Privacy Policy | SheetsData

1. Who We Are

SheetsData (Pty) Ltd ("we", "us", "our") operates the SheetsData platform at sheetsdata.com. We are the data controller for the personal data we process.

Contact: privacy@sheetsdata.com

2. Data We Collect

Account data

Email address (required for account creation)
Name (if provided via OAuth — GitHub, Google)
OAuth provider identifiers

Billing data

Payment method details are processed by Paystack (our payment processor) and are never stored on our servers
We store: transaction references, amounts, dates, and Paystack customer identifiers

Usage data

API call logs: tool name, timestamp, duration, status code, cost
Request metadata: part numbers and search queries (we never log datasheet content)
IP addresses may be logged by our infrastructure providers

Data we do NOT collect

Credit card numbers (handled entirely by Paystack)
Datasheet content in logs
Tracking cookies or advertising identifiers

3. How We Use Your Data

Provide the Service: Authenticate API requests, track usage, process payments
Billing: Calculate charges, generate invoices, process top-ups and auto-recharges
Improve the Service: Aggregate usage analytics to improve performance and reliability
Communicate: Send account-related emails (billing, security, service updates)
Comply with law: Respond to legal requests, prevent fraud

4. Legal Basis for Processing

Contract performance: Processing your API requests, billing, and account management
Legitimate interest: Service improvement, fraud prevention, security
Legal obligation: Tax records, financial reporting, responding to lawful requests
Consent: Marketing communications (if we send any — you can opt out)

5. Data Sharing

We share personal data only with:

Paystack — payment processing (South Africa, PCI-DSS compliant)
Supabase — database and authentication hosting (AWS EU/US regions)
Railway — application hosting (US)
Modal — serverless compute for PDF extraction (US)

We do not sell personal data. We do not share data with advertisers.

6. Data Retention

Account data: Retained while your account is active, deleted within 30 days of account closure
API usage logs: Retained for 12 months, then anonymized
Payment records: Retained for 5 years as required by South African financial regulations (FICA)
Extracted datasheet data: Retained indefinitely as part of our component database (not personal data)

7. Your Rights

Under POPIA (South Africa) and GDPR (EU), you have the right to:

Access: Request a copy of your personal data
Correction: Request correction of inaccurate data
Deletion: Request deletion of your personal data
Portability: Request your data in a machine-readable format
Objection: Object to processing based on legitimate interest
Restriction: Request restriction of processing

To exercise these rights, email privacy@sheetsdata.com. We will respond within 30 days.

8. International Data Transfers

Your data may be processed in the United States and European Union through our infrastructure providers. We ensure appropriate safeguards are in place through our providers' standard contractual clauses and certifications.

9. Security

We implement industry-standard security measures including:

API tokens stored as SHA-256 hashes (never in plaintext)
All connections encrypted via TLS
Database access restricted via row-level security policies
Payment data processed exclusively by PCI-DSS compliant Paystack

10. Cookies

We use only essential cookies for authentication session management. We do not use tracking cookies, analytics cookies, or advertising cookies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes. The "Last updated" date at the top indicates the most recent revision.

12. Contact & Complaints

For privacy-related questions or complaints:

Email: privacy@sheetsdata.com
South African Information Regulator: inforegulator.org.za