← Back to Sheetflow

Privacy Policy

Last updated: January 8, 2025

1. Introduction

This Privacy Policy explains how Sheetflow ("we," "us," or "our"), operated by JP Peters, based in Berlin, Germany, collects, uses, stores, and protects personal data when you use our service.

Sheetflow is a SaaS application that connects Google Sheets to Webflow CMS collections, enabling automated data synchronization, field mapping, and scheduled syncing.

This policy applies to:

  • Customers: Individuals or businesses who create a Sheetflow account and use our service to sync data between Google Sheets and Webflow CMS

By using Sheetflow, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our service.

The data controller for Sheetflow is:

JP Peters
Berlin, Germany
Email: admin@sheetflow.co

For any privacy-related questions or requests, please contact us at admin@sheetflow.co.

3. Information We Collect

3.1 Customer Account Data

When you create a Sheetflow account, we collect:

  • Email address
  • Name (if provided)
  • Google account information (via OAuth)
  • Webflow account information (via OAuth)
  • Google Sheets identifiers and access tokens (encrypted)
  • Webflow site identifiers and access tokens (encrypted)

3.2 Billing Data

We use Stripe as our payment processor. Stripe collects and processes:

  • Payment method details
  • Billing address
  • Transaction history
  • Subscription status

We do not store your full payment card details. Stripe acts as the payment processor and handles billing data in accordance with their own privacy policy.

3.3 Sync Configuration Data

When you configure a sync, we store:

  • Google Sheet IDs and tab names
  • Webflow site IDs and collection IDs
  • Field mappings between sheets and collections
  • Primary key column identifiers
  • Sync schedule preferences (manual, 5min, hourly, daily)
  • Sync settings (auto-publish, delete missing items)

3.4 Sync Log Data

We collect data about sync executions, including:

  • Sync execution timestamps
  • Items created, updated, deleted, or skipped
  • Error messages and logs
  • Sync duration and status

Important: We do not store the actual content of your Google Sheets data or Webflow CMS items. We only process this data temporarily during sync operations and do not retain it in our systems.

3.5 Usage Data

We collect data about how Customers use the Sheetflow dashboard, including:

  • Feature usage
  • Login activity
  • Configuration changes
  • Sync execution history

4. How We Use Your Data

We use the collected data for the following purposes:

  • Service Delivery: To provide, maintain, and improve Sheetflow functionality
  • Data Synchronization: To process and sync data between Google Sheets and Webflow CMS on behalf of Customers
  • Sync Management: To execute scheduled syncs, handle field mappings, and manage sync configurations
  • Error Handling: To log and report sync errors, providing you with detailed error information
  • Billing: To process payments and manage subscriptions via Stripe
  • Support: To respond to Customer inquiries and provide technical assistance
  • Security: To detect, prevent, and address fraud, abuse, or security issues
  • Legal Compliance: To comply with applicable laws and regulations

5. Legal Basis for Processing (GDPR)

For individuals in the European Economic Area (EEA), we process personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our service to Customers
  • Legitimate Interests: Analytics, security, and service improvement, where these interests are not overridden by your rights
  • Consent: Where you have given explicit consent (e.g., for marketing cookies)
  • Legal Obligation: Where processing is required by law

6. Cookies and Tracking Technologies

Sheetflow uses cookies and similar technologies on our website and dashboard:

6.1 Essential Cookies

Required for authentication, security, and core functionality. These cannot be disabled.

6.2 Analytics Cookies

We use the following analytics tools to understand how users interact with our service:

  • Google Analytics: Website traffic and usage patterns (Tracking ID: G-EBEEK4953J)

You can manage cookie preferences through your browser settings or by using our cookie consent controls where available.

7. Third-Party Services and Subprocessors

We share data with the following third-party service providers:

ProviderPurposeLocation
SupabaseDatabase and authenticationEU / US
RailwayApplication hostingUS / EU
StripePayment processingUS
GoogleOAuth integration for Google Sheets accessUS
WebflowPlatform integration via OAuthUS
ResendEmail deliveryUS
Google AnalyticsWebsite analyticsUS

These providers are contractually obligated to protect your data and only process it as instructed.

8. International Data Transfers

Sheetflow is operated from Germany, but our servers and third-party providers are located in both the European Union and the United States.

When transferring personal data outside the EEA, we rely on:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Privacy Framework certification (where applicable)

9. Data Retention

We retain data for the following periods:

  • Sync Logs: Configurable by Customers, with a default retention period of 365 days, after which data is automatically deleted
  • Customer Account Data: Retained for the duration of your account and for up to 3 years after termination for legal and audit purposes
  • Billing Records: Retained as required by tax and accounting laws (typically 7-10 years)
  • Security Logs: Retained for up to 12 months

Customers may configure shorter retention periods for sync logs through their dashboard settings.

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • HTTPS/TLS encryption for all data in transit
  • Encryption at rest for stored data
  • OAuth tokens encrypted using AES-256-GCM before storage
  • Hashed passwords using industry-standard algorithms
  • Access controls and authentication for all systems
  • Regular security reviews

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

11. Your Rights

11.1 Rights Under GDPR (EEA Residents)

If you are located in the EEA, you have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request that we limit how we process your data
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent

11.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights:

  • Right to Know: Request information about the categories and specific pieces of personal data we have collected
  • Right to Delete: Request deletion of your personal data
  • Right to Opt-Out: Opt out of the "sale" of personal data

We do not sell personal data as defined under the CCPA.

  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights

11.3 Exercising Your Rights

To exercise any of these rights, please contact us at:

Email: admin@sheetflow.co

We will respond to your request within 30 days. We may need to verify your identity before processing your request.

12. Customer Responsibilities

If you are a Sheetflow Customer, you acknowledge that:

  • You are responsible for the data you choose to sync between Google Sheets and Webflow CMS
  • You must have appropriate permissions and authorization to access the Google Sheets and Webflow sites you configure for syncing
  • You are the data controller for the data you sync through Sheetflow
  • Sheetflow acts as a data processor on your behalf for the data you sync
  • You must ensure that the data you sync complies with applicable laws and regulations, including data protection laws
  • You must not use Sheetflow to sync sensitive data (health, financial, children's data) in violation of applicable laws or platform policies

Sheetflow provides tools to assist with data synchronization but does not guarantee legal compliance. Customers are responsible for ensuring their use of the service complies with applicable laws.

13. Children's Privacy

Sheetflow is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children under 18.

If you believe we have inadvertently collected data from a child under 18, please contact us at admin@sheetflow.co, and we will promptly delete the information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Post the updated policy on our website
  • Notify Customers via email or in-app notification

Your continued use of Sheetflow after changes are posted constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

JP Peters
Berlin, Germany
Email: admin@sheetflow.co

← Back to Sheetflow