Legal

Data Processing Addendum

Effective date: July 9, 2026

This Data Processing Addendum (DPA) applies when a customer uses SheetRender to process personal data subject to applicable data protection law. It supplements the Terms of Service. Where this DPA applies, the customer is the controller and SheetRender is the processor for customer content processed through the Service.

Scope and instructions

SheetRender will process personal data only to provide, secure, and support the Service, as documented in the Terms and Privacy Policy, and on the customer's documented instructions. Customer instructions include configuring the Service, uploading content, generating documents, scheduling jobs, and selecting delivery recipients.

Processing details

The processing lasts for the customer's use of the Service and any applicable retention period. It includes storage, organization, rendering, AI-assisted template generation and editing, delivery, deletion, and support of customer content.

Data subjects may include the customer's personnel, customers, prospects, vendors, and document recipients. Personal data may include contact details, employment or customer records, spreadsheet fields, document content, and other information the customer chooses to upload. The customer must not use the Service for data it is prohibited from sharing with SheetRender.

Customer responsibilities

The customer is responsible for establishing a lawful basis for processing, providing required notices, responding to data-subject requests, and ensuring its instructions comply with applicable law. The customer remains responsible for the accuracy and lawfulness of the content and recipients it supplies.

Confidentiality and security

SheetRender will limit personal-data access to personnel and service providers who need it to operate the Service and who are bound by confidentiality obligations. We will maintain reasonable technical and organizational measures appropriate to the nature of the processing, and will notify the customer of a confirmed personal-data breach without undue delay when required by applicable law.

Subprocessors

The customer authorizes SheetRender to use subprocessors needed to provide the Service. Current categories include AI processing (Anthropic), authentication and user-authorized spreadsheet access (Google when the customer uses those features), email delivery (Resend or an SMTP provider when the customer sends email), error monitoring (Sentry), and hosting and object storage providers.

SheetRender will require subprocessors to protect personal data consistently with this DPA and remains responsible for their processing to the extent required by applicable law.

Assistance, transfers, and deletion

Taking account of the nature of processing, SheetRender will provide reasonable information to help customers meet applicable security, breach-notification, data-subject-request, and assessment obligations. Processing may occur in countries where SheetRender or its providers operate; where required, we will use an appropriate transfer mechanism.

At the end of the customer's use of the Service, the customer can delete its account and content through the Service. Backup copies may remain for a limited period under normal backup rotation before deletion.

Contact

For DPA or data-processing questions, contact contact@sheetrender.com.