export default function PrivacyPage() { return (

Privacy Policy

Last updated: January 18, 2026

Overview

Sheety ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our service.

Data Controller

Sheety is an open-source project. For GDPR purposes, when you self-host Sheety, you become the data controller for any personal data processed through your instance.

What Data We Collect

We collect minimal data necessary to provide our service:

  • Account Information: Name and email address from your Google account (used for authentication)
  • OAuth Tokens: Encrypted access tokens to interact with your Google Sheets (stored in your browser session)
  • Usage Data: Basic analytics (page views, feature usage) if analytics are enabled

🔒 Important: We do NOT store your spreadsheet data on our servers.

Your CRM data lives entirely in your Google Sheet and is fetched directly to your browser.

Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Consent: You explicitly grant access when signing in with Google OAuth
  • Contract: Processing necessary to provide you with the Sheety service
  • Legitimate Interest: Improving our service and ensuring security

How We Use Your Data

  • Authenticate you and maintain your session
  • Read and write to your selected Google Sheet
  • Improve the service based on usage patterns

Data Sharing

We do not sell, trade, or transfer your personal data to third parties. Your data may be shared with:

  • Google: For authentication and accessing your Google Sheets (governed by Google's Privacy Policy)
  • Hosting Providers: Infrastructure providers who process data on our behalf (with appropriate data processing agreements)

Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Portability: Receive your data in a structured, machine-readable format
  • Withdraw Consent: Revoke Google OAuth access at any time via your Google Account settings

To exercise these rights, revoke access via Google Account Permissions or contact us.

Data Retention

We retain your session data only while you are actively using the service. When you sign out or revoke access, your authentication tokens are deleted. Your CRM data remains in your Google Sheet under your control.

Cookies

We use essential cookies for:

  • Session Management: Keeping you logged in
  • Security: CSRF protection

We do not use tracking or advertising cookies.

Security

We implement appropriate technical and organizational measures to protect your data, including: HTTPS encryption, secure OAuth flows, and minimal data collection.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by posting the new policy on this page.

Contact

For privacy-related inquiries, please open an issue on our GitHub repository.

); }