Privacy Policy for PowerMonkey Chrome Extension

Introduction

PowerMonkey ("we", "our", or "us") is a Chrome extension that provides Excel-like keyboard shortcuts for Google Sheets. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use PowerMonkey, with particular attention to our graduated consent approach and Google API usage.

Our Privacy Commitment: PowerMonkey operates on a privacy-first principle. We request the minimum permissions necessary for functionality and use a graduated consent model to ensure you only grant permissions when you need advanced features.

Graduated Consent Model

PowerMonkey implements a graduated consent approach to protect your privacy and give you complete control over your data access:

Free Features (No Google API Access)

• Paste Special Dialog (Alt+S): Works entirely within your browser, no external data access
• Local keyboard shortcuts: Processed locally without server communication
• No permissions required: These features work immediately after installation

Advanced Features (Requires Explicit Consent)

Advanced features require access to Google Sheets API and will only be enabled after you explicitly consent:

• Color Cycling (Ctrl+;): Requires read/write access to cell formatting
• Decimal Formatting (Ctrl+, and Ctrl+.): Requires read/write access to number formats
• Formula Tools (Ctrl+E): Requires read/write access to cell formulas
• Trace Precedents/Dependents (Ctrl+[ and Ctrl+]): Requires read access to formulas and cell references
• Date Format Cycling (Ctrl+Shift+D): Requires read/write access to date formatting
• Auto-fit Columns (Alt+H): Requires read/write access to column properties

Consent Process

1. Initial Installation: No Google API permissions requested
2. Feature Request: When you first try an advanced feature, a clear consent dialog explains exactly what access is needed
3. User Choice: You decide whether to grant Google Sheets API access
4. Google Authorization: If you consent, Google's official OAuth screen appears
5. Limited Scope: We only request access to Google Sheets (not Drive, Gmail, or other services)

Google API Usage and Data Access

Scope of Access

When you grant consent, PowerMonkey requests access to:

• Google Sheets API scope: https://www.googleapis.com/auth/spreadsheets
• Purpose: Read and modify formatting, formulas, and cell content in sheets you're actively editing
• Limitations: We cannot access sheets you're not currently viewing or editing

How We Use Google Sheets Access

• Read Operations: Analyze cell formulas for precedent/dependent tracing
• Write Operations: Apply formatting changes (colors, decimals, date formats)
• Formula Modifications: Wrap formulas with IFERROR() functions
• Local Processing: All analysis and modifications happen locally in your browser

Data We Do NOT Access

• Google Drive files outside your current session
• Gmail or Google Calendar
• Personal files or documents
• Sheets you're not actively viewing
• Historical versions or revision history

Information We Collect

Data Collected Before Consent (Basic Features)

• Extension Settings: Your keyboard shortcut preferences, stored locally in Chrome
• No Personal Data: Basic features work without collecting any personal information
• No Google Account Access: Free features do not access your Google account

Data Collected After Consent (Advanced Features)

Only collected after you explicitly grant Google Sheets API access:

• Google Account Email: Used solely for authentication and subscription management
• Spreadsheet Data (Session Only):
  • Cell content and formulas in your currently active sheet
  • Formatting information (colors, number formats, dates)
  • Processed locally in your browser
  • Never stored on our servers
• Authentication Tokens: Google OAuth tokens stored securely in Chrome's local storage

Optional Subscription Data

Only collected if you choose to upgrade to Pro or Enterprise:

• Billing Information: Processed and stored securely by Stripe (not by us)
• Subscription Status: To determine feature access levels
• Usage Metrics: Anonymized counts for billing and feature improvement

Diagnostic Information (Optional)

• Error Reports: Only sent if you report a bug or request support
• Performance Data: Anonymous metrics to improve extension performance
• No Personal Content: Error logs never contain your spreadsheet data

How We Use Information

Core Functionality

• Authenticate with Google Sheets API
• Provide keyboard shortcuts and Excel-like features
• Synchronize settings across devices

Service Improvement

• Track feature usage to prioritize development
• Diagnose and fix technical issues
• Provide customer support

Billing (Pro/Enterprise Only)

• Process subscription payments through Stripe
• Manage feature access based on subscription tier

Data Storage and Security

Local Storage (Chrome Extension)

• Authentication Tokens: Stored securely in Chrome's encrypted local storage
• User Preferences: Extension settings stored locally on your device
• Graduated Consent Status: Record of which permissions you've granted
• No Spreadsheet Data: Your actual spreadsheet content is never stored locally

Server Storage (Minimal)

• Subscription Status Only: Email address and subscription tier for billing
• No Spreadsheet Content: We never store your actual spreadsheet data on our servers
• No Personal Files: We do not store or cache any of your Google Drive content
• Anonymous Usage Metrics: Feature usage counts without personal identifiers

Data Processing Location

• Local Processing: All spreadsheet analysis happens in your browser
• No Data Transit: Spreadsheet content never leaves your device
• Direct API Calls: We communicate directly with Google's APIs, not through our servers
• End-to-End Security: Your data flows directly between your browser and Google

Security Measures

• OAuth 2.0: Industry-standard authentication protocol
• HTTPS Encryption: All communications encrypted in transit
• No Persistent Storage: Spreadsheet data processed in memory only
• Minimal Permissions: Request only the specific scopes needed for functionality
• Chrome Security Model: Benefit from Chrome's built-in extension security

Third-Party Services

• Google APIs: Direct integration with Google Sheets API, subject to Google's security and privacy standards
• Stripe: Payment processing with PCI-compliant security, data handled by Stripe
• Firebase Hosting: Website hosting with Google's enterprise security infrastructure

Data Retention Policy

• Local Data: Stored until you uninstall the extension or clear Chrome data
• Authentication Tokens: Automatically expire and refresh according to Google's OAuth standards
• Subscription Data: Retained for billing history as required by law, then deleted
• Anonymous Analytics: Aggregated data retained for product improvement, no personal identifiers
• Account Deletion: Complete data deletion within 30 days of account closure request

Your Rights

Third-Party Services

Google APIs

We use Google Sheets API under Google's terms of service. Your data is subject to Google's privacy policy.

Stripe

Payment processing is handled by Stripe. Your payment data is subject to Stripe's privacy policy.

Children's Privacy

PowerMonkey is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. Users will be notified of significant changes through the extension.

Google API Services User Data Policy Compliance

PowerMonkey's use of information received from Google APIs adheres to Google API Services User Data Policy, including the Limited Use requirements.

Limited Use Commitment

• Single Purpose: We use Google user data solely to provide PowerMonkey's Excel-like features for Google Sheets
• No Secondary Use: Google user data is not used for advertising, analytics tracking, or any purpose beyond the core functionality
• No Data Sale: We never sell, share, or monetize your Google user data
• Minimal Access: We access only the specific data necessary for requested features
• Transparent Purpose: Each feature clearly explains why it needs specific data access

OAuth 2.0 Policy Compliance

• Graduated Consent: Users explicitly consent to each level of data access
• Clear Scope Requests: We request only the Google Sheets scope, nothing broader
• User Control: Users can revoke access anytime without losing basic functionality
• Transparent Disclosure: This privacy policy fully documents our data practices

Data Use Restrictions

• Spreadsheet Processing Only: Google Sheets data is used exclusively for keyboard shortcuts and formatting
• No Content Mining: We do not analyze, index, or extract insights from your spreadsheet content
• No AI Training: Your data is never used to train AI models or machine learning systems
• Session-Based Access: Data access is limited to your active editing session

Data Protection Compliance

PowerMonkey complies with applicable data protection laws including GDPR for EU users and CCPA for California residents.

GDPR Rights (EU Users)

• Right to access your data
• Right to rectify inaccurate data
• Right to erase your data
• Right to restrict processing
• Right to data portability
• Right to object to processing

CCPA Rights (California Users)

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale (we do not sell personal information)
• Right to non-discrimination

This privacy policy is designed to comply with Chrome Web Store requirements and applicable privacy laws.