← Back to home

Privacy Policy

Last updated: January 13, 2025

1. Overview

This Privacy Policy explains how SaySheet ("we," "us," or "our") collects, uses, and protects personal data when you visit saysheet.com, create an account, connect your Google Workspace, capture audio, or otherwise use our voice-driven form entry service (the "Service"). We built SaySheet with privacy in mind: we request only the Google scopes needed to read headers and write rows, we store OAuth tokens securely in Supabase, and we limit human access to customer data.

2. Data Controller & Contact

SaySheet is the data controller for the personal data described in this Policy. You can reach us at help@saysheet.com.

3. Data We Collect

  • Account & profile data: name, email address, password hashes (if applicable), organization info, and communication preferences you share when you sign up or contact support.
  • Google account data: OAuth tokens, spreadsheet metadata, and sheet/tab headers from the scopes you approve (https://www.googleapis.com/auth/spreadsheets and https://www.googleapis.com/auth/drive.readonly). We only access the specific files you select inside SaySheet.
  • Voice & transcription data: audio snippets you intentionally record, generated transcripts, extracted field values, confidence scores, and undo history. Audio files are uploaded to our API, sent to Deepgram for speech-to-text, and deleted after transcription completes unless you opt into diagnostics.
  • Form schemas & submissions: column definitions, descriptions, schema mappings, and structured rows created through SaySheet so we can replay them to Google Sheets and show history within the Forms Thread view.
  • Usage & device information: log data, IP address, browser type, timestamps, feature engagement, crash reports, and diagnostics generated by our web app, analytics, and security tooling.

4. How We Use Data

  • Provide, personalize, and maintain the Service, including schema management and Google Sheet writes.
  • Process recordings, run Deepgram transcription, and pass structured prompts to OpenRouter LLMs to coerce field values.
  • Authenticate you, secure sessions, and prevent abuse or fraud.
  • Respond to support requests, bug reports, and user feedback.
  • Measure performance, improve accuracy, and develop new features (for example, training heuristics for field inference).
  • Comply with legal obligations and enforce our Terms of Service.

5. Google API Services Compliance

SaySheet's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We access Google Sheets data only to power the voice-to-sheet workflows you initiate, we never sell Google user data, and we do not use it for advertising. Human access to Google user data is restricted to security escalations, product support that you request, or when required by law. You can disconnect SaySheet at any time via your Google security settings.

6. How We Share Information

We do not sell personal data. We share it only with:

  • Service providers: Supabase (database and auth), Vercel (hosting), Deepgram (transcription), OpenRouter and downstream LLM providers (data extraction), Google Cloud, analytics, error monitoring, and payment processors if applicable.
  • Professional advisors & compliance partners: Legal, accounting, or auditors who help us meet regulatory duties under confidentiality obligations.
  • Business transfers: In connection with a merger, financing, acquisition, or dissolution, subject to continued protection of the data.
  • Legal & safety: When we must comply with law, protect the rights and safety of users, or enforce agreements.

7. Data Retention

We retain personal data for as long as needed to deliver the Service, comply with legal obligations, or resolve disputes. Audio uploads are typically deleted after transcription completes. Form submissions, schema definitions, and Google tokens persist until you delete the form, revoke access, or close your account. We may retain limited logs for security and audit purposes after account deletion.

8. Security

We use encryption in transit (HTTPS), secure token storage in Supabase, scoped API keys, access logging, and least-privilege controls. No system can be 100% secure, so we encourage you to use strong passwords, enable device security, and promptly notify us of suspected issues at help@saysheet.com.

9. Your Choices & Rights

  • Access, update, or delete: Manage most profile data in-app or email us to request a copy, correction, or deletion. We may need to verify your identity before fulfilling requests.
  • Revoke Google access: Visit Google Account > Security > Third-party apps to remove SaySheet's access at any time.
  • Opt out of communications: Use the unsubscribe links in product emails or contact us to adjust preferences.
  • Regional rights: Depending on your location (for example, EEA, UK, California), you may have additional rights regarding data portability or objection to processing. We honor those rights as required by law.

10. International Transfers

We operate from the United States and may process data on servers located there or in other countries. When transferring data internationally we rely on lawful transfer mechanisms, such as Standard Contractual Clauses, and ensure that service providers provide adequate protections.

11. Children's Privacy

The Service is not directed to children under 13 (or the age required by your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided data, contact us and we will remove it.

12. Changes to This Policy

We may update this Privacy Policy to reflect product, legal, or regulatory changes. We will update the "Last updated" date and, when changes are material, provide additional notice (for example, by email or in-app messaging). Continued use of the Service after an update constitutes acceptance.

13. Contact

Email help@saysheet.com for privacy or product questions.

Back to SaySheet