Privacy Policy

2.1 Core Functional Processing

• Profile Auditing & Analysis: Processing your pasted profile text and social media data to identify growth opportunities, analyze current performance patterns, and recommend optimization strategies.
• AI-Powered Content Generation: Using your brand parameters, target audience definitions, and historical content data to generate platform-specific posts, captions, and hashtag strategies via Google Gemini AI API integration.
• Strategy Development: Translating your interview responses and business objectives into structured 30/60/90-day content calendars and actionable growth roadmaps.
• Dashboard Population: Programmatically writing generated strategies, content calendars, task lists, KPI trackers, and analytics dashboards back into your active Google Sheet.

2.2 User Experience Enhancement

• Preference Persistence: Saving your brand voice settings, target audience profiles, content tone preferences, and API configurations locally so you can regenerate content without re-entering your details.
• Workflow Automation: Automating repetitive content planning tasks, scheduling calculations, and performance tracking to reduce manual effort and save operational time.
• Template Customization: Adapting pre-built dashboard templates and content frameworks to match your specific industry, niche, and growth objectives.

2.3 Analytics & Improvement

• Usage Metrics: Anonymous aggregation of feature usage patterns to improve Application functionality and prioritize future development (processed separately from your identifiable Google User Data).
• Error Diagnostics: Processing error logs and execution failures to troubleshoot issues and maintain Application stability.

Google Gemini AI API (Google Cloud)

Purpose: To power AI-driven content generation, profile analysis, and strategy recommendations.

Data Transmitted: Your profile text, brand parameters, target audience definitions, and content requests are transmitted to Google Gemini AI API (generativelanguage.googleapis.com) via encrypted HTTPS connection.

Important Note: This data flows directly from your Google Sheets environment to Google Cloud's AI infrastructure. ZackFlow developers never see, receive, proxy, or store this data on external servers. The transmission is secured using industry-standard TLS/SSL encryption.

Google Workspace Infrastructure

Purpose: To maintain Application functionality within your Google environment.

All user data is inherently stored within your own Google Workspace (Google Drive, Google Sheets, Apps Script Properties). This means your data is protected by Google's own security infrastructure and access controls. We do not extract or transfer this data to any external database or cloud storage under our control.

Legal Compliance & Protection

We may disclose your Google User Data if required to do so by law, regulation, legal process, or governmental request.

We may also share data to:

• Protect the rights, property, or safety of ZackFlow, our users, or the public
• Enforce our Terms of Service or other agreements
• Investigate or address suspected security vulnerabilities or breaches
• Respond to emergencies or prevent fraud/illegal activity

4.1 Storage Architecture

• Google Drive Native Storage: All strategic plans, content calendars, audits, and generated content reside exclusively within your Google Drive as Google Sheets files. These files are protected by Google's access controls and encryption.
• Apps Script PropertiesService: Your API keys, preferences, and configuration settings are stored in Google Apps Script's PropertiesService. This data is encrypted at rest by Google and is completely inaccessible to ZackFlow developers or any external party.
• No External Data Repositories: We do not maintain, operate, or have access to any external database, cloud storage bucket, or server that contains your Google User Data.

4.2 Security Measures

• Encryption in Transit: All API communications, including transmissions to Google Gemini AI API, are performed exclusively over HTTPS using TLS 1.2 or higher encryption protocols.
• Encryption at Rest: Your data stored within Google Sheets and Apps Script Properties is encrypted at rest by Google's infrastructure using AES-256 or equivalent encryption standards.
• Access Controls: Access to your Google User Data is restricted to users who have been granted explicit permissions to the Google Sheet where the Application is installed. The Application respects and enforces Google's native sharing and permission settings.
• Principle of Least Privilege: The Application requests only the minimum OAuth scopes necessary to function (specifically, access to the active spreadsheet). We do not request broad Drive or account-wide permissions.
• Regular Security Audits: We periodically review our code and data handling practices to identify and remediate potential vulnerabilities.

4.3 Data Breach Response

While the risk is minimal given our architecture, in the unlikely event of a confirmed data breach affecting your Google User Data, we will:

• Notify affected users via email within 72 hours of discovery
• Provide clear information about what data was affected and potential impact
• Offer guidance on protective steps users can take
• Cooperate with relevant regulatory authorities as required
• Implement corrective measures to prevent recurrence

5.1 Data Retention Period

• Active Retention: Google User Data is retained within your Google Sheet for as long as you choose to maintain the file and its permissions within your Google Drive.
• No Automatic Deletion: ZackFlow does not impose any automatic or scheduled deletion of your Google User Data. The data remains accessible until you manually remove it.
• Account Dependency: Data retention is tied to the status of your Google Workspace account. If your Google account is suspended or deleted by Google, the associated data will be handled according to Google's own retention policies.

5.2 How to Delete Your Data

You have multiple accessible methods to request and execute the deletion of your Google User Data:

• Delete the Google Sheet: Permanently deleting the Google Sheet file where the Application is installed will remove all associated strategy data, content calendars, and generated content from your Google Drive.
• In-App Data Clear: Navigate to the "Settings" tab within your ZackFlow Dashboard and click the "Clear All Data & Keys" button to wipe stored preferences and API credentials while preserving the template structure.
• Manual Cell Deletion: You may manually delete specific cells, tabs, or data points within your spreadsheet at any time.

5.3 Revoking Application Access

You can revoke the Application's access to your Google Account at any time:

1. Visit your Google Account Third-Party Permissions page
2. Locate the ZackFlow Application in the list
3. Click "Remove Access" or "Revoke Access"

Revoking access will prevent the Application from reading or writing to your Google Sheets going forward, but will not automatically delete data already written to your spreadsheets.

5.4 Data Deletion Requests

If you require assistance with data deletion or believe we hold any Google User Data outside of your Google Workspace, you may contact us at zack.flow.ai@gmail.com. We will respond to deletion requests within 30 days.

Please note: Since we do not maintain external databases or servers containing your Google User Data, in most cases you can achieve complete deletion simply by removing the Application from your Google Sheet and/or deleting the Sheet file itself.