Privacy Policy
Last Updated: February 3, 2026
Keystone Data Collection ("we," "our," or "us") operates the Keystone Data Collection application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
Information We Collect
Account Information:
- Email address (used for login and account identification)
- Password (stored securely using industry-standard hashing)
Google Account Information:
- Google email address (when you connect Google Drive)
- OAuth authentication tokens (to access Google Sheets and Drive on your behalf)
Business Data:
- Store numbers and identifiers
- API credentials for FreshConnect (Subway's API service)
- Report data retrieved from FreshConnect (sales, transactions, timeclock, etc.)
How We Use Your Information
- To provide and maintain the Service
- To authenticate your access to the application
- To retrieve report data from Subway's FreshConnect API on your behalf
- To export reports to your Google Drive account
- To communicate with you about the Service
Google API Services
Google API Limited Use Disclosure: Keystone Data Collection's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
When you connect your Google account, we request access to:
- Google Sheets API: To create and write data to spreadsheets in your Google Drive
- Google Drive API: To organize spreadsheets into folders in your Google Drive
We do NOT:
- Access, read, or modify your existing Google Drive files
- Share your Google data with third parties
- Use your Google data for advertising purposes
- Store your Google data beyond what is necessary for the Service
You can revoke our access to your Google account at any time by:
- Using the "Disconnect" button in the application, or
- Visiting Google Account Permissions and removing Keystone Data Collection
Data Storage and Security
- All data is stored on secure servers hosted by Heroku (a Salesforce company)
- Database connections use SSL encryption
- Passwords are hashed using industry-standard algorithms
- OAuth tokens are encrypted before storage
- API credentials are stored securely in our database
Data Retention
We retain your data for as long as your account is active. You may request deletion of your account and associated data at any time by contacting us.
Data Sharing
We do not sell, trade, or otherwise transfer your information to third parties. Your data may be shared only in the following circumstances:
- With Subway's FreshConnect API to retrieve your report data (using credentials you provide)
- With Google's API services to export reports to your Google Drive
- If required by law or to protect our rights
Your Rights
You have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion of your data
- Disconnect your Google account at any time
- Export your data
Children's Privacy
The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.