Privacy Policy

This Privacy Policy explains how SaferSheets ("we", "us", "our") collects, uses, and protects personal data when you use safersheets.com and related services (the "Service"). We're GDPR-compliant by default for every user, regardless of where you live.

SaferSheets is operated by SaferSheets Ltd. (the "Controller"). If you have any questions about how we handle your data, email privacy@safersheets.com.

We collect the minimum data needed to run the Service:

• Account data: your email address and a hashed password (or the OAuth identity if you signed in through Google).
• Uploaded files: the spreadsheets you upload, encrypted at rest in our object storage. Only you can read them.
• Scan output: findings, scores, and recommendations we generate from your files.
• Usage metadata: sign-in times, tool runs, feature usage — used to fix bugs and measure product health. Aggregated; not sold.
• Billing data: if you subscribe, your payment processor (Stripe) handles card data — we never see it. We store invoice records and your VAT/tax ID if applicable.

• We do not sell your data to anyone, ever.
• We do not train AI models on your files or your scan output.
• We do not use third-party advertising trackers (no Facebook Pixel, Google Ads tags, etc.).
• We do not send raw cell contents to third-party LLM providers. AI narratives are generated from structured scan output only.

We rely on a small set of trusted vendors to run the Service:

• Supabase — auth, Postgres database, and encrypted object storage (EU region).
• Vercel — web hosting and edge delivery for the marketing site and app shell.
• Stripe — billing and payment processing for paid plans.
• OpenAI — narrative generation from structured scan output (never raw file contents). Data is not used for model training per OpenAI's API terms.
• Postmark — transactional email (sign-in links, billing receipts).

Any change to the subprocessor list is reflected here within 30 days.

• Authenticate you and keep your account secure.
• Run the tools you invoke and store the results.
• Provide product support when you contact us.
• Send service messages (security alerts, billing receipts, major product changes). You can opt out of non-essential emails in your settings.
• Improve the product via aggregated, de-identified usage data.
• Comply with legal obligations (tax records, court orders).

You have the right to access, correct, export, or delete your personal data at any time:

• Delete a single run: click the trash icon on any row in your dashboard. The file and findings are cascade-deleted from storage and database.
• Export your data: email privacy@safersheets.com — we'll send a complete archive within 30 days.
• Delete your entire account: same address. We process account deletions within 30 days. Some records (invoices, tax data) are retained for the legal period.
• Lodge a complaint: you can contact your local data-protection authority. We'll also be happy to hear about the issue directly first.

• Uploaded files + scan output: retained for the tier-specific retention period (7 days on Free, 90 days on Pro, 1 year default on Team), or until you delete them.
• Account data: retained while your account is active. Deleted within 30 days of account closure.
• Billing records: retained for the legally required period (typically 7 years).

We use a single session cookie to keep you signed in. That's it. No analytics cookies, no ad-tracking cookies, no third-party cookies. Your sign-in cookie is HttpOnly, Secure, and SameSite=Lax.

Our primary data residency is in the EU (Frankfurt). Some subprocessors (OpenAI, Stripe) may process data in the US — we rely on the EU-US Data Privacy Framework and Standard Contractual Clauses where applicable.

We'll update this page when our practices change. If the change is material, we'll email you and give you 30 days' notice before it takes effect.

Privacy questions: privacy@safersheets.com.

This document is a plain-English summary. The legally binding version (in case of conflict) is the one you can request in PDF form from the address above.