Least data access

Smart processes only the minimum information required to answer your questions.

No unnecessary storage

We avoid storing customer business data beyond what is required to operate the service.

User visibility and control

You have full visibility into how your data is used and can control access at any time.

Least-Data Principle

Smart processes only the minimum information required to answer a user's question. This may include:

Smart never ingests full tables unless explicitly required to perform an analysis initiated by the user.

• Database or file schema metadata and definitions
• Limited data samples (≤10 rows per column) strictly for query disambiguation
• User-provided inputs (e.g., questions, filters)

In-Memory Processing

Query data is processed in memory

• Data is not written to disk as part of query execution
• Smart does not maintain a persistent copy of customer databases or spreadsheet contents

Industry-Standard Security

Smart applies industry-standard security measures, including:

• Encryption in transit using TLS
• Encryption at rest at the infrastructure or database layer
• Isolated customer environments to prevent cross-customer access

Dedicated Environments

Each customer operates in a dedicated, isolated environment

Regional Deployment Options

Regional deployment options are available (e.g., EU-based deployment for GDPR considerations)

Customers are responsible for selecting a deployment region aligned with their regulatory obligations

SQL Visibility

Users can view SQL queries generated by Smart at any time.

Reasoning Traceability

Where applicable, Smart surfaces the logic used to generate outputs, allowing users to validate and audit results before acting on them.

Data Accessed

When you connect Google services (e.g., Google Sheets), Smart may access:

Smart does not access Google Drive data or files unless explicitly authorized by the user.

• Spreadsheet metadata (file name, structure)
• Spreadsheet contents explicitly selected by the user
• Account identifiers required for authentication

Data Usage

Google user data is used solely to provide the Smart service, including:

Google user data is not used for advertising, profiling, or marketing purposes.

• Reading spreadsheet structure and contents to answer user questions
• Generating analytical outputs such as tables and charts
• Enabling interactive analysis based on user input

Data Sharing

Smart does not sell or share Google user data.

• Google user data may be processed by Smart's infrastructure providers (e.g., cloud hosting) strictly to operate the service
• AI service providers used to generate analytical outputs, under contractual confidentiality obligations
• All processing is limited to delivering the requested functionality

Data Storage & Protection

Google user data is processed in memory where possible

• Data is encrypted in transit (TLS) and protected using industry-standard controls
• Smart does not maintain a persistent copy of Google user data beyond what is required to provide the service

Data Retention & Deletion

Google user data is retained only for the duration necessary to deliver the service

• Users may disconnect Google services at any time, revoking Smart's access
• Users may request deletion of associated metadata or configuration data by contacting Smart via get-smart.co
• Upon deletion, all retained Google user data under Smart's control is removed

No Training Commitment

Smart does not use Google user data to train foundation models unless explicitly agreed by the user in writing.