Privacy Policy

AuditMySheet ("we," "our," or "us") is a Google Sheets™ add-on that helps spreadsheet owners track edits and manage recovery snapshots. This Privacy Policy explains what information is involved when you use AuditMySheet and when you visit this marketing website (auditmysheet.com), and how it is handled.

Where your add-on data lives

Spreadsheet activity stays within your Google Drive™ and the spreadsheet where you install AuditMySheet. Change logs, recovery tabs, and configuration written by the add-on are stored as part of that file as ordinary Google Sheets™ content under your account. We do not operate a separate cloud database for your spreadsheet activity. Pro subscription metadata (email and license status) is stored separately on our license service, as described below.

Spreadsheet data stays in Google Drive™

The AuditMySheet add-on does not send your spreadsheet cells, change log rows, recovery tab contents, or other sheet data to external servers operated by us. Change tracking and recovery features read and write only within the spreadsheet you authorize, using Google's APIs. Your use of Google Workspace™ and Google Drive™ is also subject to Google's privacy policies.

Pro license check (external request)

To determine whether your Google account has an active Pro subscription, the add-on may call our license service at https://auditmysheet.com/api/license using the script.external_request permission. This request sends only:

• Your signed-in Google Account email address (to look up subscription status)
• A server authentication token (not visible to you; used only so our service accepts the request)

We do not include spreadsheet content, sheet names, cell values, or change history in this call. When you purchase Pro through our payment provider (Lemon Squeezy), we receive subscription metadata (including your email and subscription status) via a signed webhook and store it in our license database (Upstash Redis) so future verification requests can look up your Pro status. We do not store your spreadsheet data there.

The verification response (Pro active or not) may be cached in the spreadsheet's document properties for up to 24 hours so the add-on does not repeat the license check on every action. You can use "I just paid — refresh Pro" in the Control Panel to clear the cache and request a fresh check after checkout.

Data protection

The following measures apply to sensitive data handled by AuditMySheet, including your Google Account email used for Pro license verification:

• Encryption in transit: All communication between the add-on and our license service uses HTTPS/TLS (including calls to https://auditmysheet.com/api/license).
• Data minimization: License verification sends only your signed-in Google Account email address and an authentication token. No spreadsheet content, cell data, sheet names, or change history is transmitted to our servers.
• Storage and encryption at rest: Subscription metadata (email, subscription ID, status, and related license fields) is stored in our backend database (Upstash Redis), which encrypts data at rest. We store only what is needed to authorize Pro features—not spreadsheet data.
• Local caching: The Pro/not-Pro result is cached in the spreadsheet's document properties for up to 24 hours. This cache contains only a license flag and timestamp, not sheet content.
• Access controls: Our license API requires a Bearer authentication token on every request. The token is configured in the add-on's server-side script settings and is not shown in the sidebar user interface. Backend database and server credentials are held in environment variables accessible only to our deployment infrastructure, not to end users.
• Limited sharing: We do not sell or share your email with advertisers or data brokers. Your email is shared with Lemon Squeezy when you purchase Pro (their privacy policy applies to checkout) and is used by our service solely to look up subscription status.

This website and Google Analytics 4 (GA4)

When you visit this marketing website, we may collect analytics data using Google Analytics 4 (GA4), but only if you accept analytics cookies through the cookie banner. If you decline, GA4 is not loaded and this category of data is not collected on that browser.

When GA4 is enabled, Google may process information such as page views, session data, approximate location (derived from IP at a coarse level), and device type. GA4 is configured for aggregated website measurement; we do not use it to intentionally collect personally identifiable information such as your name or email address from the site itself.

Analytics processing relies on Google's infrastructure. For details on how Google handles GA data, see Google's Privacy Policy and Google Analytics documentation.

Legal basis for processing (including GDPR)

Where the EU/UK General Data Protection Regulation (GDPR) applies, we rely on consent for storing your cookie choice and enabling non-essential analytics cookies, on legitimate interests for limited, aggregated website analytics when you have provided that consent, and on contract performance (and, where applicable, legitimate interests) to verify Pro subscription status when you use paid features—balanced against your rights, which you may exercise as described below.

Your rights under GDPR

Depending on your location and applicable law, you may have rights including: access to personal data we process, rectification of inaccurate data, erasure ("right to be forgotten") in certain cases, data portability where technically feasible, and objection to processing based on legitimate interests (including for analytics, where applicable). You may also lodge a complaint with your local supervisory authority.

To exercise rights related to this website, Pro license metadata, or to ask questions about our processing, contact support@auditmysheet.com. Some requests may need to be directed to Google for GA4 data held in Google systems or to Lemon Squeezy for payment records.

Cookies and similar technologies

We use analytics cookies only in connection with GA4, and only after you click Accept in the cookie banner. Your choice (accept or decline) is stored in localStorage under the key cookie_consent and in a first-party browser cookie with a 365-day lifetime so the banner does not reappear on every visit. Declining analytics does not disable essential functionality of the site.

No sale of personal data; limited sharing

We do not sell your personal information. We do not share your spreadsheet data with advertisers or data brokers. The AuditMySheet add-on does not integrate third-party advertising or tracking scripts inside Google Sheets™. Pro billing is handled by Lemon Squeezy; we store subscription status (email and license metadata) in our license database to authorize Pro features. We do not share spreadsheet data with Lemon Squeezy. When you consent to analytics, Google processes website usage data as a service provider / processor for GA4; we do not sell that data.

Google OAuth scopes and why we request them

When you authorize AuditMySheet, Google may show the following permissions. We use each scope only as needed to deliver the product:

• Google Sheets™ (spreadsheets.currentonly) — Read and write the current spreadsheet only so we can record edits in a hidden change log, maintain recovery tabs for your selected Critical Sheet, recreate system tabs if removed, and present the owner-only sidebar experience.
• User info (userinfo.email) — See your primary Google Account email address so each logged change can record which collaborator performed the edit, which is essential for accountability in shared files.
• Apps Script (script.container.ui) — Display the sidebar control panel where owners configure AuditMySheet and review the change log.
• Apps Script (script.scriptapp) — Install and run spreadsheet triggers (such as onEdit) so change tracking works while you use the file.
• Apps Script (script.external_request) — Call our license API at auditmysheet.com to verify whether your Google account has an active Pro subscription. Only your email address and an authentication token are sent for this check; no spreadsheet content is transmitted.

The exact scope strings shown in the consent screen may match Google's current naming; refer to your OAuth consent prompt for the authoritative list at install time.

Data retention

Add-on: The add-on maintains a rolling change log (up to the last 5,000 entries). Older entries are not preserved by the add-on beyond that window. You can remove the add-on or delete the spreadsheet at any time; residual copies may remain in Google's backups according to Google's policies.

Pro license metadata: Subscription records (email and license status) are retained in our license database while your subscription is active and for a reasonable period afterward to handle billing disputes, reactivation, or support requests. You may request deletion by contacting support@auditmysheet.com.

License cache in spreadsheet: The Pro/not-Pro flag cached in document properties expires after 24 hours or when you use "I just paid — refresh Pro" in the Control Panel.

Google Analytics 4: Website analytics data is retained according to GA4 default retention settings in our GA property (and Google's platform rules), which you can read about in Google's documentation. We do not use this site to build individual profiles beyond standard GA4 reporting.

Children's privacy

AuditMySheet is intended for business and professional use. We do not knowingly collect personal information from children under 13 (or the age required in your jurisdiction) through the add-on beyond what Google Workspace™ accounts provide.

Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the effective date. If changes are material, we will provide notice as required by applicable law or applicable policies.

Contact and data requests

Questions about this Privacy Policy, cookie choices, or requests related to your data: support@auditmysheet.com.