Privacy Policy

This policy applies to all information collected or submitted on Graciax’s website and web application.

Information We Collect

When creating an account, you may be asked to enter a phone number and/or email address. These are used for logging in, responding to queries that you initiate, and notifications that you request.

We store information about your clients/leads and the activities you perform in Graciax. We also collect anonymous, aggregate statistics about product usage to help us improve the service.

Google Sheets & Apps Script data (when you connect Google):

• Access to the current Google Sheet where you run the add-on (only the sheet you select), including cell values and limited metadata in selected ranges.
• Storage of configuration you provide (e.g., panel code, field mappings, selected ranges) and script trigger IDs needed to automate tasks (such as onEdit/onChange/time-based triggers).

Technical Basics

• If you enable notifications, we store a token to send them.
• If you upload files to Graciax, we store them until you delete them.
• We use cookies (and similar local storage) to keep you logged in and remember preferences.
• Our servers may store basic technical information—such as your IP address and device/browser details—in memory or logs for security and reliability.
• For Google integrations, we may store minimal OAuth information (e.g., your Google user ID/email and Apps Script trigger IDs) strictly to operate the features you enable.

Cloudflare

For performance and overload protection, we may direct your traffic through Cloudflare before it reaches Graciax’s servers. Cloudflare has access to basic technical information (e.g., your IP address) to perform this role.

Cloudflare’s privacy policy: https://www.cloudflare.com/privacypolicy/

Analytics

Graciax collects aggregate, anonymous statistics—such as the percentage of users who use particular features—to improve the product.

We do not sell personal information or use Google user data for advertising.

Information Usage

We use the information we collect to operate and improve our website, web app, and customer support.

We do not share personal information with outside parties except to the extent necessary to accomplish Graciax’s functionality—for example, syncing the specific rows you select from your current Google Sheet to your Graciax workspace/CRM and writing back sync statuses—or as required by law.

We may disclose your information in response to legal requirements, to exercise our legal rights, defend against claims, investigate illegal activities, prevent fraud or abuse, or protect our rights and property.

Security

We implement measures to help keep your information secure. All communication with the app and website uses HTTPS. Passwords are hashed using industry-standard methods (e.g., bcrypt). Access to production systems and data is restricted to authorized personnel under least-privilege principles.

Accessing, Changing, or Deleting Your Information

• You may access or change your information in the Graciax web app, or delete your account by contacting Graciax support.
• Deleted information may remain in encrypted backups for up to 90 days and is only accessed if needed for disaster recovery.

Third-party Links and Content

Graciax may display links and content from external sources. These have their own independent privacy policies, and we are not responsible for their content or activities.

International Transfers of Information

Information may be processed, stored, and used outside the country in which you are located. Data privacy laws vary across jurisdictions, and different laws may apply to your data depending on where it is processed, stored, or used.

Data Collected from Google API Services (Including Google Apps Script)

Graciax integrates with Google services (Google Sheets and Apps Script) to power CRM sync and automation features you choose to enable.

• Scopes and consent: We only access Google data according to the scopes you explicitly approve during OAuth/Apps Script authorization. You can revoke access at any time via your Google Account.
• What we access: Only the current spreadsheet you select (specified ranges and any helper/status columns we write), Apps Script trigger IDs and configuration, and your Google user email/profile for authentication and audit purposes.
• How we use it: To read selected rows, perform CRM sync, write back results, show configuration UI, and run automations you enable.
• Sharing/transfer: We may transmit selected sheet data to Graciax’s backend solely to perform the requested sync and return results. We do not share Google user data with third parties for their independent use.
• Retention: Spreadsheet contents remain in your Google account. We store minimal configuration and operational logs only as long as needed to provide the service (typical logs up to 30 days; backups up to 90 days).
• Revocation: You can revoke Graciax’s Google access at any time via your Google Account (Security → Third-party access) and remove associated Apps Script triggers from your sheet.
• Policy compliance: Graciax’s use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Google Privacy Policy: https://policies.google.com/privacy

Google API Services User Data Policy: https://developers.google.com/terms/api-services-user-data-policy

Your Consent

By using our website or web app, you consent to this privacy policy.

Contacting Us

If you have questions regarding this privacy policy, please email support@graciax.com.