Privacy Policy
Last updated: November 18, 2025
👋 Overview
Invoice2Sheets was built by Björn Schefzyk to automate invoice processing. This privacy policy explains how we handle your data, with specific details about how we access, use, store, and protect your Google user data in compliance with the Google API Services User Data Policy.
📋 Google User Data We Access
Specific types of Google data we access:
- Google Account Profile: Your email address, name, and profile picture (used for authentication and identification)
- Google Sheets: Read and write access to the specific spreadsheet you select (to write extracted invoice data)
- Google Drive: Read and write access to the specific folder you select (to store your invoice PDF files)
We only access the specific Google Sheets spreadsheet and Google Drive folder that you explicitly grant us permission to use. We do not access any other files, folders, or spreadsheets in your Google account.
🎯 How We Use Google User Data
Google Sheets: We write extracted invoice data (vendor names, amounts, dates, etc.) to the specific spreadsheet and tab you select. We only write data—we do not read existing data from your sheets except to verify the connection is working.
Google Drive: We upload your invoice PDF files to the specific folder you select, using structured naming (e.g., "2025-11-18_Vendor_Amount.pdf"). We do not access, modify, or read any other files in your Drive.
Google Account Profile: We use your email and name to identify you in our system and display your profile in the dashboard. Your profile picture is optional and only used for display purposes.
🔄 Data Processing Flow
When you upload an invoice PDF:
- The PDF is converted to text on our servers
- The text is sent to AI services (Claude, ChatGPT, or others via OpenRouter.ai) for data extraction
- Extracted data is written directly to YOUR Google Sheets
- The original PDF is uploaded directly to YOUR Google Drive
- The PDF and extracted text are NOT stored on our servers
🔒 Data Storage & Protection
What we DO store:
- Your Google account email and name (for authentication)
- OAuth tokens (encrypted) that allow us to access your Google Sheets and Drive
- Minimal usage logs: timestamps, success/failure status, file names (for debugging)
What we DO NOT store:
- Your invoice PDFs (stored in YOUR Google Drive only)
- Extracted invoice data (stored in YOUR Google Sheets only)
- The text content of your invoices
Security measures:
- All connections use HTTPS encryption
- OAuth tokens are encrypted at rest
- Your Google password is never seen or stored by us (handled by Google OAuth)
- Access to your data is limited to what you explicitly grant
🤝 Data Sharing with Third Parties
AI Service Providers (OpenRouter.ai): The text content extracted from your invoice PDFs is temporarily sent to AI language models (primarily Claude, but also ChatGPT and others) to extract structured data. These AI providers may use the data sent to them for training purposes according to their own privacy policies. Only the text content is shared—never the PDF files themselves.
Google: Your data is written to YOUR Google Sheets and Drive. Google has access to this data per their own privacy policies since it's stored in your Google account.
Firebase: We use Firebase for user authentication. Firebase stores your email and authentication data per Google's Firebase privacy policy.
We do NOT:
- Sell your data to anyone
- Share your data with advertisers
- Use your data for any purpose other than providing the invoice processing service
⏱️ Data Retention & Deletion
How long we keep data:
- Account information (email, name): Until you delete your account
- OAuth tokens: Until you disconnect your Google account or revoke access
- Usage logs: 90 days, then automatically deleted
- Invoice PDFs and extracted data: We don't store these—they exist only in YOUR Google account
How to request data deletion:
- Email us at bjoern.schefzyk@gmail.com requesting account deletion
- We will delete your account and all associated data within 7 business days
- You can also revoke our access through your Google Account permissions page at any time
- Note: Data already written to your Google Sheets/Drive will remain in your Google account—you control that data directly
🔐 Your Rights & Control
You have complete control over your data:
- Access: Email us to request a copy of all data we have about you
- Disconnect: Revoke access through your Google Account settings at any time
- Delete: Request full account deletion at any time
- Limit Access: You choose which specific Google Sheets and Drive folder we can access
🍪 Cookies
We use minimal cookies to keep you logged in. No tracking cookies, no advertising cookies.
📧 Contact
Questions? Email us at bjoern.schefzyk@gmail.com. Want to know more about the maker? Visit Björn Schefzyk.
📝 Changes to This Policy
If we update this policy, we'll post the new version here and update the date at the top. For major changes, we'll send you an email.
🔗 Compliance
This privacy policy complies with:
- Google API Services User Data Policy
- Google APIs Terms of Service
- German data protection laws (GDPR)