Security — ActiveData

Data access & purpose

ActiveCampaign (read-only): campaigns, lists, and email metrics (e.g., sends, opens, clicks, revenue). We do not request write/delete permissions in ActiveCampaign.
Google Sheets (write): add/update rows and columns in the sheet(s) you select.
Configuration (stored): AC API URL and token (encrypted), selected fields, schedule, destination sheet, and last sync checkpoints.
Operational metadata (stored): job status, error codes, rate-limit/backoff counters for reliability and support.

We do not store your Google Sheet contents or full ActiveCampaign payloads beyond short-lived processing required for a sync.

https://www.googleapis.com/auth/spreadsheets — to write metrics into your chosen Google Sheets.
ActiveCampaign token (API key or personal access token) with read-only access to the endpoints we use. We recommend creating a dedicated read-only API user in ActiveCampaign.

Frontend & static site hosted on Firebase Hosting (Google Cloud).
Syncs run on Google Cloud (🔧 Cloud Run / Cloud Functions — whichever you use).
Configuration stored in Firestore (or a managed DB) and secrets in Secret Manager.
On manual or scheduled sync, we pull read-only metrics from ActiveCampaign over TLS and write to your sheet using the Google Sheets API (TLS).

Data location: 🔧 set your primary region(s) here — e.g., europe-west / us-central.

In transit: TLS 1.2+ for all traffic (ActiveCampaign ↔ ActiveData ↔ Google APIs).
At rest: configuration and metadata are encrypted at rest by Google Cloud.
Secrets: ActiveCampaign tokens are stored in Secret Manager (KMS-backed). Secrets are loaded only for the duration of a sync and never logged; logs are masked.

Least privilege for service accounts and staff; production access is restricted, requires MFA, and is audited.
RBAC and periodic access reviews; service account keys and Secret Manager versions rotated regularly.

Configuration (destination sheet, schedules, selected fields, AC URL, encrypted token) is retained until you delete it or close your account.
Operational logs (non-sensitive) retained for 🔧 N days to support troubleshooting.
User controls: delete configuration from the add-on, rotate/revoke your AC token, or request full deletion via support@yourdomain.com. We delete configuration, secrets, and metadata within 🔧 N days of a confirmed request.

Manual sync runs with your stored, encrypted AC token and writes to your selected sheet.
Scheduled sync executes on our backend on your behalf using your encrypted token. You can pause or disable schedules at any time.

We log job start/end, response codes, counts, and non-sensitive errors. We do not log payload bodies or secrets.
Alerts trigger for repeated failures/abnormal error rates.
ActiveCampaign rate limits are respected with exponential backoff and retry logic.

Code review for auth, secrets, and data-handling changes.
Automated dependency updates and vulnerability scanning (🔧 e.g., OSV/Dependabot/Snyk).
Infrastructure as code with peer review (🔧 e.g., Terraform); separate staging vs. production projects.

We maintain a runbook for detection, containment, and remediation.
If user data is impacted, we notify affected users at the email on file and/or incident@yourdomain.com with impact, scope, and actions taken.

We align with Google’s User Data Policy for OAuth/Workspace add-ons (Limited Use).
Scopes are used solely to provide the features described; data is not sold or used for advertising.
We complete required verification/Data Safety steps for requested scopes.

Google Cloud — hosting & managed services (compute, storage, networking, logging).
Payment processor — subscription billing (🔧 Paystack/Stripe). Card data handled by the processor only.
Error/analytics tooling — service health & debugging (if enabled); no secrets/payloads sent.

We maintain DPAs where applicable and use standard contractual protections.

Rotate or revoke your ActiveCampaign token from ActiveCampaign or the add-on settings.
Disable or delete schedules at any time.
Request export or deletion of configuration via support@yourdomain.com.