Login

Privacy Policy

Effective date: May 22, 2018
Last update: Feb 25, 2026

1. Introduction and Scope

This Privacy Policy explains how Sheetgo Europe S.L. (“Sheetgo”, “we”, “us”) processes personal data in connection with:

  • visits to our website;
  • pre-contractual interactions and inquiries;
  • use of Sheetgo products and services;
  • participation in the Sheetgo Data Space;
  • related customer support and compliance activities.

This Privacy Policy applies globally, subject to applicable data protection laws, including Regulation (EU) 2016/679 (GDPR).

If you participate in the Sheetgo Data Space, the Data Space Privacy Addendum also applies and forms part of this Privacy framework.

2. Identity of the Data Controller

Sheetgo Europe S.L.
Muelle de la Aduana, s/n
Edificio Lanzadera
46024 Valencia, Spain
Email: [email protected]

Sheetgo acts as a data controller or data processor depending on the specific processing activity, as described below.

3. Pre-Contractual Processing (Leads, Forms, Inquiries)

3.1 What data do we process

We may process:

  • identification and contact details (name, email, company, role);
  • corporate information provided in forms;
  • information necessary to evaluate service suitability;
  • documentation voluntarily shared for onboarding assessment.

3.2 Purpose

  • responding to inquiries;
  • preparing proposals;
  • assessing eligibility for products or the Data Space;
  • conducting compliance checks.

3.3 Legal basis

  • Article 6(1)(b) GDPR — pre-contractual measures at your request;
  • Article 6(1)(f) GDPR — legitimate interest in assessing service suitability.

3.4 Retention

If no contractual relationship is established, personal data is deleted or anonymised within a reasonable period unless legal obligations require otherwise.

3.5 Children´s Data

Sheetgo services are not directed to children under 16, and we do not knowingly collect personal data from minors.

4. Use of Sheetgo Products

When you use Sheetgo products:

4.1 Account and subscription data

Sheetgo acts as data controller for:

  • account creation;
  • billing and invoicing;
  • security and authentication;
  • usage monitoring for service integrity.

Legal basis:

  • performance of a contract (Art. 6(1)(b));
  • legitimate interest in service security (Art. 6(1)(f)).

4.2 Customer Data (Content uploaded or processed)

For data uploaded by customers:

Sheetgo acts as a data processor, processing data only on documented instructions.

The applicable Data Processing Agreement (DPA) governs these activities.

Sheetgo does not determine the purposes or means of processing customer content.

Sheetgo does not access or use customer content for its own purposes.

Except for limited technical metadata necessary to operate the service (such as file identifiers, structural headers, connection configuration data, and usage diagnostics), Sheetgo does not store full copies of customer file content within its internal systems. Customer data remains within the customer’s designated storage environment unless explicitly configured otherwise.

4.3 Third-Party Platform Integrations

When customers connect Sheetgo to third-party platforms (including Google Workspace, Microsoft 365, Dropbox, or similar services), Sheetgo may request specific account permissions strictly necessary to enable the requested functionality.

A detailed description of such permissions and data handling practices is available in the Third-Party Integrations & API Data Use Notice, incorporated by reference into this Privacy Policy.

5. Participation in the Sheetgo Data Space

Participation in the Sheetgo Data Space is optional and governed by specific contractual rules.

A separate Data Space Privacy Addendum applies.

5.1 Role differentiation

Depending on the processing activity:

Sheetgo acts as:

  • Data Controller for:
    • onboarding;
    • participation management;
    • logging, traceability, and governance metadata;
    • security monitoring.
  • Limited Data Processor when facilitating technical data exchange between participants.

Participants remain independent data controllers for datasets they designate.

6. Security Measures

Sheetgo implements appropriate technical and organisational measures under Article 32 GDPR, including:

  • encryption in transit and at rest;
  • access control and role-based permissions;
  • logging and traceability;
  • segregation of environments;
  • security monitoring;
  • incident response procedures.

Security practices are periodically reviewed and aligned with recognised industry standards.

Additional information regarding our security, compliance, and audit controls, including independently assessed standards (such as SOC 2 Type II), may be accessed through our Trust Center at https://trust.sheetgo.com/.

7. Service Providers and Subprocessors

Sheetgo may rely on carefully selected service providers for infrastructure, hosting, security, and support.

All subprocessors are subject to:

  • contractual safeguards;
  • confidentiality obligations;
  • GDPR-compliant transfer mechanisms where applicable.

An up-to-date list of core infrastructure subprocessors is available upon request.

8. Processing Locations – International Locations

Sheetgo primarily hosts its infrastructure within the European Union. Certain service providers or support functions may operate from other jurisdictions, including the United States.

Where such cross-border processing occurs, Sheetgo ensures appropriate safeguards under Chapter V GDPR, including Standard Contractual Clauses (SCCs) and, where applicable, supplementary technical and organisational measures.

9. Retention Principles

Personal data is retained:

  • for the duration of the contractual relationship;
  • for applicable statutory limitation periods;
  • for security and audit purposes, where necessary.

Retention periods vary depending on the processing context.

10. Your Rights

Data subjects may request:

  • access;
  • rectification;
  • erasure;
  • restriction;
  • objection;
  • portability.

Requests may be submitted to: [email protected]

Where Sheetgo acts as a processor, requests may be redirected to the relevant controller.

Sheetgo does not perform automated decision-making or profiling within the meaning of Article 22 GDPR in connection with its core services or the Sheetgo Data Space.

If you live in the US, depending on your U.S. state of residence, you may have additional privacy rights under applicable state laws (including, where applicable, California, Colorado, Virginia, Connecticut, and Utah privacy legislation). These rights may include:

  • the right to know what personal information is collected;
  • the right to request deletion;
  • the right to request correction;
  • the right to opt out of targeted advertising;
  • the right to non-discrimination for exercising privacy rights.

Sheetgo does not sell personal data within the meaning of U.S. state privacy laws.

11. Cookies and Tracking Technologies

Sheetgo uses cookies and similar technologies as described in the separate Cookie Policy.

Where required by law, consent is obtained before placing non-essential cookies.

12. Supervisory Authority

Data subjects may lodge a complaint with the competent supervisory authority in their Member State.

13. Updates to this Privacy Policy

This Privacy Policy may be updated to reflect operational or legal changes.

The latest version will always be available on our website.