Trust center

Privacy policy

SheetFit is designed around coach-owned Google Sheets, narrow permissions, and self-service control over personal data.

Effective 11 July 2026

Who controls the data

The SheetFit account holder is the controller for client information they enter or connect. SheetFit acts as a processor for that client data and as a controller for account, billing, security, and service-usage information. Privacy requests can be sent to privacy@sheetfit.app.

What we process

  • Coach profile, email, business identity, time zone, security events, and consent choices.
  • Client names, optional email addresses, goals, program snapshots, access status, workout activity, loads, repetitions, RPE, and notes.
  • Encrypted Google OAuth refresh tokens and IDs for files the coach selects or SheetFit creates.
  • Stripe customer, subscription, invoice, and payment-status identifiers. SheetFit does not receive full card numbers.
  • Operational logs such as request time, error category, and security events. Workout notes and client names are excluded from analytics properties.

Why and how long

We process data to provide the service, secure accounts, synchronize workouts, deliver requested notices, administer subscriptions, comply with law, and—only after explicit consent—improve product usability. Coaches can choose an inactive-client retention period or keep records until account deletion. Security logs and legally required billing records may be retained for the period required by applicable law.

Service providers and transfers

SheetFit uses Firebase Authentication and Firestore, Google Drive and Sheets APIs, Stripe Billing, Vercel hosting and scheduled functions, and Resend transactional email. These providers may process data in the United States or other countries under their contractual transfer mechanisms. Google access uses the narrow drive.file scope and does not grant access to unrelated Drive files.

Your controls

Account settings provide portable export, consent history, retention choices, Drive disconnection, password replacement, all-device logout, and permanent deletion. Account deletion keeps Google files by default; deleting the SheetFit Drive folder requires a separate explicit choice.

Your rights

Depending on location, you may request access, correction, portability, restriction, objection, or deletion and may complain to a supervisory authority. Coaches should handle their clients’ requests through the self-service controls or contact us when assistance is needed.

Security and children

Server-verified sessions, encrypted OAuth tokens, hashed client-link tokens, replay-safe billing webhooks, least-privilege Firestore rules, and audit events protect the service. No online system is risk-free. SheetFit is for professional coaches and is not directed to children; coaches must have a lawful basis and any required guardian consent before entering minor data.