SEWPOINT
← SEWPOINT

Privacy Policy

Last updated: 2026-03-29

1. Introduction

SEWPOINT ("we," "our," or "us") provides an AI-powered editing assistant for Google Slides, delivered as a web application and Chrome browser extension (collectively, the "Service"). This Privacy Policy describes how we collect, use, store, and protect your information when you use the Service.

By accessing or using SEWPOINT, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with these practices, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you register, we collect your email address. If you sign in with Google, we also receive your Google account display name and profile picture. Passwords are hashed by Supabase and are never visible or stored in plaintext by us.

2.2 Google Workspace Data

To provide core editing features, the Service accesses your Google Slides and Google Sheets data via the Google API, which may include:

  • Slide and sheet identifiers, page dimensions, and background settings
  • Element layout and formatting (positions, sizes, fonts, colors, alignment)
  • Text content, table structures, and chart data
  • Slide thumbnails fetched temporarily for AI visual analysis

This data is processed transiently to fulfill your request and is not permanently stored after the task completes. Default transient retention is up to 15 days; you may configure a shorter period or request immediate deletion at any time from your account settings.

2.3 Usage and Operational Logs

We automatically record operational data including:

  • Timestamps of API requests (UTC)
  • Operation type (e.g., slide modification, template generation)
  • AI model token usage and estimated cost per request
  • Credits consumed per operation

This data is used for billing, rate limiting, and service improvement.

2.4 User-Generated Content

We store content you create within the Service, including style guide templates, template names, and natural-language editing instructions you submit.

2.5 Technical and Device Information

Our hosting infrastructure may log your IP address, HTTP User-Agent string, referrer URL, and request timestamps. This information is used for rate limiting, security monitoring, and abuse prevention.

2.6 Payment Information

<!-- STRIPE_PLACEHOLDER: Update when Stripe is integrated -->

Payment processing will be handled by Stripe, a PCI DSS-compliant third-party processor. We will never store your full credit card number or raw payment credentials on our servers. We will store only your Stripe customer ID, subscription status, credits balance, and transaction records (timestamps, amounts, descriptions). This section will be updated once payment features are live.

2.7 Chrome Extension Data

The SEWPOINT Chrome extension reads the active tab URL only when you are on a Google Slides or Google Sheets page (domains: docs.google.com/presentation/*, docs.google.com/spreadsheets/*). This is used solely to identify the document you are working on. The extension does not access tabs outside these domains, capture screenshots, or record any input beyond what you explicitly submit.

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service: authenticate you, execute slide editing tasks, generate style templates, and manage your account
  • Process payments: manage subscriptions, credits, and billing (when available)
  • Improve the Service: analyze usage patterns, diagnose issues, and develop new features
  • Communicate with you: send account-related notifications and respond to support requests
  • Ensure security: detect and prevent fraud, abuse, and unauthorized access
  • Comply with legal obligations: respond to lawful requests from competent authorities

4. Google API Data Use Disclosure

SEWPOINT's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We access Google Slides and Sheets data only to provide the editing and template features you explicitly request.
  • We do not use Google API data for advertising, user profiling, or resale to any third party.
  • We do not allow employees or contractors to read your Google API data, except: (a) with your explicit consent, (b) for security investigation, or (c) as required by law.
  • We transfer Google API data to third-party AI inference providers only as necessary to fulfill your request, with appropriate data minimization.

OAuth scopes we request:

  • https://www.googleapis.com/auth/presentations — read and modify your Google Slides
  • https://www.googleapis.com/auth/presentations.readonly — read-only access to Slides
  • https://www.googleapis.com/auth/spreadsheets — read and modify linked Google Sheets
  • https://www.googleapis.com/auth/spreadsheets.readonly — read-only access to Sheets

You may revoke these permissions at any time via your Google Account settings.

5. Third-Party Service Providers

We share data with the following categories of service providers solely to operate the Service. We do not sell your personal information.

ProviderRoleData Shared
SupabaseDatabase & authenticationAccount data, usage logs, templates
VercelFrontend hostingHTTP request logs, IP addresses (transient)
AI inference providers (e.g., OpenRouter, Fireworks AI, AWS Bedrock)Language model processingProcessed slide data, editing instructions
Image generation providers (e.g., Runware, DeepInfra)Visual asset creationImage prompts, reference images
Brave SearchWeb search for content enrichmentSearch queries
Stripe (planned)Payment processingBilling email; payment method handled entirely by Stripe

AI providers process data in-flight. Where possible, we configure providers to minimize data retention on their end.

6. Data Retention

Data typeRetention period
Account data (email, profile, auth tokens)Until account deletion; all data removed within 30 days of deletion
Usage logs (timestamps, token counts, costs)Retained for billing and dispute resolution; deletion requests subject to legal obligations
Templates (user-saved style guides)Until manually deleted by you or upon account deletion
Transient Google Workspace data15 days by default; configurable shorter. Immediately deleted on request
Analytics data (when implemented)Aggregated/anonymized; up to 2 years

7. Data Security

We implement industry-standard security measures including:

  • Encryption of data in transit (TLS 1.2+) and at rest
  • OAuth tokens stored encrypted via Supabase
  • Role-based access controls
  • Secure HTTP-only session cookies

No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we will notify you in the event of a breach affecting your personal data as required by applicable law.

8. Your Privacy Rights

8.1 EEA and UK Residents (GDPR / UK GDPR)

If you are located in the European Economic Area or the United Kingdom, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your personal data ("right to be forgotten")
  • Restrict processing of your data in certain circumstances
  • Object to processing based on our legitimate interests
  • Data portability — receive your data in a structured, machine-readable format
  • Withdraw consent at any time where processing is based on consent
  • Lodge a complaint with your national supervisory authority (e.g., the ICO in the UK, or your local DPA in the EU)

Our legal bases for processing are: contract performance (providing the Service), legitimate interests (security, service improvement), consent (where applicable), and legal obligation.

8.2 California Residents (CCPA / CPRA)

California residents have the right to:

  • Know what personal information we collect, use, disclose, or sell
  • Delete personal information we hold about you
  • Correct inaccurate personal information
  • Opt out of the sale or sharing of personal information — we do not sell your information
  • Non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at the address below.

9. International Data Transfers

Your data may be processed in the United States or other countries where our service providers operate. When transferring personal data outside the EEA or UK, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms, to ensure your data receives adequate protection consistent with this Privacy Policy.

10. Children's Privacy

SEWPOINT is not directed at individuals under the age of 16 (or 13 in jurisdictions where this is the minimum age of digital consent). We do not knowingly collect personal data from children. If we become aware that a child has registered, we will promptly delete their data. Parents or guardians may contact us to request deletion of a child's data.

11. Cookies and Tracking

We use essential cookies for authentication and session management only. We do not currently use advertising or third-party tracking cookies. If we introduce analytics in the future, we will use privacy-respecting, cookieless solutions where possible and update this section accordingly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The revised "Last updated" date at the top reflects the most recent version. We will notify registered users of material changes via email or in-app notification before they take effect. Continued use of the Service after notification constitutes acceptance of the updated policy.

13. Contact Us

For privacy inquiries, data access or deletion requests, or to exercise your rights under applicable law, please contact us:

Email: admin@sewpoint.app

Mail: SEWPOINT 30 N Gould St Ste R Sheridan, WY 82801 United States

← Back to SEWPOINT
Privacy PolicyTerms & Conditionsadmin@sewpoint.app