Privacy Policy

We collect information you provide directly (such as account details and token labels), information from Google during OAuth connection, and service telemetry required to operate, secure, and improve the platform.

• Account information (email, user ID, plan and subscription status).
• Google authorization data required to access your Sheets (read/write as tools permit) and the specific spreadsheets you grant access to via the file picker — no broader Drive access.
• MCP token metadata and hashed token credentials for authentication.
• Usage and operational logs (tool called, timestamp, status code, duration, rate-limit and security events).

• Provide the core service and execute MCP tool requests you initiate.
• Authenticate access, prevent abuse, and enforce plan limits and rate limits.
• Maintain billing, support, analytics, and fraud/security monitoring.
• Comply with legal obligations and enforce our Terms of Service.

You authorize SheetsGate to access Google Sheets data (reads and writes as tools permit) and Google Drive within read-only scope for spreadsheet discovery and file metadata, strictly as needed to provide requested features. You are responsible for ensuring you have rights to grant access to any data your account or tokens expose to AI clients.

We do not sell Google user data. We use Google data only to provide and secure the service, and for no other unrelated purpose.

• OAuth tokens are encrypted at rest.
• MCP credentials are stored as non-reversible hashes.
• Access controls, rate limits, and monitoring are used to reduce unauthorized or abusive usage.

No service can guarantee absolute security. You must keep your account credentials and MCP tokens confidential and rotate or revoke tokens if compromise is suspected.

When you configure an MCP token in a third-party AI client, requests and outputs may be processed by that client and its providers under their own terms and privacy policies. We do not control third-party systems, prompts, model behavior, or downstream data handling.

We retain account, token, billing, and operational records as long as reasonably required to operate the service, satisfy legal obligations, resolve disputes, and enforce agreements. We may retain limited security and audit logs after account closure where necessary.

• You can revoke MCP tokens and disconnect linked Google accounts from the dashboard.
• You can stop using the service at any time.
• If you need privacy-related support, contact us through the support channel in your dashboard.

Our providers may process data in multiple jurisdictions. By using SheetsGate, you understand that information may be transferred to countries with different data protection laws than your own jurisdiction.

SheetsGate is not intended for children under 13 (or the minimum age required in your jurisdiction). Do not use the service if you are not legally eligible.

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated effective date. Continued use of the service after updates means you accept the revised policy.