Privacy Policy

Last updated: June 13, 2026

This Privacy Policy explains how WebToSheets ("we", "us", or "our") collects, uses, and protects your personal information when you use our website, Google Sheets add-on, API, and related services (collectively, the "Service"). By using the Service, you agree to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide

  • Account information: name, email address, and password when you create an account.
  • Billing information: payment method details processed and stored by our payment provider, Stripe. We do not store your full credit card number on our servers.
  • Support communications: messages, emails, or feedback you send us.

1.2 Information Collected Automatically

  • Usage data: features used, number of scrape requests, Credit consumption, timestamps, and error logs.
  • Device and browser data: IP address, browser type, operating system, and device identifiers.
  • Cookies and similar technologies: see Section 6 below.

1.3 Information from Third Parties

  • Google account data: when you install the Add-on, Google provides us with your Google account email and basic profile information as required by the OAuth consent flow. We request only the scopes necessary to operate the Add-on.
  • Stripe: subscription status and payment confirmations.

2. Scraped Data

The Service acts as a conduit. When you use the =SCRAPE() formula, we fetch the requested web page, extract the data matching your selectors, and deliver it directly to your Google Sheet. We do not store the scraped content beyond the time required to process the request (typically a few seconds). We do not read, analyse, sell, or share the data you scrape.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Process payments and manage your subscription.
  • Send transactional emails (account confirmation, billing receipts, password resets).
  • Respond to support requests and communicate with you about the Service.
  • Monitor usage patterns to detect abuse, prevent fraud, and ensure system stability.
  • Comply with legal obligations.

We do not sell your personal information. We do not use your data for advertising or profiling purposes.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data on the following legal bases:

  • Contract performance: processing necessary to provide the Service you signed up for (account management, billing, scrape execution).
  • Legitimate interests: improving the Service, preventing abuse, and ensuring security — provided these interests do not override your rights.
  • Legal obligation: processing required to comply with applicable laws (e.g., tax and accounting requirements).
  • Consent: where required, for example for optional marketing communications. You can withdraw consent at any time.

5. Data Sharing and Disclosure

We share personal information only in the following circumstances:

  • Service providers: we use third-party services to operate the Service, including:
    • Stripe — payment processing.
    • Google Cloud Platform — hosting infrastructure.
    • Transactional email provider — sending account and billing emails.
    These providers process data on our behalf and are contractually obligated to protect your information.
  • Legal requirements: we may disclose information if required by law, regulation, legal process, or governmental request.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data becomes subject to a different privacy policy.

We do not share your personal information with advertisers or data brokers.

6. Cookies

We use cookies and similar technologies for the following purposes:

  • Essential cookies: required for authentication, session management, and security. These cannot be disabled.
  • Analytics cookies: help us understand how visitors use the website so we can improve it. You can opt out of analytics cookies through your browser settings.

We do not use advertising or tracking cookies. We do not participate in cross-site tracking networks.

7. Data Retention

  • Account data: retained for as long as your account is active. After account deletion, we remove your personal data within 30 days, except where retention is required by law (e.g., billing records retained for tax purposes).
  • Usage logs: retained for up to 12 months for security and debugging purposes, then automatically deleted.
  • Scraped data: not retained beyond the time required to process each request.
  • Support communications: retained for up to 24 months after your last interaction to provide continuity of support.

8. Data Security

We implement industry-standard security measures to protect your personal information, including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. However, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of your personal data ("right to be forgotten").
  • Restriction: request that we limit how we process your data.
  • Portability: request your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. If you are in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

10. International Data Transfers

Your data may be processed in countries outside your own, including countries that may not provide the same level of data protection. Where we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

11. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly. If you believe a child has provided us with personal information, please contact us.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact

If you have questions about this Privacy Policy or how we handle your data, please contact us at [email protected].