Privacy Policy

The short version

• We move your Gong calls into your own Google Sheet. The call content lives in your Google account, not on our servers.
• We store only what we need to run the Service: your account email, your encrypted Gong and Google credentials, and the call IDs needed to avoid duplicate writes.
• We request a single Google permission — the ability to manage spreadsheets Gong2Sheets creates. We never sell your data.

Information we collect

We collect only what the Service needs to function:

• Account information. The email address you use to sign in. We authenticate with a one-time code, so we do not store a password.
• Gong credentials. The Gong API access key, secret, and base URL you provide. The secret is encrypted at rest and is never displayed back to you.
• Google account connection. When you connect Google, we receive an OAuth token (stored encrypted) and your Google account email, used to label the connection and write to your sheets.
• Sync metadata. The filters you configure, the destination spreadsheet ID, and the IDs and timestamps of calls already synced — so we don’t write the same call twice.

What we do not store: we do not retain your call recordings, transcripts, or other call content on our servers. That data is fetched from Gong and written directly to your Google Sheet.

How we use Google user data

Gong2Sheets requests the https://www.googleapis.com/auth/spreadsheets scope, plus basic OpenID scopes (openid, email) to identify the Google account you connect. We use this access solely to:

• create a destination spreadsheet for a sync, if you ask us to;
• write and append your matching Gong calls to that spreadsheet.

Gong2Sheets only accesses spreadsheets it creates or that you explicitly point a sync at. It does not read, list, or modify any other files in your Google Drive.

Limited Use disclosure

Gong2Sheets’ use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, and we do not sell it or transfer it to third parties except as needed to provide the Service or as required by law.

How your data is protected

• Sensitive credentials (your Gong secret and Google token) are encrypted at rest with AES-256-GCM.
• Data is isolated per user with row-level security, so accounts can only access their own records.
• All traffic is served over HTTPS.

Service providers

We rely on a small set of vendors to operate the Service. Each processes data only to provide their function:

• Supabase — authentication and our application database.
• Vercel — application hosting.
• Resend — delivery of one-time sign-in codes.
• Gong — the source of your call data (accessed with credentials you provide).
• Google — the destination for your call data (your Google Sheets).

Data retention and deletion

We keep your account and sync data for as long as your account is active. You can delete a sync (which removes its stored call IDs) or disconnect Gong or Google at any time from within the app. Disconnecting Google revokes our access token. To delete your account and all associated records, contact us at the address below.

Your choices

• Revoke Gong2Sheets’ access to Google anytime from your Google Account permissions.
• Disconnect Gong or delete syncs from the app.
• Request account deletion by email.

Changes to this policy

We may update this policy from time to time. Material changes will be reflected by the “Last updated” date above.

Contact

Questions about this policy or your data? Email support@gong2sheets.com.