Privacy Policy

Effective Date: December 12, 2025 Last Updated: February 4, 2026 Version: 1.2 (Public Release) Review Schedule: Annual (or upon material changes)

See Section 14 for version history.

1. Introduction

Jetti Sheets ("Jetti," "we," "us," "our") is a Google Workspace add-on that provides advanced analytics for customer data, including cohort analysis, revenue waterfall analysis, and data quality insights.

PUBLIC RELEASE: Jetti Sheets is now publicly available on the Google Workspace Marketplace. This privacy policy applies to all users.

Developer Information:

• Developer: Jetti, LLC
• Contact Email: support@jettisheets.com
• Website: https://jettisheets.com
• Address: Los Angeles, CA, United States

This Privacy Policy explains how we collect, use, store, and protect your information when you use Jetti.

2. Information We Collect

2.1 Google Account Information

When you install Jetti, we collect:

• Email address (via Google OAuth) - for license validation and account identification

Purpose: Authentication and license validation

2.2 Source Data You Choose to Analyze

When you run analysis reports, we temporarily process:

• Customer transaction data from your selected data source (Google Sheets, Drive files, or uploaded CSVs)
• Column names and data types for intelligent detection
• Date ranges and metrics you configure for analysis

What we DO:

• Process your data to generate analytics reports
• Temporarily cache processed data (see Section 3.2)
• Store your report configuration preferences

What we DO NOT do:

• Store your raw customer/transaction data permanently
• Share your data with third parties
• Use your data to train AI models
• Access files you haven't explicitly selected for analysis

2.3 Report Configurations

We store these settings in your Google User Properties (tied to your account):

• Report names and types (cohort, snowball, data quality)
• Column mappings (UID, date, metric columns)
• Filter preferences and display settings
• Last run timestamps

Storage Location: Google Apps Script User Properties (encrypted by Google)

2.4 Usage Analytics

We may collect anonymized usage data:

• Which features you use (cohort, snowball, insights, etc.)
• Report generation frequency
• Performance metrics (processing time, cache hit rates)
• Error logs for debugging (no customer data included)

Tools Used: Token usage tracking via License API (see Section 5.2)

2.5 Automatically Collected Technical Data

• IP Address: For security and abuse prevention
• Browser Type: For compatibility optimization
• Timestamp: For cache management and diagnostics

3. How We Use Your Data

3.1 Data Processing Architecture

Jetti processes your data using secure cloud infrastructure hosted in the United States.

Our services handle:

• Analytics Processing - Generates cohort tables, revenue breakdowns, and data quality reports
• License Management - Validates your subscription and tracks usage
• File Handling - Processes uploaded files securely

Processing Flow:

1. You select a data source (Sheet, Drive file, or local CSV upload)
2. Data is transmitted securely (HTTPS) to our servers
3. Data is processed in-memory (not written to disk)
4. Results are returned to your Google Sheet
5. Aggregated data is temporarily cached to improve performance (see Section 3.2)

3.1.1 Large File Upload

For large files, we use a secure direct upload process:

1. You select a CSV file from your local machine
2. File uploads securely to our servers
3. File is processed in-memory
4. File is deleted immediately after processing

Privacy Guarantee: Uploaded files are temporary and automatically deleted after processing

3.2 Temporary Caching

To improve performance, we temporarily cache processed results:

• What: Aggregated summary data (not your raw transactions)
• Where: Secure cloud storage in the United States
• How Long: Automatically deleted after 24 hours
• Isolation: Your data is isolated and cannot be accessed by other users
• Encryption: Encrypted at rest and in transit

You can clear your cache anytime:

• Via the Manage tab in Jetti (Cache Manager)
• Automatically after 24 hours
• By uninstalling or revoking Jetti access

3.3 No Permanent Data Storage

We DO NOT permanently store:

• Your customer transaction data
• Revenue/sales figures
• Customer names, emails, or identifiers from your source files
• Any personally identifiable information (PII) from your source data

What we DO store:

• Account information: Your email, license key, and token usage-required for authentication, license validation, and usage tracking
• Report configuration: Column mappings and filters stored in Google User Properties to save you time on future reports

4. Google API Permissions (OAuth Scopes)

Jetti requests these permissions when you install it:

Privacy-First File Access (Native Google Picker)

We use drive.file scope with Google's Native Picker API:

As of December 2025, Jetti uses Google's Native Picker API - the same file picker used by Google's own apps. This provides the strongest privacy guarantees available:

• Minimal access: We can ONLY access files you explicitly select using Google's native file picker
• No browsing: We cannot see, list, or browse your other Drive files
• You're in control: Each file must be deliberately selected by you
• Google-hosted UI: The file picker runs on Google's servers, not ours
• We CANNOT access files you haven't explicitly opened with Jetti

Why this matters:

Friendly permission prompt: When you authorize Jetti, Google shows:

"View and manage files you have opened with this app"

This is much more privacy-friendly than the broader "See and download all your Google Drive files" that some apps request.

How We Use These Permissions

• You control access: We only access files you explicitly select using Google's native file picker
• Reports go in your spreadsheet: Analysis results are written as new sheets in your current spreadsheet
• Processing happens on-demand: We only read and process data when you click "Generate Report"
• Identity tokens: Used to authenticate your requests to our APIs (not stored)
• Email address: Used to validate your license and track usage (see Section 5.2)

You can revoke access anytime: https://myaccount.google.com/permissions

5. Current Features & Future Data Use

5.1 AI-Ready Export

Status: Available

Approach: "Bring Your Own AI" (BYOAI)

• We generate expert AI prompts with your report data embedded
• You copy the prompt to your clipboard
• You paste into ChatGPT, Claude, Gemini, or any AI platform you prefer
• Jetti NEVER sends your data to AI services
• You control what data leaves your environment

What we provide:

• 4 expert prompt templates:
  • Quick Rundown (executive summary)
  • Movement Diagnosis (growth/churn patterns)
  • Health Scorecard (business health evaluation)
  • General Cohort (retention & LTV analysis)
• Context questionnaire (industry, metric type, time period, goals)
• Data formatting optimized for AI consumption
• One-click copy to clipboard

Privacy Guarantee:

• No AI API calls from Jetti - we only generate the prompt text
• No data sent to third parties - you control the copy/paste action
• No storage of prompts - generated on-demand, not saved
• You decide which AI platform to use (ChatGPT, Claude, Gemini, etc.)
• You can review the prompt before pasting

Privacy Impact: Zero - Jetti acts as a prompt generator only. You have complete control over whether and where to share your data.

5.2 License System & Usage Tracking

Status: Fully implemented (December 2025)

Jetti uses a license-based access system to manage subscriptions and track usage.

What We Collect:

• Email address (from Google OAuth) - to identify your license
• License key (you provide) - to validate your subscription
• Token usage - count of reports generated (not report contents)

How It Works:

1. You activate Jetti with a license key (from Polar.sh checkout)
2. Your email is linked to the license in our database
3. Each report generation deducts tokens from your monthly allocation
4. Token counts reset at the start of each billing period

Third-Party Service:

• Polar.sh - Handles billing, subscriptions, and license key generation
• We share: Your email address (for license lookup) and license key
• Polar.sh Privacy Policy: https://polar.sh/privacy
• We do NOT share your spreadsheet data with Polar.sh

What We Store:

Your Rights:

• View your token usage in the Manage tab
• Deactivate your license anytime (Manage tab → Portal → Deactivate)
• Request data deletion via email

6. Data Sharing & Third Parties

6.1 Third-Party Services We Use

• Google Cloud Platform: All data processing and caching
  • Location: United States
  • Covered by Google Cloud Privacy Policy
• Polar.sh: License management and billing
  • Receives: Your email address, license key
  • Does NOT receive: Your spreadsheet data
  • Privacy Policy: https://polar.sh/privacy
• Google Tag Manager (Website): Used on jettisheets.com for website analytics and conversion measurement

6.2 We Do Not Share Data With

• Advertisers
• Data brokers
• AI model training companies
• Any third parties for marketing purposes

6.3 Legal Obligations

We may disclose data if required by law:

• Valid court orders or subpoenas
• Government investigations (with transparency when legally allowed)
• Protect our legal rights or prevent fraud

Transparency: We will notify you if legally permitted.

7. Data Security

7.1 Encryption

• In Transit: Industry-standard encryption (HTTPS) for all data transfers
• At Rest: Industry-standard encryption for stored data
• Authentication Tokens: Securely stored and encrypted

7.2 Access Controls

• User Isolation: Your data is isolated and cannot be accessed by other users
• Authentication: Google OAuth 2.0 (we never see or store your Google password)
• Request Validation: All requests are authenticated before processing

7.3 Infrastructure Security

• Cloud Provider: Google Cloud Platform (United States)
• GCP Compliance: Enterprise-grade security (SOC 2, ISO 27001)
• Jetti Compliance: Pursuing SOC 2 Type I certification
• Monitoring: Automated security monitoring (no customer data in logs)

7.4 Data Breach Notification

In the unlikely event of a data breach:

1. We will investigate promptly
2. Notify affected users as soon as reasonably practicable
3. Provide details on what data was affected and remediation steps

8. Data Retention & Deletion

8.1 Retention Periods

8.2 How to Delete Your Data

Option 1: Revoke Jetti Access (Complete Removal)

1. Go to: https://myaccount.google.com/permissions
2. Find "Jetti" and click "Remove Access"
3. All cached data auto-deletes within 24 hours
4. Report configurations are immediately inaccessible

Option 2: Email Request

• Email: support@jettisheets.com
• Subject: "Data Deletion Request"
• We'll confirm deletion within 7 business days

Option 3: Delete Specific Report Configs

1. Open a new Google Sheet
2. Go to Extensions > Jetti Sheets > Open Sidebar
3. Use the "Manage Reports" feature to delete saved reports

9. International Data Transfers

Data Processing Location: United States (Google Cloud Region: us-west2)

If you're outside the US:

• Your data is transferred to US servers for processing
• Data is ephemeral (24-hour cache retention)
• You can opt-out by not using Jetti

10. Your Privacy Rights

All users have the following rights:

• Access: Request a copy of your data (report configs, cached data list)
• Deletion: Delete all data anytime (see Section 8.2)
• Portability: Export report configurations
• Opt-Out: Stop using Jetti and revoke access anytime
• Correction: Update incorrect data by re-running reports
• No Sale of Data: We do not sell your personal information

To exercise your rights: Email support@jettisheets.com

11. Cookies & Tracking

Cookies Used by Jetti:

• Session Cookies: Maintain sidebar state (session-only, deleted when closed)
• Local Storage: Save UI preferences (dark mode, collapsed sections, etc.)

Third-Party Cookies:

• Google Tag Manager and related advertising/measurement tags may set cookies or local identifiers used for attribution and conversion tracking on our website.

You can disable cookies in your browser, but Jetti may not function properly.

12. Children's Privacy

Jetti is not intended for users under 16 years old.

We do not knowingly collect data from children. If you believe a child has provided data to Jetti:

• Email: support@jettisheets.com
• We will delete the data within 48 hours

Parents/Guardians: If your child used Jetti, please contact us for immediate data deletion.

13. Changes to This Privacy Policy

We may update this policy to reflect:

• New features
• Legal or regulatory developments
• Security improvements

How we notify you:

1. Material Changes: Email notification to your Google account email
2. Minor Changes: Update "Last Updated" date at top of policy
3. Changelog: See Section 14 for version history

Your continued use after changes = acceptance of new policy

14. Privacy Policy Changelog

Review schedule: Annual or upon material changes

15. Contact Us

Privacy Questions or Requests:

• Email: support@jettisheets.com
• Website: https://jettisheets.com/contact
• Response Time: Within 7 business days

Mailing Address: Jetti, LLC Los Angeles, CA, United States

16. Legal & Compliance

Governing Terms:

• Google Workspace Marketplace Developer Terms
• This Privacy Policy and our Terms of Service

Certifications & Audits:

• Infrastructure: Google Cloud Platform (SOC 2, ISO 27001)
• Jetti: Pursuing SOC 2 Type I certification

Privacy Approach: We build with privacy best practices in mind, including data minimization, user control, encryption, and transparency.

17. Additional Resources

• Terms of Service: TERMS_OF_SERVICE.md
• Google Workspace Marketplace Listing: Jetti Sheets
• Documentation: https://jettisheets.com/docs

By using Jetti, you agree to this Privacy Policy.

If you do not agree, please do not install or use Jetti, and revoke access if already installed.

END OF PRIVACY POLICY

This policy is effective as of December 12, 2025 and applies to all users of the Jetti Sheets Google Workspace add-on.