Your privacy and the security of your data are paramount to us. This policy transparently outlines how Toolloo Add-ons (including Auto Merge Sheet and Smart PDF & Image Extractor) access, use, and protect your Google™ user data.

The Add-on integrates with your Google™ Workspace environment to provide its core functionalities. It accesses specific Google user data only when you use the Add-on and strictly for the purposes described below. We adhere to Google's API Services User Data Policy, including the Limited Use requirements.

The Add-on utilizes the following Google OAuth 2.0 scopes:

• https://www.googleapis.com/auth/spreadsheets.currentonly —Accesses only the current spreadsheet where the Add-on is active. Used to read the specified data from source sheets, write the final data to the target sheet.

• https://www.googleapis.com/auth/script.container.ui —to display user interface components, such as sidebars and custom menus within Google Sheets, enabling user to configure settings and initiate actions.

• https://www.googleapis.com/auth/drive.file — Accesses only files and folders explicitly chosen by user through the Google Picker interface. Used for discovering Google Sheets files for merging(for Auto Merge Sheets) or selecting images and PDFs for data extraction (Smart PDF & Image Extractor).  

• https://www.googleapis.com/auth/userinfo.email —allows the Add-on to identify your Google account's email address. This email is used as a unique identifier to associate your usage and subscription status. 

• https://www.googleapis.com/auth/script.external_request —Allows the Add-on to create outbound network connections using the UrlFetchApp service. This permission is used for communicating with external, non-Google services (such as third-party payment processors) and for internal REST API calls to Google Cloud services (like Firebase) that require Service Account authentication.

General Processing: Your data is processed only when you actively use a Toolloo Add-on and strictly for the purposes described below. 

Service-Specific Functionality:

• Auto Merge Sheets: Spreadsheet content is accessed locally within your environment to combine data from multiple sources.

• Smart PDF & Image Extractor : To provide Optical Character Recognition services, the content of user-selected files is transmitted ephemerally to Google Vision and Gemini AI APIs. This data is used solely to return structured text to your spreadsheet. It is not stored by Toolloo, nor is it used by Google to train machine learning models. 

No External Servers for Content Data: Toolloo does not transmit, store, or share your actual spreadsheet content or Drive file data on any external servers or with any third-party services outside of your Google account. All processing happens within Google's secure infrastructure or via ephemeral API calls that do not retain your data.

We are committed to protecting your sensitive data. Our data protection mechanisms include:

• Data Residency within Google's Infrastructure: All sensitive user data (spreadsheet content, Drive files) accessed by the Add-on remains within your Google account and Google's secure cloud infrastructure. It is not copied or transferred to our external servers.

• Google's Security Standards: We leverage Google's robust security measures, including:

  • Encryption at Rest: Your data stored in Google Drive and Google Sheets is encrypted by Google.

  • Encryption in Transit: All communication between your browser, Google Sheets, Apps Script, and Google's APIs is encrypted using industry-standard TLS/SSL protocols.

  • Access Controls: Access to your data is strictly controlled by Google's OAuth 2.0 framework, ensuring the Add-on can only perform actions you have explicitly authorized.

• • No Direct Access to Content Data: As developers, we do not have direct, programmatic access to your spreadsheet content or Drive files. All operations on this data are performed by the Add-ons within your Google environment.

  • Subscription Data Access: We maintain a Firestore database containing only your subscription status & usage metadata (e.g.,page count, premium status, plan ID, payment dates, and your sanitized email as a document ID). This data is accessed only for billing, subscription management, and support purposes. Access to this database is restricted to authorized personnel and is secured via Google Cloud IAM policies.

  • Support Access (User Initiated): In rare cases, if you request technical support for an issue that requires us to inspect logs or certain script properties, we may, with your explicit consent, temporarily access limited diagnostic information. This access is strictly for troubleshooting the reported issue and is immediately revoked upon resolution. We will never access your actual spreadsheet content or Drive files for support purposes without your direct, explicit instruction and presence.

No Sharing with Third Parties: We do not share, sell, or rent your Google user data with any third parties. 

• User Content Data: The Add-ons do not retain any of your spreadsheet content or Drive file data on its own servers. All such data resides within your Google Drive and Google Sheets, subject to Google's data retention policies.

• Subscription Status Data: Your subscription status data (email, trial/premium status, credit usage, plan details, dates) is stored in our Google Cloud Firestore database for the duration of your active subscription and for a reasonable period thereafter for billing, support, and analytical purposes, in accordance with applicable laws. You can request deletion of this data by contacting us.

You retain full control over your Google user data:

• You can manage or delete your spreadsheets and Drive files directly within Google Drive.

• You can revoke the Add-on's access to your Google account at any time by visiting your Google Account's "Third-party apps with account access" page (https://myaccount.google.com/connections). Revoking access will disable the Add-on's functionality.

• You can uninstall the Add-on from Google Sheets at any time.

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. We will notify you of any significant changes by updating the "Last Updated" date at the top of this policy and, where appropriate, through the Google Workspace Marketplace.