your information when you use our Google Sheets-based extraction tools.
1. About Us
Sheetminer Limited is a company registered in Ireland (Company No: 804493). We operate as a Data Controller under the General Data Protection Regulation (GDPR).
Contact Email: support@Sheetminer.com
Privacy Contact (EU): support@Sheetminer.com
Data Protection Officer (DPO): We do not currently appoint a DPO because we are not required to do so under GDPR. You can contact our privacy team at the email above.
Registered Address: Red Bog Road, Dunshaughlin, Co. Meath, Ireland
2. Information We Collect
To provide our document extraction services, we collect the following:
- Account Data: Name, email address, and Google profile information provided during sign-in.
- Document Metadata: File names, sizes, and timestamps of documents you select for processing.
- Cryptographic Hashes: We generate and store unique cryptographic hashes of processed documents in Google Cloud Platform (GCP). These hashes are non-reversible "fingerprints" used for audit trails; they cannot be used to recreate the original document.
- Usage Data: We use PostHog to track how you interact with the Sheetminer add-on (e.g., feature usage, extraction frequency) to improve our service.
- Billing Data (if you subscribe): Billing and contact details, subscription status, and payment-related metadata processed via our payment provider.
- Third-Party Data in Documents: If you upload or select documents containing personal data about other individuals (e.g., customers, suppliers, employees), you are responsible for ensuring you have a lawful basis to share that data with us and for providing any required notices.
- Communications: We may send you transactional emails (such as a welcome email when you sign up, or service-related notifications) using your name and email address. These emails are sent via our email delivery provider (Resend).
Providing your Google account information is necessary to use the Service. If you do not provide this data, we cannot provide the Service to you. Providing billing data is necessary only if you subscribe to a paid plan.
3. How We Process Your Documents
Sheetminer integrates with your Google Workspace and Google Drive.
- Access: We access only the files you explicitly select or authorize.
- Processing: Documents may be temporarily processed using Microsoft Azure AI services to perform data extraction (OCR and parsing).
- Storage: All application data, metadata, and hashes are stored securely on Google Cloud Platform (GCP).
- Retention: Once extraction is complete, the temporary copy of the document content used for processing is deleted. We retain only the extraction results (sent to your Sheet), metadata, and the cryptographic hash for your audit and verification purposes.
4. Lawful Basis for Processing
Under GDPR, we process your data based on:
- Contractual Necessity: To provide the service you have signed up for.
- Legitimate Interests: To keep the Service secure and reliable (e.g., preventing fraud and abuse), and to understand how features are used so we can improve performance and usability. Where we rely on legitimate interests, we consider the impact on your privacy and use reasonable safeguards (such as minimizing data and using pseudonymous identifiers). You may object to processing based on legitimate interests at any time (see Section 7).
- Legal Obligation: Where we are required to maintain records for tax or regulatory purposes.
5. Data Retention
We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law (for example, tax or accounting obligations).
- Document Content (Temporary): Deleted once processing is complete.
- Document Metadata and Hashes: Retained while your account is active and for up to 24 months after account inactivity or termination, unless you request deletion sooner (subject to legal obligations and backup retention).
- Account Data: Retained while your account is active and for up to 24 months after inactivity, unless you request deletion sooner.
- Usage Analytics (PostHog): Retained for up to 24 months, unless we need to retain it longer for security investigations or to comply with legal obligations.
- Billing and Transaction Records: Retained for as long as required by applicable tax and accounting laws (typically up to 6–7 years).
- Backups and Logs: Copies may persist for a limited period in backups and logs for security and disaster recovery, and are deleted in the ordinary course.
6. Third-Party Processors and International Transfers
We share data with trusted sub-processors only as necessary:
| Processor | Purpose | Data Category |
| Google Cloud (GCP) | Hosting and secure data storage | Account Data, Metadata, Hashes |
| Microsoft Azure | AI-powered extraction and OCR | Document Content (Temporary) |
| PostHog | Product usage analytics | Pseudonymized Usage Events |
| Stripe / Payment Provider | Subscription billing | Billing and Contact Info |
| Firebase (Google) | User authentication | Account Data (email, user ID) |
| Resend | Transactional email delivery | Name, Email Address |
Our systems (and the personal data we process for the Service) are hosted and processed in the European Union / European Economic Area (EEA). We do not intend to transfer your personal data outside the EEA for the provision of the Service.
Where possible, we configure our processors to use EU/EEA regions and storage locations for Service data.
If an international transfer outside the EEA is ever required (for example, due to a change in a provider's infrastructure, legal requirements, or support operations), we will ensure appropriate safeguards are in place such as: (a) adequacy decisions where available; (b) the European Commission's Standard Contractual Clauses (SCCs); and/or (c) other lawful transfer mechanisms with supplemental security measures where appropriate.
7. Your Rights (GDPR)
If you are in the EEA/UK (or where GDPR applies), you have rights that may include access, rectification, erasure, restriction, portability, and the right to object (including to processing based on legitimate interests). You can exercise these rights by contacting us at support@sheetminer.app.
You also have the right to lodge a complaint with a supervisory authority. In Ireland, the supervisory authority is the Data Protection Commission (DPC): dataprotection.ie.
8. Children's Data
The Service is not intended for children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us and we will take steps to delete it.
9. Automated Decision-Making
We use automation (including AI) to help extract information from Documents. We do not use the Service to make automated decisions that produce legal effects or similarly significant effects about you within the meaning of GDPR Article 22.
10. Supplemental Notice to California Residents (CCPA/CPRA)
This section applies solely to residents of the State of California.
A. Categories of Personal Information Collected
In the preceding 12 months, we have collected the following categories of personal information:
- Identifiers: Name, email address, unique online identifiers (via Google Sign-In and PostHog), and technical identifiers such as document hashes used for audit trails.
- Commercial Information: Subscription records and payment metadata.
- Internet or Other Electronic Network Activity: Interaction logs, feature usage, and browser/device information collected via PostHog.
- Professional or Employment-Related Information: If provided in your Google Profile or within the documents (e.g., invoices) you process.
B. Our Use of This Information
We use these categories for the business purposes described in Section 4, including providing the service, maintaining security, and product analytics.
C. No Sale or Sharing of Personal Information
- No Sale: Sheetminer Limited does not sell your personal information for monetary or other valuable consideration.
- No Sharing for Cross-Contextual Behavioral Advertising: We do not "share" your personal information with third parties for the purpose of cross-contextual behavioral advertising.
D. Your California Privacy Rights
- Right to Know: You may request a list of the personal information we have collected about you and the identities of third parties to whom we disclosed it.
- Right to Delete: You may request that we delete personal information we have collected from you.
- Right to Correct: You may request that we correct inaccurate personal information.
- Right to Non-Discrimination: We will not discriminate against you (e.g., by charging different prices) for exercising your privacy rights.
E. Exercising Your Rights
To exercise your rights under the CCPA/CPRA, please email us at support@sheetminer.app with the subject line "California Privacy Request."
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. If we make material changes, we will provide reasonable notice (for example, by posting the updated policy on our website and updating the "Last Updated" date above, or by notifying you by email where appropriate).
We encourage you to review this policy periodically. Your continued use of the Service after the updated policy takes effect constitutes acceptance of the changes.