Privacy Policy

1. Overview

SheetDiff™ (“the Add-on”) is a Google Sheets™ add-on developed by Mohamed Yaakoubi that compares spreadsheet versions and generates quality assurance reports. This Privacy Policy explains how the Add-on collects, uses, and protects your data.

2. Data the Add-on Accesses

The Add-on requests the following Google OAuth scopes:

• userinfo.email — Read your Google account email address. Used solely to identify you for license validation and usage tracking (see Section 5).
• spreadsheets.currentonly — Read and write access to the Google Sheets™ spreadsheet the Add-on is installed in. This is required to read data in your active spreadsheet, create snapshot sheets, generate the Diff Viewer, and produce the QA Report.
• drive.file — Access to individual Google Drive™ files that you explicitly select through the built-in Google Picker dialog. This is used solely for the Cross-Sheet Import feature: when you click "Pick from Google Drive™" and choose a spreadsheet, this scope grants read access to that specific file only, allowing the Add-on to copy a sheet into your current spreadsheet for comparison. The Add-on cannot access any other files in your Drive.
• script.container.ui — Permission to display the Settings sidebar, dialogs, and custom menus within Google Sheets™.
• script.external_request — Permission to make network requests to our license verification server and to Google Analytics for anonymous usage analytics (see Sections 5 and 8).

3. Data the Add-on Does NOT Access

• The Add-on does not browse, list, or scan your Google Drive™. The Cross-Sheet Import feature uses Google's built-in file picker, and the Add-on can only access the specific file you select. No other Drive files are accessible to the Add-on.
• The Add-on does not access your Gmail, Calendar, Contacts, or any other Google service.
• The Add-on does not read, store, or transmit the content of your spreadsheets to any external server.
• The Add-on does not access your Google account password or authentication credentials.

4. Spreadsheet Data Storage

All spreadsheet data processed by the Add-on remains within your Google Sheets™ document. Comparison results, snapshots, diff reports, and user settings (column mapping, similarity threshold, report metadata) are stored in the spreadsheet's DocumentProperties using Google Apps Script's built-in Properties Service. This data is tied to the specific spreadsheet and is not accessible from other documents.

5. License Server & Data We Collect

To manage licensing, trial periods, and usage limits, the Add-on communicates with a license verification server hosted on Google Firebase (Cloud Functions + Firestore) in the us-central1 region. The following data is transmitted to and stored on this server:

• Google account email address — Retrieved via Session.getEffectiveUser().getEmail(). Used as a unique identifier for license records and usage tracking.
• License status — Whether you are on a trial, free tier, or paid plan. Stored alongside your email to determine access level.
• Usage count — The number of comparisons performed per calendar month. No spreadsheet content is transmitted — only a counter is incremented.
• Payment metadata (via Dodo Payments webhook) — When you purchase a subscription or lifetime license, Dodo Payments sends a webhook to our license server containing: your billing email address, Dodo customer ID, subscription ID, subscription status, and billing dates. No payment card details or billing address are included in these webhooks.

No spreadsheet content, cell values, row data, or file contents are ever transmitted to or stored on the license server. Only the metadata listed above is collected.

6. Payment Processing

Paid subscriptions are processed by Dodo Payments (Dodo Payments Inc.), which acts as the Merchant of Record. When you purchase a SheetDiff™ Pro license:

• Payment information (credit card, billing address) is collected and processed entirely by Dodo Payments. The Add-on developer never sees or stores your payment details.
• Dodo Payments sends a webhook notification to our license server confirming your purchase, which includes your email address and subscription status.
• Dodo Payments' own privacy policy applies to payment data: dodopayments.com/legal/privacy-policy.

7. Data Security & Protection

• All spreadsheet data is protected by Google's encryption — in transit (TLS/HTTPS) and at rest (AES-256) — as part of Google Workspace's built-in security.
• Communication between the Add-on and the license server uses HTTPS/TLS encryption exclusively.
• The license server (Firebase) is protected by Google Cloud's infrastructure security, including encryption at rest and in transit.
• Dodo Payments webhook signatures are cryptographically verified to prevent unauthorized license activations.
• The Add-on does not store, cache, or persist any authentication tokens, credentials, or user passwords.
• User preferences (column mapping, thresholds) are stored in DocumentProperties, which is scoped to the individual spreadsheet and protected by Google's access controls.

8. Analytics

The Add-on collects anonymous usage analytics via Google Analytics 4 (GA4) to help us understand how features are used, identify issues, and improve the product. Analytics data is collected in two ways:

• Server-side events — When you run a comparison, commit a snapshot, or export a report, the Add-on sends an anonymous event to Google Analytics via the Measurement Protocol. Your email address is hashed (SHA-256) before being used as a client identifier — Google Analytics never receives your actual email.
• Client-side events — Dialogs and sidebars (Settings, Comparison Picker, License dialog) include the Google Analytics gtag.js snippet that records page views and interaction events (e.g., which mode you selected, whether you opened the subscription dialog).

Analytics data collected includes:

• Which features and comparison modes are used
• Dialog open/close events
• Aggregate interaction patterns (e.g., “structural mode chosen”, “chunked execution started”)

Analytics data does not include:

• Your email address or any personally identifiable information
• Spreadsheet content, cell values, file names, or any user data
• IP addresses (Google Analytics is configured without IP collection)

The Add-on does not display advertisements, use cookies for ad targeting, or employ behavioral profiling.

9. No Sale or Transfer of Data

The Add-on does not sell, trade, rent, or transfer your data (including your email address) to any third party for advertising, data brokering, credit assessment, or any purpose unrelated to providing the Add-on's core functionality and license management.

10. No AI/ML Model Training

Your data is never used for training artificial intelligence or machine learning models. The Add-on's comparison algorithms are rule-based (text similarity, bigram matching) and do not involve any form of model training, fine-tuning, or data aggregation.

11. Data Retention & Deletion

• Spreadsheet data (snapshots, diff reports, settings) resides entirely within your Google Sheets™ document and is deleted when you delete the spreadsheet or uninstall the Add-on.
• License records (email, plan status, usage count) are stored on the Firebase license server for as long as your account is active. If you cancel your subscription or request deletion, your license record will be removed within 30 days.
• Trial data (trial start date) is stored both locally in UserProperties (cleared on uninstall) and on the license server (deleted on request).
• You may request deletion of all your data at any time by contacting the developer at the email address listed below.

12. Children's Privacy

The Add-on is not directed at children under 13 and does not knowingly collect any information from children.

13. Changes to This Policy

This Privacy Policy may be updated from time to time. Any changes will be reflected on this page with an updated “Last updated” date. Continued use of the Add-on after changes constitutes acceptance of the revised policy.

14. Contact

If you have any questions about this Privacy Policy or wish to request deletion of your data, please contact:

Mohamed Yaakoubi
Email: amirrak8@gmail.com
LinkedIn: linkedin.com/in/yaakoubi-mohamed