Legal

Privacy Policy

Last updated: November 21, 2025

1. Introduction

This Privacy Policy describes how buildsheet (“we”, “us”, or “our”) collects, uses, stores, and protects your personal information when you use our Service.

We are an sole proprietorship registered in Hungary, and we are committed to protecting your privacy in accordance with:

  • EU General Data Protection Regulation (GDPR)
  • Hungarian data protection laws
  • Other applicable privacy regulations

2. Data Controller Information

Business Type: Sole Proprietorship

Country: Hungary

Contact Email: hello@usegrand.app

Website: https://buildsheet.one

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

  • Email address: For account identification, authentication, and communication
  • Full name: For personalization and invoicing purposes
  • Password: Securely hashed using bcrypt (we never store plain-text passwords)
  • Account status: Whether your account is active or disabled
  • Registration date: When you created your account

3.2 Billing and Payment Information

When you make a purchase, we collect:

  • Billing address: Street address, city, state/province, postal code, and country
  • Payment transaction data: Amount, currency, payment status, transaction IDs (processed by Stripe)
  • Invoice data: Generated and stored via Billingo in compliance with Hungarian tax regulations

3.3 Usage Data

3.4 Content Data

When you use the builder, we store:

  • Cheatsheet content, layout, and metadata

4. How We Use Your Information

  • Provide, operate, and maintain the Service
  • Process payments and generate invoices
  • Send transactional emails (password reset, account updates)
  • Improve the Service and develop new features
  • Prevent fraud, abuse, and unauthorized access
  • Provide customer support and respond to your inquiries

5. Legal Basis for Processing

We process your data based on the following legal grounds under GDPR:

  • Contractual necessity: To provide the Service and process your orders
  • Legitimate interests: To improve the Service, prevent abuse, and ensure security
  • Legal obligation: To comply with tax, invoicing, and financial reporting requirements
  • Consent: For specific processing activities where required by law

6. Data Sharing & Third Parties

We do not sell your personal data. We share your data only with:

  • Stripe: For payment processing
  • Billingo: For invoicing and tax compliance
  • Cloud infrastructure providers: For secure hosting and storage
  • Email service providers: For transactional messages

Each provider processes data on our behalf under strict data protection agreements.

7. Google User Data (OAuth)

When you choose to sign in with Google, we access certain Google user data through OAuth 2.0 in accordance with the Google API Services User Data Policy and the Google APIs Terms of Service. We never request access to Gmail, Drive, Calendar, contacts, or any other sensitive scopes beyond basic profile information.

7.1 Data Accessed

The corresponding data points collected are:

  • Google account ID
  • Primary email address
  • Full name
  • OAuth access (stored securely)

7.2 How We Use Google Data

  • Authenticate you via Google Sign-In
  • Create or link your buildsheet account
  • Prevent duplicate accounts and detect abuse
  • Display your name in the application interface

We do not use Google user data for advertising, profiling, or marketing purposes, and we never sell this data to third parties.

7.3 Storage & Sharing of Google Data

  • OAuth tokens are stored server-side, encrypted at rest, and are only used to maintain your authenticated session.
  • Profile information is stored in our database alongside your account and is protected by the same security controls described in Section 8.
  • Google user data is never shared outside of necessary sub-processors (cloud hosting, authentication middleware) who operate under contractual data protection terms.

7.4 Retention & Deletion

Google user data is retained for as long as your buildsheet account remains active. When you delete your account or revoke access via your Google Account settings, we delete the Google OAuth tokens from our systems. You may revoke our access at any time by visiting myaccount.google.com/permissions.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Policy:

  • Account data: retained while your account is active and for 12 months after closure
  • Billing/invoicing data: retained for at least 8 years (Hungarian tax law requirement)
  • Content data: retained until you delete the content or request account deletion

9. Security Measures

We implement technical and organizational measures to protect your data, including:

  • Encryption in transit (HTTPS/TLS) and at rest for sensitive data
  • Secure password storage using bcrypt
  • Regular backups and monitoring for suspicious activity

10. Your Rights Under GDPR

You have the right to:

  • Access, update, or delete your personal data
  • Request a copy of your data in a portable format
  • Restrict or object to certain processing activities
  • Withdraw consent where processing is based on consent
  • File a complaint with your local data protection authority

To exercise these rights, contact hello@usegrand.app.

11. International Data Transfers

Your data may be processed by servers located in the European Union or other jurisdictions with adequate data protection laws. Where transfers occur outside the EU, we implement appropriate safeguards such as Standard Contractual Clauses.

12. Cookies & Tracking

We use essential cookies to maintain sessions and track basic usage analytics. You can control cookies via your browser settings. Non-essential cookies will only be used with your consent.

13. Changes to This Policy

We may update this Privacy Policy periodically. When we do, we will update the “Last Updated” date at the top of this page. Continued use of the Service indicates acceptance of the updated policy.

14. Contact

If you have any questions regarding this Privacy Policy, please contact us at hello@usegrand.app.