Last Updated: December 17, 2024

1. Introduction
This GDPR Policy outlines how SyncSheetsPro ("we," "our," or "us") processes and protects personal data in accordance with the General Data Protection Regulation (GDPR) of the European Union. This policy applies to all users of our Google Workspace Add-on within the European Economic Area (EEA). We are committed to safeguarding your privacy and ensuring transparency in how we handle your data.

2. Data Controller and Data Processor Roles

• Data Controller: As a user of SyncSheetsPro, you are considered the data controller under GDPR for any personal data processed through our Add-on.
• Data Processor: SyncSheetsPro acts as a data processor, processing data only on behalf of and under the instructions of the data controller.

3. Legal Basis for Processing
We process personal data under the following legal bases:

• Consent
• Contractual necessity
• Legal obligation
• Legitimate interests

4. Personal Data We Process

Categories of Personal Data

• Google Workspace user profile information (name, email address)
• Google Sheets content and metadata
• Notion workspace content and metadata
• Usage data and preferences
• Performance and error data
• IP addresses and browser information
• Referral URLs and pages visited
• Cookie data and tracking information

Processing Limitations

• We only process data necessary for the Add-on's functionality.
• Data is processed exclusively within the EU and USA.
• No data is shared with AI models or unauthorized third parties.
• Notion databases and pages are not stored on our servers.

Cookie Usage
We use cookies and similar tracking technologies to:

• Track activity within our Add-on
• Remember your preferences
• Improve user experience
• Analyze usage patterns
• Maintain security

5. Data Subject Rights

Access Rights

• Right to access your personal data
• Right to receive a copy of your data
• Right to know how we use your data

Control Rights

• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

Exercise of Rights
To exercise these rights, contact our Data Protection Officer at:

• Email: [email protected]
• Mail: SyncSheetsPro
  Attn: Data Protection Officer
  PO Box 45, Stevenson, MD 21153

We will respond to requests within 30 days.

6. Data Protection Measures

Technical Measures

• End-to-end encryption for data in transit and at rest
• Secure cloud infrastructure (Google Cloud Platform)
• Regular security assessments and updates
• Access controls and authentication
• Encryption of personal data

Organizational Measures

• Employee data protection training
• Access control policies
• Regular security audits
• Incident response procedures
• Data protection impact assessments

7. International Data Transfers

Transfer Mechanisms
We ensure appropriate safeguards for data transfers outside the EEA through:

• Standard Contractual Clauses (SCCs)
• Privacy Shield certification
• Adequate level of protection certification

Transfer Locations

• Primary storage: European Union
• Secondary storage: United States of America

8. Data Retention

Retention Periods

• Active accounts: Duration of service
• Inactive accounts: 3 months post-closure
• Usage data: 13 months
• Legal requirements: As required by law

Data Deletion

• Automatic deletion after retention period
• Manual deletion upon request
• Secure erasure protocols

9. Communication and Updates

Service Communications
We may communicate with you:

• Directly through email
• Through our partner platforms
• Via customer service channels
• For service updates and maintenance notifications

Marketing Communications
We will only send marketing and promotional communications with your explicit consent. You can opt out of these communications at any time.

Partner Communications
Any communication through our partners will be:

• Clearly identified as being from or on behalf of SyncSheetsPro
• Limited to service-related information
• In compliance with GDPR requirements

10. Data Breach Notification
In the event of a data breach, we will:

1. Notify supervisory authorities within 72 hours
2. Inform affected users without undue delay
3. Provide details about the breach and mitigation measures
4. Document all breaches and remedial actions

11. Data Protection Officer
Our Data Protection Officer oversees GDPR compliance and can be contacted at:

• Email: [email protected]
• Address: PO Box 45, Stevenson, MD 21153

12. Supervisory Authority
You have the right to lodge complaints with your local data protection authority if you believe your rights under GDPR have been violated.

13. Controller Obligations
As a data controller, you are responsible for:

• Making necessary declarations to data protection authorities
• Obtaining explicit consent from data subjects
• Ensuring lawful basis for processing
• Maintaining records of processing activities
• Implementing appropriate security measures
• Reporting data breaches
• Conducting impact assessments when required

14. Contact Information
For GDPR-related inquiries:

• Email: [email protected]
• Website: https://syncsheetspro.co
• Address: SyncSheetsPro, PO Box 45, Stevenson, MD 21153

15. Security Commitment
While we implement comprehensive security measures to protect your personal information, we acknowledge that no method of electronic storage or transmission is 100% secure. We commit to:

• Using commercially acceptable means of protection
• Regularly updating our security measures
• Promptly addressing any identified vulnerabilities
• Maintaining transparency about our security practices

16. Policy Updates
We may update this GDPR policy to:

• Reflect changes in our practices
• Comply with regulatory requirements
• Improve clarity and transparency
• Address new features or services

All updates will be communicated through:

• Email notifications
• Add-on notifications
• Website updates at https://syncsheetspro.co

Changes become effective 30 days after notification.