Privacy Policy

Last Updated: 27 August 2025

This Privacy Policy explains how SandeshAI ("SandeshAI", "we", "us", "our") collects, uses, stores, shares, retains, and deletes information when you use:

The WhatsApp Sender & Automation for Google Sheets ("Add-on")
Our website, related web dashboards, and APIs
Support and communication channels (email or forms)

This updated version preserves core elements of the earlier SandeshAI privacy statement while adding explicit disclosures required by Google OAuth verification (Google user data scope, retention, and deletion). If anything here conflicts with older posted text, this version controls.

1. About Us

SandeshAI is committed to ensuring that your privacy is protected. We process personal data in accordance with applicable data protection laws and best-practice principles of transparency, minimization, security, and user control.

2. Purpose of This Privacy Statement & Changes

This Privacy Policy explains how we collect, store, share, and use personal information when you use our website, WhatsApp Sender & Automation for Google Sheets, or related services. It describes what data we access, why we access it, how long we retain it, and how you can exercise control (including deletion).

We may update this Policy from time to time. Material changes will appear with an updated "Last Updated" date. Continued use after changes indicates acceptance.

3. Key Definitions

Google User Data: Data obtained via Google OAuth scopes you authorize for the Add-on.
Active Spreadsheet: The specific Google Sheet in which the Add-on executes.
Configuration Data: Add-on settings (API key, campaign name, rule mappings, message templates).

4. General & Legacy Data Categories

Historically our broader platform privacy wording covered potential collection of contact details, usage logs, support communications, and optional user-generated content (UGC). We currently do not operate public forums; references to "forums/blog submissions" in earlier versions are retained only for historical continuity and do not reflect active collection if such features are disabled.

We may collect:

Name (if voluntarily supplied in support or account signup forms)
Email address (for support, credentials management, notifications)
API usage metrics (aggregate success/error counters)
Operational metadata (timestamps, hashed identifiers)

We do NOT intentionally collect sensitive categories (e.g., government IDs, financial account numbers) unless you choose to include such data in spreadsheet cells—please avoid including sensitive data in fields used for messaging automation.

5. Google User Data (WhatsApp Sender & Automation for Google Sheets)

The Add-on currently requests the following OAuth scopes:

https://www.googleapis.com/auth/spreadsheets.currentonly – read/write only the active spreadsheet.
https://www.googleapis.com/auth/script.external_request – send HTTPS requests to SandeshAI’s API.
https://www.googleapis.com/auth/script.scriptapp – create/manage triggers (time/form/edit).
https://www.googleapis.com/auth/script.container.ui – render sidebar and dialogs for configuration/logs.

We deliberately avoid broader Drive browsing scopes. We do not list or access other files outside the active spreadsheet context.

Google User Data We Access Within the Active Spreadsheet

Cell values in configured rows/columns necessary to compose WhatsApp messages.
Sheet structure (tab names, range identifiers) to execute automation logic.
Log tab content that our Add-on writes (status, timestamp, message ID/error code).
Trigger metadata (IDs, type, schedule) needed to manage automated events.

Data We Do NOT Access

Other Drive file contents outside the active sheet
Gmail messages, Contacts, Calendar events, profile photos
Drive-wide metadata enumeration

6. How We Use Data

Execute user-authorized automation rules (read row → send message → log result).
Store encrypted API key & campaign name to authenticate messaging actions.
Maintain installable triggers (time-based, onFormSubmit, onEdit) for automation continuity.
Provide in-product UI for setup, monitoring, deletion, and support links.
Perform troubleshooting and limited aggregate performance metrics (without raw content replication).
Respond to support inquiries and improve reliability.

We do NOT sell Google user data, and we do NOT use spreadsheet content to build advertising profiles.

8. Data Retention

Retention periods (default maximums unless user deletes earlier):

Category	Storage Location	Retention
Spreadsheet cell data	User’s active sheet only	User-controlled; not copied externally
Log & configuration tabs	Active spreadsheet	Until user deletes/clears
API key & campaign name	Encrypted Apps Script properties	Until user deletion or 180 days inactivity
Operational logs (no raw content)	Secure server logs	30 days rolling
Support email threads	Support inbox	Up to 24 months or on request
Encrypted backups	Backup storage	≤30 days after source deletion

When a retention period ends, data is securely deleted or anonymized unless legal obligations require delay.

9. Deletion & User Controls

In the Add-on sidebar (Settings), you can:

Delete Credentials: Removes stored API key & campaign (purged ≤24h; backups ≤30 days).
Clear Logs: Deletes the dedicated log sheet tab (irreversible).
Disable Triggers: Stops further automated reads or external requests.

You may also manually delete or modify any spreadsheet rows or tabs. For deletion of server-side operational or support data, email contact@sandeshai.com from the associated Google Account; we fulfill requests within 30 days (typically <7 days).

10. Information Security

We implement technical and organizational safeguards proportionate to the sensitivity of data:

HTTPS/TLS for data in transit
Encrypted credential storage
Least-privilege, role-based internal access controls
Monitoring and anomaly detection
Integrity and access logging
Periodic key and secret rotation

No system is completely secure; you should avoid placing sensitive personal data in spreadsheet columns used for automation and limit sharing of the sheet to trusted collaborators.

11. International Data Transfers

Infrastructure or service providers may process data in jurisdictions outside your own. Equivalent security measures apply irrespective of location.

12. No Sale or Secondary Use

We do not sell, rent, or trade Google user data. We do not repurpose spreadsheet contents for advertising, profiling, or unrelated analytics.

13. AI / Machine Learning

We do not currently train generalized AI/ML models on Google Sheets content processed through the Add-on. If optional AI features are introduced in the future, we will provide a conspicuous notice and request additional consent before any such processing.

14. Children’s Privacy

The service is intended for users aged 18+. If we become aware of data from a user under 18 without proper authorization, we will delete it promptly.

15. Your Rights & Access

Subject to applicable law, you may request to:

Access a description of data categories associated with your usage
Correct inaccuracies in stored configuration data
Delete stored credentials, logs, and operational metadata (self-service or by request)
Restrict processing (by disabling triggers or uninstalling the Add-on)

Requests can be initiated via in-product controls or by emailing contact@sandeshai.com.

16. Changes to This Policy

We will post any changes at this URL. Material changes may also appear in Add-on release notes or a prominent banner. Continued use after the revised date constitutes acceptance.

17. Contact

For questions, data access, or deletion requests please email: contact@sandeshai.com

Include: (a) your Google Account email, (b) description of request, (c) approximate date/time of automation if relevant. Do not send raw spreadsheet contents unless necessary.