Risontis – Privacy Policy

Effective date: 10 December 2025
Applies to: the Risontis Google Sheets trading add-on, the Risontis licensing backend, and risontis.com.
Controller: Risontis, The Netherlands.
Contact: support@risontis.com

1. Scope & Principles

EU-first governance: Risontis is established in the Netherlands and applies Dutch/EU law, GDPR, and NIS2-aligned security principles.

Zero-ops model: Tenants operate independently. Risontis has no technical ability to access tenant environments; all data and execution remain inside the user’s own Google Workspace. Support is provided only through information the tenant voluntarily shares.

Multi-tenant model: Runtime logic lives in a shared, version-pinned library. Tenant configuration remains inside the user’s Google Sheet and DocumentProperties.

API keys stay with the user: Trading API secrets (such as Bitvavo keys) never leave the tenant’s Google UserProperties. Risontis does not store these server-side.

Exception handling: If a user voluntarily shares API keys or sensitive trading data (for example via screenshots or logs), Risontis deletes this data immediately after support resolution.

No financial advice: Risontis offers automation tooling only. All trading decisions remain the user’s responsibility.

2. Data We Process

Google Workspace profile (email, display name):
Used to bind licenses, identify the active account, and enforce single-sheet licensing.
Stored in Firestore until license termination + 90 days.

Spreadsheet metadata (sheetId, document title):
Used for entitlement checks and diagnostics.
Stored in Firestore and DocumentProperties; deleted on uninstall or 90 days after license lapse.

Licensing telemetry (status, tier, timestamps):
Used to verify entitlement and support billing disputes.
Retained while subscription is active and up to 2 years for tax and audit requirements.

Support communications (email, tickets):
Used to answer questions and resolve incidents.
Retained for 24 months after ticket closure.

System logs (non-PII event markers):
Used for monitoring and incident response.
Retained for 180 days.

Security event data (IP address, request timestamp, request ID, rate-limit flags):
Used for fraud prevention, abuse mitigation, and security monitoring.
Retained for 180 days.

Optional evidence (screenshots, logs, exported sheets):
Used to reproduce issues.
Deleted immediately after case resolution unless legal retention applies.

We do not store trading history, balances, strategies, or sheet content server-side. These remain inside the user’s own Google Sheet unless voluntarily shared.

3. Legal Bases Under GDPR

Contract performance (Art. 6(1)(b)): delivering the Risontis service, licensing, and support.

Legitimate interest (Art. 6(1)(f)): security logging, fraud prevention, rate limiting, and defence against abuse. This includes processing IP addresses and security-event metadata.

Legal obligation (Art. 6(1)(c)): tax and accounting retention for billing.

Consent (Art. 6(1)(a)): used only for optional communications such as beta programs. Consent is never required for core functionality.

4. Processors & Sub-Processors

Google Cloud Platform (EU): hosts Cloud Run, Firestore, and Secret Manager.
Stripe (EU): billing and subscription management.

Risontis acts as a Controller for licensing and billing data stored in Firestore.
For support artifacts supplied by tenants (logs, screenshots, exported sheets), Risontis acts as a Processor and deletes all such artifacts after case resolution unless legal retention applies.

Data Sharing & Disclosure

Risontis does not sell, rent, or trade Google user data.

Google user data accessed by the application is used solely to provide the core functionality of the service. Disclosure of Google user data may occur only in the following limited cases:

  • With Google APIs, strictly as required to operate within Google Sheets, Google Drive, and Gmail under the user’s authorization.
  • With external services explicitly configured by the user (such as a connected exchange), solely to execute the user’s requested operations.
  • With service providers acting as sub-processors for infrastructure and billing (such as Google Cloud Platform and Stripe), limited to the data necessary to perform those services.

Google user data is never shared with advertisers and is not used for advertising or marketing purposes.

5. International Transfers

Data is stored and processed within the EU.
Transfers outside the EEA occur only when required for billing or support and are protected by Standard Contractual Clauses and encryption.

6. Security Measures

Protection of sensitive data

Risontis applies technical and organizational measures to protect Google user data and other sensitive information, including:

  • Encryption in transit using HTTPS/TLS for all communications with Google APIs and external services;
  • Strict access controls and scope minimization, ensuring data access is limited to user-authorized OAuth scopes only;
  • No persistent storage of Google Sheets content outside the user’s Google account;
  • Isolation of tenant data within the user’s own Google Workspace environment;
  • Regular review of access patterns and security logs to detect abuse or unauthorized access.

Tenant-side (Google Sheets environment)

  • All trading logic runs inside the user’s own Google Workspace environment.
  • API keys remain exclusively in Google UserProperties on the tenant’s sheet; Risontis cannot access them.
  • No data leaves the tenant’s Google Sheet unless the user explicitly shares it for support.
  • Minimal-privilege Apps Script scopes are used, aligned with the minimum permissions required for the application’s functionality.
  • SystemLog sheets and audit traces exist only inside the tenant’s Google Drive.

Backend-side (licensing & billing infrastructure)

  • Secrets are stored in Google Secret Manager.
  • Licensing payloads are signed using RSA 4096-bit keys.
  • Backend endpoints enforce bearer-token authentication with IP, email, and sheet-based rate limiting.
  • Cloud Logging provides backend-only security-event monitoring.
  • The backend stores no tenant trading data, sheet content, or API keys.

7. Data Subject Rights

Users may request access, rectification, deletion, restriction, objection, or data portability.

Requests can be made via support@risontis.com.
Risontis responds within 30 days, subject to legal obligations.

8. Retention & Deletion

Licensing and billing records: retained while the subscription is active and deleted or anonymized 90 days after termination unless statutory tax and accounting obligations require retention for up to 2 years.

Security logs (including IP address, request metadata, rate-limit events): retained for 180 days.

Support communications and artifacts: retained for 24 months after ticket closure. Sensitive artifacts (logs, screenshots, exported sheets) are deleted immediately after resolution unless required for compliance.

Backups follow standard Google Cloud lifecycle policies (maximum 30 days).

Tenant-owned data (trading history, balances, strategies, sheet content) remains exclusively in the tenant’s Google Sheet unless voluntarily shared.

9. Children’s Data

Risontis is not intended for children under 16.
We do not knowingly process children’s data.

10. Changes to this Policy

Risontis may update this policy for legal or operational reasons.
Material updates will be announced via release notes or email.

For complaints, users may contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or their local supervisory authority.