ActiveData

Privacy Policy

This Policy explains what we collect, why we collect it, and how you can control your data when using ActiveData — a Google Sheets add-on that reads metrics from ActiveCampaign and writes them into your spreadsheets.

1) Who we are & scope

ActiveData (“we”, “us”) provides a Google Sheets add-on and related services (the “Service”). This Policy applies to the Service, our website, and customer support interactions.

2) Information we collect

  • Account & billing: name, email, subscription status, invoices/receipts (via our payment processor). We do not store card data.
  • Configuration: ActiveCampaign API URL and token (encrypted), selected fields, schedules, chosen spreadsheet(s), and last sync checkpoints.
  • Operational logs: timestamps, job status, response codes, error messages, rate-limit/backoff events. We do not log secrets or full payloads.
  • Website analytics (if enabled): basic usage metrics and device info to improve the site; cookies are limited to essential functionality unless noted.

We do not persist your Google Sheet contents or full ActiveCampaign records beyond short-lived processing needed for a sync.

3) Data sources & permissions

  • Google Sheets: we request https://www.googleapis.com/auth/spreadsheets to create/update cells in the sheet(s) you select.
  • ActiveCampaign: you provide an API key or personal access token with read-only access to endpoints we use (campaigns, lists, metrics). We recommend a dedicated read-only API user.

Scopes and tokens are used solely to provide the Service and are handled per our Security practices.

4) How we use information

  • Provide the Service (run manual/scheduled syncs, render UI in Sheets, write data to your spreadsheets).
  • Operate, maintain, and improve performance and reliability.
  • Authenticate access, enforce licensing, and process payments.
  • Provide customer support and communicate important updates (e.g., receipts, incidents).
  • Comply with legal obligations and enforce our Terms.

We do not sell personal information. We do not use your data for advertising.

5) Legal bases (where applicable)

  • Contract — to provide the Service you requested.
  • Legitimate interests — to secure and improve the Service (balanced against your rights).
  • Consent — where required (e.g., certain analytics or marketing communications).
  • Legal obligation — to comply with law and enforce our Terms.

6) Sharing & sub-processors

We share data with providers that help us run the Service, under contracts requiring appropriate safeguards:

  • Google Cloud — hosting, databases, logging, and secrets management.
  • Payment processor — subscription billing (e.g., Paystack or Stripe). Card data handled by the processor only.
  • Error/analytics tooling (if enabled) — service health and diagnostics. No secrets or payloads are sent.

We may disclose information to comply with law, protect rights/safety, or in connection with a business transaction (with appropriate notice and protections).

7) Security

  • In transit: TLS 1.2+ for all network communications (ActiveCampaign ↔ Service ↔ Google APIs).
  • At rest: configuration and metadata encrypted at rest by our cloud provider.
  • Secrets: ActiveCampaign tokens stored in a secrets manager and loaded only for the duration of a sync; never logged; masked in dashboards.
  • Access control: least privilege, MFA for production access, audit logs, periodic access reviews.

Details: see our Security page.

8) Retention

  • Configuration: retained until you delete it or your account is closed.
  • Operational logs: kept for support and reliability for [set period, e.g., 30–90 days].
  • Backups (if any) follow rolling retention; secrets excluded from logs.

9) International transfers

We may process data in locations where our cloud provider operates. Where required, we implement appropriate safeguards (e.g., standard contractual clauses) for cross-border transfers.

10) Your choices & rights

  • Uninstall the add-on at any time from Google Workspace.
  • Rotate or revoke your ActiveCampaign token at any time.
  • Disable or delete schedules and configuration from within the add-on.
  • Request access, correction, export, or deletion by emailing support@yourdomain.com.

Depending on your region (e.g., GDPR/POPIA/CCPA), you may have additional rights. We will verify your request and respond within required timeframes.

11) Children

The Service is not directed to children under 18. We do not knowingly collect personal information from children.

12) Changes to this Policy

We may update this Policy from time to time. If changes materially affect your rights, we will provide additional notice where required.

13) Contact

Questions about this Policy or our data practices? Email privacy@yourdomain.com or support@yourdomain.com.

Last updated: 2025-09-27