This Privacy Policy describes how CompliSync ("CompliSync," "we," "us," or "our") collects, uses, and protects information when you use our Google Workspace Add-on that synchronizes data between Jira, Google Sheets, and Monday.com (the "Service"). CompliSync is installed through the Google Workspace Marketplace and operates within Google Sheets as a native add-on. By installing or using CompliSync, you agree to the terms of this Privacy Policy.
When you authorize CompliSync, the add-on accesses and processes the following data solely to provide the Service:
We use the information we collect to:
CompliSync's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically, CompliSync commits to the following with respect to data obtained via Google APIs:
As a Google Workspace Add-on installed via the Google Workspace Marketplace, CompliSync requests the following OAuth permission scopes during installation. We request only the minimum permissions necessary to perform the functions you configure.
| Scope | Purpose | Why It's Needed |
|---|---|---|
| spreadsheets.currentonly | Read and write the active spreadsheet | Required to read existing sheet data and write Jira ticket data into the spreadsheet currently open in your browser. This scope restricts the add-on to the active file only — it cannot access any other spreadsheets in your Drive. |
| script.external_request | Make external HTTP requests | Required to connect to the Jira REST API and the Monday.com API to fetch ticket data and push updates. |
| script.scriptapp | Create and manage time-based triggers | Required to set up the optional scheduled auto-sync trigger that runs your sync automatically once per day at the hour you configure. If you use manual sync only, this scope is still requested but no trigger is created. |
| userinfo.email | View your email address | Used to associate your add-on session with your account for settings storage and audit log attribution. |
spreadsheets.currentonly scope means the add-on is strictly limited to the spreadsheet you have open — it cannot scan or access any other files. If you are ever prompted to grant permissions beyond those listed above, please contact us immediately at hello@complisync.io.
If you enable auto-sync, CompliSync uses Google Apps Script's time-based trigger system (ScriptApp.newTrigger) to run the sync function once per day at the hour you specify, on weekdays only. This trigger runs under your Google account's authorization and accesses the same spreadsheet and Jira credentials you configured. You may disable or remove the trigger at any time from within the CompliSync settings panel, or by visiting your Apps Script triggers page.
You may revoke CompliSync's access to your Google account at any time by visiting your Google Account permissions page and removing CompliSync from the list of connected apps, or by uninstalling the add-on from the Google Workspace Marketplace. Revoking access will stop all sync operations including any scheduled triggers.
CompliSync does not allow any employee, contractor, or agent to read, view, or otherwise access the contents of your Google Sheets data except in the following limited circumstances:
Under normal operating conditions, your Google Sheets data is processed entirely by automated systems running within Google Apps Script's infrastructure. Our sync engine reads and writes spreadsheet data programmatically without any human involvement in the content of your data.
CompliSync uses Google Apps Script's built-in Logger service to record operational events such as sync completion, ticket counts, and error messages. These logs are stored by Google in your Apps Script project and are accessible to the script owner (your Google account). Log entries record metadata about sync operations — such as "Synced 12 tickets" or "Sync error: could not connect" — and are not designed to capture the content of your spreadsheet data. However, error messages may occasionally include partial data values when diagnosing a specific row or field. Logs are retained according to Google Apps Script's standard retention policy. CompliSync team members do not have access to your Apps Script logs unless you explicitly share your script project with us for support purposes.
When you use the Notes Writeback feature, CompliSync reads the content of your designated Notes column and posts that text as a comment on the corresponding Jira ticket. This is a deliberate, user-initiated action. The content you write in Notes cells will be transmitted to your Jira instance and will be visible to anyone with access to that Jira ticket. CompliSync prepends a [CompliSync] tag to posted comments by default so they are identifiable; this tag can be disabled in project settings.
When support access is granted with your consent, it is subject to the following controls:
CompliSync is designed to help compliance-focused teams handle sensitive data responsibly. We acknowledge that some customers, particularly in healthcare and healthcare-adjacent industries, may process data that constitutes Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA).
Customers on the Compliance tier of CompliSync may execute a Business Associate Agreement (BAA) with us. The BAA governs our obligations with respect to any PHI that may be processed through the Service. To request a BAA, contact hello@complisync.io with "BAA Request" in the subject line.
CompliSync provides the following features to help customers manage PHI risk:
Customer data is stored on servers located in the United States. API tokens and credentials are encrypted at rest using AES-256 encryption. Data in transit is protected using TLS 1.2 or higher.
We retain your account data for the duration of your subscription and for 30 days following termination, after which it is permanently deleted. Sync logs are retained for 90 days. You may request immediate deletion of your data by contacting hello@complisync.io.
CompliSync integrates with the following third-party platforms. Your use of these platforms is governed by their respective privacy policies. We are not responsible for the privacy practices of these third-party services.
Depending on your location, you may have the following rights with respect to your personal data:
To exercise any of these rights, contact us at hello@complisync.io. We will respond within 30 days.
Our web dashboard uses essential cookies necessary for authentication and session management. We do not use tracking cookies or third-party advertising cookies. You may disable cookies in your browser settings, but this may affect your ability to log in to the dashboard.
CompliSync is a business-to-business service not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately at hello@complisync.io.
We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting the updated policy on our website with a new effective date. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or our data practices, please contact us. For HIPAA-related inquiries or to request a Business Associate Agreement, please include "BAA Request" in your email subject line.
Questions about privacy? We're here to help.