Privacy Policy

The short version: We collect only what we need to run Autometon. We never sell your data. Webhook payloads pass through our systems and land in your Google Sheet — we don't store them. You can delete your account and all associated data at any time.

Contents

Who we are
What we collect
How we use your information
Data storage and webhook payloads
Sharing and third parties
Cookies and tracking
Security
Your rights
Data retention
Children's privacy
Changes to this policy
Contact us

1. Who We Are

Autometon ("we," "us," or "our") is a Google Sheets integration and automation platform. Our service allows you to connect 500+ apps to Google Sheets via webhooks, with data flowing directly into spreadsheets you own and control.

For privacy purposes, Autometon operates as the data controller for account and usage information, and as a data processor for webhook payload data you route through our platform.

2. What We Collect

Account information

When you create a Autometon account, we collect your name, email address, and a hashed password. If you authenticate via Google OAuth, we receive your name and email from Google — no password is stored on our end.

Billing information

Payment details (card numbers, billing address) are handled exclusively by our payment processor. We store only a billing record reference and your subscription tier — never raw card data.

Usage and pipeline data

We collect information about how you use Autometon: pipelines you create, integration sources you connect, field mappings you configure, and aggregate event counts. This is used to operate the service, display your dashboard, and improve reliability.

Log and technical data

Our servers automatically record IP addresses, browser user-agent strings, request timestamps, and error traces. These logs are retained for 30 days and used solely for security monitoring and debugging.

3. How We Use Your Information

We use the information we collect to:

Provision and operate your Autometon account and pipelines
Authenticate you and protect your account from unauthorized access
Process payments and send billing receipts
Send transactional emails — pipeline alerts, error notifications, and account-critical messages
Provide customer support when you contact us
Monitor system health, investigate errors, and improve reliability
Comply with legal obligations

We do not use your data to train machine learning models. We do not send marketing emails unless you have explicitly opted in. We do not profile you for advertising.

4. Data Storage and Webhook Payloads

This is the most important section for understanding how Autometon works.

Webhook payloads are not stored

When an app sends a webhook to Autometon, the payload is received, validated, transformed according to your field mappings, and written directly to your Google Sheet. We do not store webhook payload contents on our servers. Your data lives in your Google Drive — under your Google account, subject to Google's privacy policy, controlled entirely by you.

What we do store

We store metadata about webhook events: timestamps, pipeline IDs, source app identifiers, event type labels, and success/error status. This metadata is necessary to power your dashboard, support debugging, and enable webhook replay on paid plans. Metadata is retained for 90 days.

Google Sheets access

Autometon accesses your Google Sheets using a service account model. You grant write access by sharing a specific spreadsheet with our bot email address. We do not request access to your entire Google Drive or any other Google services. You can revoke this access at any time by removing the service account from your sheet's sharing settings.

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

Service providers: We use Neon (database hosting), Render (cloud infrastructure), SendGrid (transactional email), and Sentry (error monitoring). Each is contractually bound to process your data only as necessary to provide their service to us.
Payment processors: Billing is handled by our payment processor, who receives necessary billing information to process transactions.
Google: When you connect Google Sheets, we interact with Google APIs on your behalf under the permissions you grant.
Legal requirements: We may disclose information if required by law, court order, or to protect the rights and safety of Autometon, our users, or others.

6. Cookies and Tracking

Autometon uses a small number of cookies strictly necessary to operate the service:

Session cookie: Keeps you logged in across page loads. Expires when you close your browser or after 30 days.
CSRF token: Protects against cross-site request forgery. Required for account security.

We do not use advertising cookies, tracking pixels, or third-party analytics that identify you individually. We may use aggregate, anonymized analytics (page view counts, feature usage rates) to improve the product.

7. Security

We take security seriously. Our practices include:

All data in transit is encrypted via TLS 1.2 or higher
Passwords are hashed using bcrypt with a per-user salt — we never store plaintext passwords
HMAC webhook signature verification for supported platforms (HubSpot, Shopify, Stripe, GitHub)
Rate limiting on all API endpoints to prevent abuse
Regular dependency audits and security patches
Access to production systems is limited to essential personnel and protected by multi-factor authentication

No system is perfectly secure. If you discover a vulnerability, please contact us at security@Autometon.io before disclosing it publicly.

8. Your Rights

Depending on your location, you may have rights under GDPR, CCPA, or other applicable laws. Regardless of location, we extend these rights to all users:

Access: Request a copy of the personal data we hold about you
Correction: Ask us to correct inaccurate information
Deletion: Delete your account and all associated personal data from our systems
Portability: Export your pipeline configurations and account data in a machine-readable format
Objection: Object to processing for legitimate interests
Restriction: Ask us to limit processing in certain circumstances

To exercise any right, email privacy@Autometon.io. We respond within 30 days.

9. Data Retention

We retain your personal data for as long as your account is active, plus a 30-day grace period after deletion to allow for account recovery. After that, all personal data is permanently deleted from our systems and backups. Anonymized aggregate usage statistics may be retained indefinitely.

Webhook event metadata is retained for 90 days from the event date, then automatically purged.

Server logs are retained for 30 days, then deleted.

10. Children's Privacy

Autometon is a business tool not intended for use by children under 16. We do not knowingly collect personal information from anyone under 16. If we learn we have inadvertently collected such information, we will delete it immediately. Contact us at privacy@Autometon.io if you believe we have done so.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address on your account) and update the "Last updated" date at the top of this page. Continued use of Autometon after notification constitutes acceptance of the updated policy.

12. Contact Us

Questions about this policy or your data? Reach us at:

Email: privacy@Autometon.io
Support: Autometon.io/contact