Privacy Policy

Last updated: February 22, 2026

1. Introduction

Pedal LLC ("Pedal," "we," "us," or "our") operates the Pedal platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

We collect the following types of information:

  • Account Information: When you sign in with Google, we receive your name, email address, and profile picture from your Google account.
  • Google Workspace Data: With your explicit authorization, we access Google Drive files, Google Sheets, Google Docs, Google Forms, and Google Apps Script projects that you choose to share with or create through Pedal. We only access files you explicitly attach or that Pedal creates on your behalf.
  • OAuth Tokens: We securely store Google OAuth refresh tokens to maintain API access on your behalf. These tokens are encrypted and never shared with third parties.
  • Usage Data: We track AI token usage and build counts for billing and rate-limiting purposes.
  • Conversation Data: Chat messages between you and the Pedal AI are stored to maintain conversation history and enable follow-up modifications to your builds.
  • Payment Information: Payment processing is handled by Stripe. We do not store credit card numbers or full payment details on our servers. We store Stripe customer IDs and subscription metadata.

3. How We Use Your Information

  • To provide and operate the Service, including generating Apps Script code and deploying builds on your behalf
  • To read and analyze Google Drive files you attach so our AI can generate relevant code
  • To create and manage Google Apps Script projects, Google Sheets, Google Docs, and Google Forms as part of your builds
  • To manage your account and subscription
  • To track usage for billing and enforce plan limits
  • To improve the Service and develop new features
  • To communicate with you about your account or the Service

Pedal only accesses Google user data necessary to provide the Service. We do not access or process Google user data for advertising purposes.

4. Google User Data

Pedal does not sell, rent, or trade Google user data or personal information to third parties.

Pedal does not store the contents of your Google Drive files. When you attach Google Drive files or documents, relevant portions of their content may be transmitted to our AI processing provider (OpenAI) to generate code or responses. This data is processed in real time and is not persisted by Pedal. Pedal stores only file references (such as file IDs, names, and URLs) to maintain links between your builds and associated files.

Pedal personnel do not access Google user data unless necessary for troubleshooting, security investigations, or with the user's explicit permission.

5. Third-Party Services

We use the following third-party services:

  • Google APIs: For authentication, Google Drive access, Google Sheets/Docs/Forms creation, and Google Apps Script project management. Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.
  • OpenAI: When you attach Google Drive files or documents, relevant portions of their content may be transmitted to OpenAI's API for AI code generation. Your prompts and file contents are processed according to OpenAI's Privacy Policy.
  • Stripe: For payment processing and subscription management.
  • Supabase: For database hosting and authentication infrastructure.

6. Data Retention

We retain your data for as long as your account is active. Conversation history, project data, and linked file references are kept to enable ongoing build management. You can request full account deletion from the Settings page or by contacting us.

7. Account Deletion

When an account is deleted, Pedal deletes stored OAuth tokens, profile data, conversation history, project records, usage data, and removes all references to Google files. Any Google files created by Pedal (including Apps Script projects, Google Sheets, Docs, and Forms) remain in the user's Google Drive unless the user chooses to delete them manually.

8. Data Security

We implement industry-standard security measures to protect your data. OAuth tokens are stored securely. All data in transit is encrypted via HTTPS. Database access is protected by Row-Level Security (RLS) policies ensuring users can only access their own data.

9. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data and account
  • Revoke Google OAuth permissions at any time through your Google Account settings
  • Export your data

10. Children's Privacy

The Service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at privacy@pedal.run.