Skip to content
Gallium Technologies Gallium Technologies
    • FormChime
    • ApproveKit
    • HeyDB
  • About
  • Team
  • Docs
  • Blog
  • Support
  • Products

    • FormChime
    • ApproveKit
    • HeyDB
  • About
  • Team
  • Docs
  • Blog
  • Support
  1. Home
  2. HeyDB Privacy Policy

HeyDB Privacy Policy

Last updated: 1 March 2026

This policy explains the planned data handling model for HeyDB. HeyDB is not yet publicly launched, so this page documents the intended privacy posture for roadmap, review, and future implementation planning.

What data we access

HeyDB is expected to access the following data when the product is launched:

  • Google Sheet structure — sheet names, column headers, and data types. Used to understand your data schema for query generation.
  • Sheet cell data — the content of cells in the active spreadsheet. Read to execute queries and return results.
  • Your Google account email address — used for authentication.
  • Natural language queries — the questions you type into the HeyDB sidebar. Sent to an AI API for SQL translation.

Why we access it

Data typePurpose
Sheet structureUnderstand column names and data layout to generate accurate SQL queries
Cell dataExecute the generated query against your actual data and write results back
Your email addressAuthenticate you and manage your licence
Natural language queriesTranslate your plain-English question into a SQL query via an AI API

What OAuth scopes we request and why

ScopeTypePurposeWhat happens if revoked
spreadsheets.currentonlyNon-sensitiveRead sheet structure and data, write query results to the active Google SheetHeyDB cannot read your data or write results
script.external_requestNon-sensitiveConnect to the AI API for query translation and Stripe for licence validationHeyDB cannot translate natural language to SQL

How data is processed

HeyDB is intended to run as a Google Apps Script add-on with an external AI provider for query translation:

  1. You type a question in the HeyDB sidebar.
  2. The script reads your sheet’s column headers and data types (not the full dataset).
  3. This schema information and your question are sent to an AI API to generate a SQL query.
  4. The generated SQL is shown to you for review before execution.
  5. On confirmation, the script executes the query against your sheet data locally on Google’s servers.
  6. Results are written to your Google Sheet.

Planned approach: only your sheet’s schema and question text should be sent to the external AI provider. If implementation constraints require broader processing, this page will be updated before launch.

What data is stored and where

  • Query history and configuration are expected to be stored in Google’s environment.
  • No Gallium Technologies-hosted user database is planned for the core product flow.
  • The AI API provider is still to be finalised. We intend to choose a provider with an acceptable retention and training posture before launch.

What data is shared

Your data is never sold, rented, or shared with third parties for advertising or marketing.

  • AI API provider is expected to receive your sheet schema and natural language question for SQL translation. The final provider and privacy notice will be linked here before launch.
  • Stripe is expected to process billing details if paid plans are introduced. See Stripe’s privacy policy.
  • No other third parties receive your data.

Data retention and deletion

  • Uninstall the add-on from the Google Workspace Marketplace to remove all HeyDB functionality and configuration from your Google account.
  • Revoke permissions at myaccount.google.com/permissions to remove all OAuth access.
  • Gallium Technologies does not retain any user data after uninstallation.

Your rights

You have rights over your personal data regardless of where you are located. Depending on your jurisdiction, these may include the right to:

  • Access your personal data and obtain a copy of it.
  • Correct inaccurate or incomplete personal data.
  • Delete your personal data (also known as the ‘right to be forgotten’).
  • Restrict or object to certain processing of your data.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent at any time where processing is based on consent.
  • Opt out of sale — we do not sell your personal data to any third party.

These rights are provided under frameworks including the Australian Privacy Principles, the EU/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), among others.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days, or sooner if required by your local law.

Legal basis for processing

If you are in the EU, EEA, or UK, we process your personal data on the following legal bases under GDPR:

Processing activityLawful basis
Accessing your Google Sheet structure to understand your data schemaContract performance — necessary to deliver the service you installed
Reading sheet cell data to execute queries and write resultsContract performance — core functionality you configured
Sending your query and sheet schema to the AI API for SQL translationContract performance — translating your query is the core service
Billing or licence validation, if introducedLegitimate interest — verifying authorised access to paid functionality

International data transfers

HeyDB runs on Google’s infrastructure. Google’s Data Processing Terms include Standard Contractual Clauses for transfers of personal data outside the EU/EEA.

When you submit a natural language query, the planned design is to send only your sheet’s column headers, data types, and your question text to the AI provider. The provider-specific privacy notice will be linked here before public launch.

Stripe processes payment data in accordance with its own privacy policy and maintains compliance with international data transfer requirements. See Stripe’s privacy policy.

Data breaches

In the event of a personal data breach:

  • We will notify affected users without undue delay.
  • We will notify the Office of the Australian Information Commissioner (OAIC) within 30 days, in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988.
  • For users in the EU/EEA or UK, we will notify the relevant supervisory authority within 72 hours where required under GDPR.
  • We will provide details of the breach, likely consequences, and measures taken.

Contact the OAIC: oaic.gov.au Contact the UK ICO: ico.org.uk

Contact

For privacy enquiries or to exercise your rights under any applicable privacy law:

Email: [email protected]

Gallium Technologies Pty Ltd Australia

Gallium Technologies Gallium Technologies

Google Workspace add-ons that do one thing well.

Company

  • About
  • Team
  • Blog
  • Support
  • Documentation

Products

  • FormChime
  • ApproveKit
  • HeyDB

Legal

  • Terms of Service
  • FormChime Privacy
  • ApproveKit Privacy
  • HeyDB Privacy

© 2026 Gallium Technologies Pty Ltd

Made with ❤️love in Australia