Legal

Privacy Policy

Last updated: June 5, 2026

This privacy notice for Workestic (“we,” “us,” or “our”) describes how we collect, use, store, and share information when you use Workestic Drive Exporter, our Stripe Dashboard app, and our website at workestic.com (collectively, the “Services”).

Questions? Contact us at support@workestic.com.

1. What information do we collect?

Information you provide through the App

When you onboard Workestic Drive Exporter and connect Google Drive, we process information needed to operate the service:

Information processed during exports (not stored)

When you run an export, Stripe business data (for example customers, payments, or invoices) is read in your browser using Stripe’s platform authentication, sent to our API, and used in memory to create a Google Sheet. We do not persist export payloads. See Stripe data: transit only.

Payment information

If you purchase a paid plan, payment processing is handled by Stripe. We do not store full payment card numbers. Stripe’s privacy policy applies to payment data: stripe.com/privacy.

Information collected automatically

When you visit our website or use our API, our hosting providers may automatically collect limited technical information such as IP address, browser type, device characteristics, referring URL, and timestamps in server logs. We use Google Analytics on our marketing site to understand page views, traffic sources, scrolls, and outbound clicks so we can improve the website and SEO. Google Analytics may set cookies or similar identifiers in your browser.

Sensitive information

We do not intentionally collect sensitive personal information.

2. How do we process your information?

We process personal information to:

We do not use Google user data for advertising, sell personal information, or use it for purposes unrelated to providing the App feature you requested.

3. Stripe data: transit only

We do not store Stripe customer records, invoice rows, payment amounts, or any export payload in our database. Stripe data passes through our backend in memory only long enough to write your Google Sheet, then is discarded. We log export metadata only (account identifier, report type, row count), not request body contents.

4. Google user data

With your consent, we use Google OAuth scopes to create spreadsheets and an app-managed Stripe Exports folder in your Drive. We do not browse your Drive folders, and we do not read or store the contents of your existing Drive files.

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

If you are in the EEA, UK, or Switzerland, we rely on the following legal bases:

You may withdraw consent for Google connection at any time by disconnecting Google Drive in App settings.

6. When and with whom we share information

We share information only as needed to operate the Services:

We have not sold or shared personal information for cross-context behavioral advertising in the preceding twelve (12) months. We do not sell personal information.

7. Data retention and deletion

We retain account settings and encrypted tokens while your installation is active and as needed to provide the Services. When you disconnect Google Drive in App settings, we revoke the token at Google and delete your stored Google connection. When you uninstall the App from Stripe, we delete associated account data (Google connection, settings, usage counters). Export history is kept in your browser session only: not on our servers.

Server logs may be retained for a limited period for security and operations, then deleted or aggregated. Backup copies may persist for a short period before being overwritten.

To request deletion of personal information we hold, email support@workestic.com or see Your privacy rights.

8. How we keep your information safe

We use organizational and technical measures designed to protect personal information, including HTTPS in transit, encryption at rest for OAuth tokens, access controls, and least-privilege infrastructure design. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. International transfers

We and our subprocessors may process information in the United States and other countries. If you access the Services from outside the United States, your information may be transferred to and processed in the United States. Where required, we rely on appropriate safeguards such as standard contractual clauses.

10. Your privacy rights

Depending on your location, you may have the right to request access, correction, deletion, restriction, or portability of your personal information, and to object to or withdraw consent for certain processing. We will respond to verified requests in accordance with applicable law.

To exercise your rights, contact support@workestic.com. We may need to verify your identity before processing a request. You may also use our support page.

EEA and UK

If you believe we are unlawfully processing your personal information, you may lodge a complaint with your local data protection authority.

United States residents

Residents of California, Colorado, Connecticut, Utah, Virginia, and other states with privacy laws may have additional rights, including the right to know what personal information we collect, request deletion, and opt out of certain processing. We do not sell personal information or use it for targeted advertising.

Categories we may collect include:

We use this information only to provide and improve the Services as described in this notice. We will not discriminate against you for exercising privacy rights.

California residents may contact the California Attorney General or, for unresolved complaints, the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs.

11. Minors

The Services are intended for users at least 18 years old. We do not knowingly collect personal information from children under 18. If you believe we have collected such information, contact us and we will delete it.

12. Do-not-track

Some browsers offer a Do-Not-Track (“DNT”) signal. There is no uniform standard for responding to DNT signals. We do not currently respond to DNT browser signals.

13. Updates to this notice

We may update this privacy notice from time to time. The updated version will be indicated by an updated “Last updated” date. Material changes will be posted on this page. We encourage you to review this notice periodically.

14. Contact us

If you have questions about this privacy notice or our privacy practices, contact us at support@workestic.com.