Legal
Privacy Policy
Last updated: June 5, 2026
This privacy notice for Workestic (“we,” “us,” or “our”) describes how we collect, use, store, and share information when you use Workestic Drive Exporter, our Stripe Dashboard app, and our website at workestic.com (collectively, the “Services”).
Questions? Contact us at support@workestic.com.
Summary of key points
- Stripe export data is not stored. Export payloads pass through our API in memory only long enough to create your Google Sheet.
- We store account settings only: Stripe account ID, encrypted Google OAuth token, export folder reference, plan tier, and usage counters (not row content).
- Google user data is used only to provide the app: create Sheets in the app-created Stripe Exports folder in your Drive. We do not sell personal information.
- You can disconnect or uninstall to delete stored account data. See Data retention and deletion.
- Depending on where you live, you may have rights to access, correct, or delete personal information. See Your privacy rights.
1. What information do we collect?
Information you provide through the App
When you onboard Workestic Drive Exporter and connect Google Drive, we process information needed to operate the service:
-
Stripe account ID (
acct_…): to identify your installation and enforce plan limits - Google OAuth refresh token: encrypted at rest in Postgres (Neon), keyed per Stripe account, so you do not re-authenticate every export
- Google account email: to show connection status in the App
- Export folder reference: the app-created Stripe Exports folder in Google Drive
- Monthly row count: a number only, for freemium limits (not row content)
- Plan tier: free, plus, or pro
Information processed during exports (not stored)
When you run an export, Stripe business data (for example customers, payments, or invoices) is read in your browser using Stripe’s platform authentication, sent to our API, and used in memory to create a Google Sheet. We do not persist export payloads. See Stripe data: transit only.
Payment information
If you purchase a paid plan, payment processing is handled by Stripe. We do not store full payment card numbers. Stripe’s privacy policy applies to payment data: stripe.com/privacy.
Information collected automatically
When you visit our website or use our API, our hosting providers may automatically collect limited technical information such as IP address, browser type, device characteristics, referring URL, and timestamps in server logs. We use Google Analytics on our marketing site to understand page views, traffic sources, scrolls, and outbound clicks so we can improve the website and SEO. Google Analytics may set cookies or similar identifiers in your browser.
Sensitive information
We do not intentionally collect sensitive personal information.
2. How do we process your information?
We process personal information to:
- Provide, operate, and maintain Workestic Drive Exporter
- Authenticate your Stripe installation and Google connection
- Create Google Sheets in the app-created Stripe Exports folder
- Enforce plan limits and prevent abuse
- Respond to support requests and communicate about the Services
- Comply with legal obligations and protect our rights
- Improve reliability and security of the Services
We do not use Google user data for advertising, sell personal information, or use it for purposes unrelated to providing the App feature you requested.
3. Stripe data: transit only
We do not store Stripe customer records, invoice rows, payment amounts, or any export payload in our database. Stripe data passes through our backend in memory only long enough to write your Google Sheet, then is discarded. We log export metadata only (account identifier, report type, row count), not request body contents.
4. Google user data
With your consent, we use Google OAuth scopes to create spreadsheets and an app-managed Stripe Exports folder in your Drive. We do not browse your Drive folders, and we do not read or store the contents of your existing Drive files.
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
5. Legal bases (EEA, UK, and Switzerland)
If you are in the EEA, UK, or Switzerland, we rely on the following legal bases:
- Performance of a contract: to provide the App, store settings, and process exports you request
- Consent: when you connect Google Drive and authorize OAuth scopes
- Legitimate interests: to secure the Services, prevent abuse, enforce plan limits, and improve reliability, balanced against your rights
- Legal obligation: where required to comply with applicable law
You may withdraw consent for Google connection at any time by disconnecting Google Drive in App settings.
6. When and with whom we share information
We share information only as needed to operate the Services:
-
Service providers (subprocessors): companies that host or support our
infrastructure:
- Google Cloud Run: hosts our API (
api.workestic.com) - Neon: Postgres database for account settings and encrypted tokens
- Google: OAuth, Drive, and Sheets APIs
- Stripe: Dashboard app platform, install context, and billing
- Netlify: hosts this website (
workestic.com) - Cloudflare: DNS and email routing for our domain
- Google Cloud Run: hosts our API (
- Legal and safety: if required by law, court order, or to protect rights, safety, and security
- Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this privacy notice
We have not sold or shared personal information for cross-context behavioral advertising in the preceding twelve (12) months. We do not sell personal information.
7. Data retention and deletion
We retain account settings and encrypted tokens while your installation is active and as needed to provide the Services. When you disconnect Google Drive in App settings, we revoke the token at Google and delete your stored Google connection. When you uninstall the App from Stripe, we delete associated account data (Google connection, settings, usage counters). Export history is kept in your browser session only: not on our servers.
Server logs may be retained for a limited period for security and operations, then deleted or aggregated. Backup copies may persist for a short period before being overwritten.
To request deletion of personal information we hold, email support@workestic.com or see Your privacy rights.
8. How we keep your information safe
We use organizational and technical measures designed to protect personal information, including HTTPS in transit, encryption at rest for OAuth tokens, access controls, and least-privilege infrastructure design. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
9. International transfers
We and our subprocessors may process information in the United States and other countries. If you access the Services from outside the United States, your information may be transferred to and processed in the United States. Where required, we rely on appropriate safeguards such as standard contractual clauses.
10. Your privacy rights
Depending on your location, you may have the right to request access, correction, deletion, restriction, or portability of your personal information, and to object to or withdraw consent for certain processing. We will respond to verified requests in accordance with applicable law.
To exercise your rights, contact support@workestic.com. We may need to verify your identity before processing a request. You may also use our support page.
EEA and UK
If you believe we are unlawfully processing your personal information, you may lodge a complaint with your local data protection authority.
United States residents
Residents of California, Colorado, Connecticut, Utah, Virginia, and other states with privacy laws may have additional rights, including the right to know what personal information we collect, request deletion, and opt out of certain processing. We do not sell personal information or use it for targeted advertising.
Categories we may collect include:
- Identifiers: Stripe account ID, Google email, IP address in logs
- Internet or network activity: App and API usage metadata, server logs
- Commercial information: plan tier and billing status (if you subscribe)
We use this information only to provide and improve the Services as described in this notice. We will not discriminate against you for exercising privacy rights.
California residents may contact the California Attorney General or, for unresolved complaints, the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs.
11. Minors
The Services are intended for users at least 18 years old. We do not knowingly collect personal information from children under 18. If you believe we have collected such information, contact us and we will delete it.
12. Do-not-track
Some browsers offer a Do-Not-Track (“DNT”) signal. There is no uniform standard for responding to DNT signals. We do not currently respond to DNT browser signals.
13. Updates to this notice
We may update this privacy notice from time to time. The updated version will be indicated by an updated “Last updated” date. Material changes will be posted on this page. We encourage you to review this notice periodically.
14. Contact us
If you have questions about this privacy notice or our privacy practices, contact us at support@workestic.com.