Excel Formula Generator

1. Who 'We', 'Us', and 'Our' Refer To

In this Privacy Policy, the terms "we," "us," and "our" refer to the operator of Excel Formula Generator and the related browser extension, backend services, and website pages.

If the service is later operated through a company, legal entity, or successor business, those terms will also refer to that entity to the extent it operates the service.

2. Scope of This Policy

This Policy applies to the current implementation of the Excel Formula Generator browser extension, the backend API and infrastructure used to support the extension, and related website pages we operate.

It does not apply to third-party websites, services, platforms, browser stores, model providers, payment providers, analytics tools, or other services we do not control.

3. Important User Notice

Because your prompts may be transmitted to our servers and third-party service providers, including AI model providers, you should not submit information that is sensitive, confidential, regulated, or commercially valuable.

• Passwords, API keys, tokens, or other credentials.
• Banking, payment card, payroll, tax, or other financial information.
• Confidential business plans, trade secrets, internal reports, pricing, or non-public company data.
• Health, biometric, government ID, or other highly sensitive personal information.
• Customer lists, employee records, legal files, or regulated personal data.
• Any information you would not want shared with service providers involved in processing your request.

4. Information We Collect

We collect information that is reasonably necessary to provide, secure, maintain, and improve the service.

• Information you provide directly, such as your email address, password submitted during sign-up, sign-in, or reset, formula prompts, spreadsheet preference, and support communications.
• Account and authentication records, including hashed passwords, hashed password reset tokens with expiration timestamps, authentication tokens, usage counters, and account timestamps.
• Formula history and service-generated records, including generated formulas, timestamps, error flags, and token-usage metadata.
• A locally stored authentication token in browser extension local storage so you can remain signed in across sessions.
• Limited browser-context data, specifically the active tab URL, to help determine whether you are using Google Sheets or Microsoft Excel online.
• Technical and operational data such as IP address, request timing, diagnostics, crash logs, and abuse-prevention data.

5. How We Use Information

• To create and manage user accounts.
• To authenticate users and maintain signed-in sessions.
• To send password reset emails and account-related communications.
• To process prompts, generate formulas, and display formula history.
• To enforce daily usage limits and prevent abuse.
• To monitor reliability, investigate incidents, and debug service issues.
• To measure service performance, usage volume, and token consumption.
• To maintain internal operational alerts, monitoring, and reporting.
• To comply with legal obligations and protect our rights, users, systems, and business operations.

6. AI Processing and Model Training Notice

To generate formulas, prompt content may be sent to third-party AI model providers or model-hosting services, depending on how the service is configured at runtime.

Those providers may process submitted content under their own terms, privacy policies, data retention rules, and product settings. In some cases, a provider may use submitted data for service improvement, model training, or related model-development purposes unless a separate enterprise agreement, zero-retention setting, or other provider-specific restriction applies.

For that reason, you should not submit sensitive personal data, confidential business information, financial information, or other information you would not want processed by a third-party AI provider.

7. How We Share Information

We do not sell personal information to data brokers, and we do not use prompt content for targeted advertising.

• AI model providers or model-hosting providers used to process prompts and generate formulas. Depending on runtime configuration, this may include Groq, OpenRouter, or a self-hosted model endpoint.
• Email delivery providers used to send password reset emails. The current implementation uses Resend when configured.
• Hosting, infrastructure, and database providers that support application hosting, storage, and backend operations.
• Operational messaging or monitoring providers used for internal alerts and oversight.
• Professional advisors, auditors, insurers, legal counsel, regulators, law enforcement, or other parties where required by law or reasonably necessary to protect rights, safety, property, or the service.
• Successors, investors, counterparties, or affiliated entities in connection with a merger, acquisition, financing, restructuring, due diligence process, or sale of assets.

8. Legal Bases for Processing

• Performance of a contract, including account access, authentication, and formula generation.
• Legitimate interests in securing, maintaining, improving, monitoring, and supporting the service.
• Compliance with legal obligations.
• Consent, where consent is required by applicable law for a specific activity.

9. Data Retention

We retain information for as long as reasonably necessary for the purposes described in this Policy, including to operate the service, maintain account functionality, provide formula history, enforce limits, investigate abuse, troubleshoot problems, comply with law, and resolve disputes.

Current implementation examples include keeping account records while needed to provide the service and maintain account functionality, keeping formula history and generation metadata until they are deleted or no longer needed for operational purposes, and storing password reset token hashes only until they expire. Password reset tokens currently expire after one hour.

We may also retain limited technical logs, security records, and backup copies for a longer period where reasonably necessary for fraud prevention, abuse detection, legal compliance, dispute resolution, or business continuity.

10. Cookies and Analytics

Our website and browser extension may use essential local storage or similar browser-side technology needed to keep you signed in and make the service function properly.

We do not currently describe the use of advertising cookies, cross-site tracking pixels, or third-party website analytics on this page. If we add those tools in the future, we will update this Policy to describe what is used, what information is collected, and what choices you may have.

11. Your Rights and Choices

To submit a privacy-related request, contact yevhenn.c@gmail.com. We may need to verify your identity before acting on a request.

• You may have the right to request access to the personal information we hold about you.
• You may request correction of inaccurate or incomplete information.
• You may request deletion, restriction, objection, or portability where applicable and subject to legal or operational exceptions.
• You may withdraw consent where processing is based on consent.

12. Security

We use reasonable technical, administrative, and organizational safeguards designed to protect information from unauthorized access, loss, misuse, alteration, or disclosure.

Examples from the current implementation include storing passwords as hashes, storing password reset tokens as hashes with expiration timestamps, and limiting extension-side stored data primarily to the authentication token required for session continuity.

However, no system, network, storage environment, browser extension, or method of internet transmission is completely secure, and we cannot guarantee absolute security.

13. International Processing and Transfers

We and our service providers may process information in countries other than your own, and those countries may have data protection laws that differ from the laws of your jurisdiction.

14. Children's Privacy

The service is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

15. Third-Party Links and Services

Our website or extension may link to third-party services such as the Chrome Web Store, email providers, or other external websites. Those third parties operate under their own terms and privacy policies, and we are not responsible for their privacy practices.

16. Changes to This Policy

We may update this Privacy Policy from time to time. If we do, we will post the updated version and revise the last updated date shown on this page.

17. Contact

If you have questions, concerns, or privacy requests, contact yevhenn.c@gmail.com.