That Doc Generator

Legal

Privacy Policy

Last updated: June 22, 2026

This Privacy Policy explains how That Consulting Company collects, uses, and protects information in connection with That Doc Generator.

What we collect

  • Account data — email, password hash, user ID.
  • Smartsheet data — your OAuth tokens, the sheets and rows you connect, and the cell values processed to fill templates.
  • Templates and outputs — the Word files you upload and the documents we generate from them.
  • Usage data — workflow runs, PDF conversion counts, AI call counts, error logs.
  • Billing data — handled by Stripe; we store a customer ID and subscription status, not card details.

How we use it

To operate the Service: authenticate you, run your workflows, generate documents, meter usage, bill subscriptions, debug errors, and contact you about your account.

Customer Data

When processing data contained within customer Smartsheet workspaces, sheets, forms, templates, or generated documents, That Consulting Company acts as a data processor on behalf of the customer. The customer remains responsible for the data they choose to connect to or process through the Service.

Subprocessors

  • Lovable Cloud — application hosting, database, authentication, file storage.
  • Smartsheet — source of the row data you connect.
  • Google — optional integration for Google Docs templates and Drive output.
  • Stripe — subscription billing and payment processing.
  • ConvertAPI — Word-to-PDF conversion.
  • Lovable AI Gateway — routing AI calls used by token mappings.

International Transfers

Your information may be processed and stored in countries other than your own. We take reasonable measures to ensure appropriate safeguards are in place when personal data is transferred internationally.

Retention and deletion

We retain your data for as long as your account is active. You can delete your account at any time from Settings; this cancels any active subscription and permanently removes your workflows, templates, run history, and connections. Stripe retains billing records as required by law.

Account deletion requests are processed promptly. Customer data is typically removed from active systems within 30 days, subject to backup retention schedules, legal obligations, and fraud prevention requirements.

Security

Data is encrypted in transit (TLS). OAuth tokens and credentials are stored encrypted at rest. Access to production data is restricted to authorized personnel and is monitored through administrative controls and logging.

AI processing

When a token mapping uses AI, the prompt and the relevant cell values are sent through Lovable AI Gateway to provide the requested functionality. Inputs and outputs are processed solely for providing the Service and are not used to train third-party AI models.

Business Transfers

If That Consulting Company is involved in a merger, acquisition, asset sale, financing, or bankruptcy proceeding, your information may be transferred as part of that transaction, subject to applicable law.

Your rights

You may request access to, correction of, or deletion of your personal data at any time by emailing Support@thatcco.com. Self-serve deletion is available in Settings.

Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

Cookies

We use first-party cookies and local storage only for authentication and theme preferences. We do not use third-party advertising trackers.

Changes

We may update this policy from time to time. Material changes will be announced via email or in-app notice.

California Privacy Rights

California residents may have additional privacy rights under applicable California privacy laws. Requests regarding personal information may be submitted to Support@thatcco.com.

Contact

Email Support@thatcco.com.