Least Data Access

Smart accesses only the minimum amount of data required to answer a specific user request.

No Unnecessary Storage

Customer business data is not persistently stored or replicated by Smart.

User Visibility & Control

Users retain visibility into how results are generated and control which data sources are connected and analyzed.

Customer Business Data

Structured data stored in customer databases or files, accessed solely to perform user-initiated analyses.

Configuration & Metadata

Connection settings, schema mappings, and technical metadata required to operate the service.

User Interaction Data

User prompts, filters, and feedback submitted through the Smart interface.

Smart does not intentionally process personal data beyond what is present in customer-provided sources.

Least-Data Principle

For each query, Smart processes only the minimum information required to generate an answer. This may include:

Smart does not ingest or copy full tables unless explicitly required to perform an analysis initiated by the user.

• Database or file schema metadata and definitions
• Limited data samples (up to 10 rows per column) strictly for query disambiguation
• User-provided inputs such as questions and filters

In-Memory Processing

Query data is processed in memory

• Data is not written to disk as part of query execution
• Smart does not maintain a persistent copy of customer databases or spreadsheet contents

Industry-Standard Security

Smart applies industry-standard security controls, including:

• Encryption in transit using TLS
• Encryption at rest at the infrastructure or database layer
• Isolated customer environments to prevent cross-customer access
• Access to systems is restricted based on role and operational need.

Dedicated Environments

Each customer operates in a dedicated, isolated environment

Regional Deployment Options

Regional deployment options are available (e.g., EU-based deployment for GDPR considerations)

Customers are responsible for selecting a deployment region aligned with their regulatory obligations

SQL Visibility

Users can inspect SQL queries generated by Smart at any time.

Reasoning Traceability

Where applicable, Smart surfaces the execution logic used to generate outputs, enabling users to validate and audit results before acting on them.

Data Accessed

When connecting Google services (e.g., Google Sheets), Smart may access:

Smart does not access Google Drive files unless explicitly authorized by the user.

• Spreadsheet metadata (file name, structure)
• Spreadsheet contents explicitly selected by the user
• Account identifiers required for authentication

Data Usage

Google user data is used solely to provide the Smart service, including:

Google user data is not used for advertising, profiling, or marketing.

• Reading spreadsheet structure and contents
• Generating analytical outputs such as tables and charts
• Enabling interactive analysis based on user input

Data Sharing

Smart does not sell or share Google user data. Google user data may be processed by:

• Smart's infrastructure providers, strictly to operate the service
• AI service providers used to generate analytical outputs, under contractual confidentiality obligations

Data Protection & Retention

Google user data is processed in memory where possible

• Data is encrypted in transit using TLS
• Smart does not maintain a persistent copy beyond what is required to deliver the service
• Users may revoke access at any time. Upon revocation or deletion request, retained Google user data under Smart's control is removed.

No Training Commitment

Smart does not use Google user data to train foundation models unless explicitly agreed in writing.