Privacy Policy

Last updated: May 7, 2026  ·  Developer: CloudNetix  ·  support@cloudnetix.de

1. About Sheet Audit Pack

Sheet Audit Pack is a free Google Sheets add-on developed by CloudNetix. It analyses the currently active spreadsheet for formula errors, structural risks, and governance issues, and produces three audit outputs (Audit Summary, Audit Issues Log, Audit Formula Map) inside the same spreadsheet. Optionally, it can export a formatted audit report to a Google Drive folder you select. All processing runs on Google Apps Script and Google Cloud infrastructure. No spreadsheet content is sent to CloudNetix-controlled servers.

This Privacy Policy describes what Google user data the add-on accesses, how it is used, how long it is retained, and how you can delete it.

2. Data Access

Sheet Audit Pack accesses Google user data solely to provide its audit functionality. All data is accessed through Google APIs using the minimum required OAuth scopes.

Scope-to-feature mapping:

OAuth Scope	What it permits	How Sheet Audit Pack uses it
spreadsheets.currentonly	Read and write access to the currently active spreadsheet only	Reads spreadsheet structure (sheet names, dimensions, formulas, display values, protections, named ranges, filters, merged ranges, data-validation rule counts, conditional-formatting rule counts) to run audit checks; writes three audit output sheets (Audit Summary, Audit Issues Log, Audit Formula Map) back to the same spreadsheet.
drive.file	Access only to files and folders explicitly selected by the user or created by the add-on	Reads the ID and name of the output folder you select via the folder picker; creates and saves the exported Google Docs audit report to that folder via Drive API v3.
script.container.ui	Display UI elements (sidebar, dialogs) inside Google Sheets	Displays the audit sidebar and the Google Drive folder picker modal; passes the OAuth token to the client-side Google Picker.

Google Sheets data read:

• Spreadsheet name, ID, URL, timezone, locale
• Named ranges (name and A1 notation for each)
• For each sheet: name, index, hidden status, max dimensions, used range extent (last row/column), frozen rows/columns, filter presence, merged ranges, protections, data validation rule count, conditional formatting rule count
• Formula strings for all cells in the used range (empty string for non-formula cells)
• Display values for all cells in the used range (used to detect formula error tokens such as #REF! or #NAME?)
• All data is read from the currently active spreadsheet only. The add-on cannot access any other spreadsheet.

Google Sheets data written:

• Three new sheets are created: "Audit Summary", "Audit Issues Log", "Audit Formula Map".
• Audit Summary: spreadsheet name, risk score, risk drivers, KPI metrics, priority findings, workbook overview (sheet names, row/column counts, formula counts, validation counts, frozen status, filter status), spreadsheet ID, timezone, locale, named range count, protection count.
• Audit Issues Log: up to 3,000 rows containing severity, category, sheet name, cell/range reference, issue description, details, recommendation, formula or evidence string, and audit check name.
• Audit Formula Map: sheet name, column/region, dominant formula pattern, formula count, outlier count, sample formulas, and risk notes.

Google Drive data accessed:

• The folder picker is the official Google Picker UI provided by Google. The add-on receives only the ID and name of the folder you explicitly select. It does not enumerate, list, or access any other files or folders in your Drive.
• The add-on creates a single Google Docs file inside that folder using Drive API v3 (Drive.Files.create).
• The exported Google Doc contains: spreadsheet name and ID, audit timestamp, risk score, all audit findings (same content as Issues Log), sheet metadata overview, priority findings, and recommended actions.
• The exported file is owned by you, stored in your Google Drive, and subject to your Drive access controls. CloudNetix has no access to it.

Add-on configuration stored in user properties:

• targetFolderId — Google Drive folder ID for report export
• targetFolderName — display name of the selected folder
• reportMode — selected report mode
• scope — audit scope ("all", "visible", or "selected")
• selectedSheets — JSON array of sheet names selected for auditing (when scope is "selected")
• enabledChecks — JSON object of audit check toggles
• enabledOutputs — JSON object of output toggles
• Stored in Google Apps Script user properties, scoped to the user and the script.

3. Data Usage

This section uses Google's verbatim recommended Limited Use compliance statement and mirrors the Limited Use clauses of both the Google API Services User Data Policy and the Google Workspace API Services User Data and Developer Policy, so the disclosures match Google's published policy text.

Appropriate use case: Sheet Audit Pack is a productivity application that handles a user's Drive files (and their metadata) only via the application's user interface. This matches Google's approved use case for productivity and educational applications that handle Drive files (or their metadata or permissions) via the application's user interface.

Purposes for which Google user data is used:

Google user data accessed by Sheet Audit Pack is used exclusively to provide and improve the user-facing audit features that are visible and prominent in the add-on's sidebar interface, namely:

• Analysing the active spreadsheet to detect formula errors, structural risks, and governance issues
• Generating in-spreadsheet audit outputs (Audit Summary, Audit Issues Log, Audit Formula Map) written back to your spreadsheet
• Exporting a formatted Google Docs audit report to the Google Drive folder you explicitly select, if you choose that output
• Remembering your sidebar configuration between sessions, so you do not have to re-select your audit options each time
• Diagnosing errors using technical metadata only — no spreadsheet content, file content, or user identifiers are recorded

Limited Use commitments:

Sheet Audit Pack:

1. Limits its use of data to providing or improving the appropriate use case and user-facing features that are visible and prominent in the requesting application's user interface.
2. Does not transfer Google user data to any third party, except: (a) to provide or improve the appropriate use case or user-facing features visible and prominent in the application's user interface and only with the user's consent (the only such transfer is the user-initiated export of the audit report to a Drive folder the user explicitly selects via the Google Picker — the file remains in the user's own Google account); (b) for security purposes (for example, investigating abuse); (c) to comply with applicable laws and/or regulations; or (d) as part of a merger, acquisition, or sale of assets of the developer after obtaining explicit prior consent from the user.
3. Does not allow humans (CloudNetix staff, contractors, or any third party) to read Google user data, unless: (a) we have obtained and documented the user's explicit consent to read specific data; (b) the data (including derivations) is aggregated and anonymised and used for internal operations in accordance with applicable privacy laws; (c) it is necessary for security purposes (for example, investigating abuse); or (d) to comply with applicable laws and/or regulations.
4. Does not transfer or sell Google user data to third parties such as advertising platforms, data brokers, or information resellers.
5. Does not transfer, sell, or use Google user data for serving ads, including retargeting, personalised or interest-based advertising.
6. Does not transfer, sell, or use Google user data to determine credit-worthiness or for lending purposes.
7. Does not transfer, sell, or use Google user data to create, train, or improve any machine learning or artificial intelligence model. Sheet Audit Pack does not incorporate AI or ML functionality of any kind. (See Section 7 for full AI/ML disclosure.)

Processing location:

Spreadsheet content is processed in memory by Google Apps Script during the audit run and is not sent to any non-Google server. Audit outputs (the Audit Summary, Audit Issues Log, and Audit Formula Map sheets, plus the optional exported Google Docs report) are written only to your own Google Sheets spreadsheet or your chosen Google Drive folder, where they remain under your control. Sheet Audit Pack does not access any spreadsheet other than the one currently active when you run the audit. Sheet Audit Pack does not scrape Google user data, build databases from it, or create permanent copies of it on CloudNetix-controlled systems.

4. Data Sharing

Sheet Audit Pack does not sell, rent, or share Google user data with any third party. There are no third-party sub-processors of Google user data. All processing occurs within Google's infrastructure:

• Spreadsheet content is processed in memory by Google Apps Script during the audit run and never leaves Google's infrastructure.
• Generated outputs are written to your Google Sheets spreadsheet or your chosen Google Drive folder — both remain in your Google account.
• Operational logs are stored in Google Cloud Logging under CloudNetix's Google Cloud Platform project. These logs contain only technical metadata: event name, timestamp, run identifier, execution context (audit scope, sheet count, enabled-check count, durations), and — for errors — error type, error message, stack trace, and a temporary support code. They never contain spreadsheet content, file content, email addresses, or Google account identifiers.

5. Data Storage & Protection

Sheet Audit Pack treats all user data securely in transit and at rest, in line with the security requirements of the Google Workspace API Services User Data and Developer Policy.

Sheet Audit Pack operates no external servers, databases, or object storage. All storage occurs within Google's infrastructure:

• Per-user settings are stored in Google Apps Script user properties (PropertiesService.getUserProperties()), scoped to the user and the script, accessible only by the add-on.
• Generated outputs (the three audit sheets and the optional Google Docs report) are stored in your own Google account (Google Sheets and Google Drive). They are owned by you and are subject to Google's security and access controls.
• Operational logs are stored in Google Cloud Logging under CloudNetix's Google Cloud Platform project (project ID sheet-audit-pack), protected by Google Cloud IAM access controls. Access to these logs is restricted to Maher Mahouachi (CloudNetix's developer and operator), and is used only to diagnose errors and operational issues. Logs are retained for up to 30 days.

Transport and at-rest protection:

• All communication between the user's browser, Google Apps Script, Google Sheets, Google Drive, and Google Cloud Logging uses HTTPS (TLS), as enforced by Google's infrastructure.
• Per-user settings stored in Google Apps Script user properties are encrypted at rest by Google.
• Operational logs stored in Google Cloud Logging are encrypted at rest by Google.
• Sheet Audit Pack does not maintain any OAuth access tokens or refresh tokens of its own — all authorisation flows are handled by Google Apps Script and Google's OAuth system. There are no credentials, tokens, or keys stored outside Google's systems.

Marketing website hosting:

The public marketing website at sheet-audit-pack.cloudnetix.de (containing this Privacy Policy, the Terms of Service, and product information) is served by Cloudflare Pages over HTTPS. The website does not receive, transmit, or process any Google user data. Cloudflare functions only as the static-site host for marketing pages, and is not a subprocessor of Google user data.

6. Data Retention & Deletion

Retention:

• Per-user settings — retained in Google Apps Script user properties until you reset or uninstall the add-on.
• Generated outputs — remain in your Google Sheets file or your Google Drive folder until you delete them.
• Operational logs — retained for up to 30 days in Google Cloud Logging, then automatically deleted.

How to delete your data:

Sheet Audit Pack provides a clear deletion path for each category of data. The procedures below cover everything Sheet Audit Pack interacts with.

How to delete your add-on settings

Your audit configuration (folder, scope, selected sheets, report mode, check and output toggles) is stored in Google Apps Script user properties tied to your own Google account. You can clear it at any time:

• Reset (recommended): Open the Sheet Audit Pack sidebar in Google Sheets and click the Reset button (a confirmation prompt protects against accidental clicks). Reset calls PropertiesService.getUserProperties().deleteProperty() for every settings key Sheet Audit Pack uses.
• Uninstall: Uninstall Sheet Audit Pack from Google Sheets. This removes the add-on's authorisation; afterwards it can no longer read or write any settings tied to your account.

For technical context: Apps Script user properties are scoped to (user, script) and are only accessible during your own execution of the add-on. This means the Reset and Uninstall paths above are the deletion methods available to you. If you ever need help with deletion, contact support@cloudnetix.de and we will guide you through the steps.

How to delete your audit outputs

The three audit sheets (Audit Summary, Audit Issues Log, Audit Formula Map) and the optional exported Google Docs report live in your own Google account:

• Audit sheets: open the spreadsheet, right-click the relevant tab(s), and choose Delete.
• Exported Google Docs report: open your Google Drive, locate the file in the folder you selected at export time, and delete it.

These files are owned by you and managed entirely under your Google account's standard access controls. If you need help locating or deleting an output, contact support@cloudnetix.de.

How to request deletion of operational log entries

Operational logs are stored in CloudNetix's Google Cloud Logging project (sheet-audit-pack). To respect your privacy, the only identifier attached to a log entry is a temporary support code generated by Google Apps Script (Session.getTemporaryActiveUserKey()). Per Google's documentation, this support code is anonymous (it does not reveal your identity), unique to your user-script pair within Sheet Audit Pack, and rotates periodically.

To request deletion of log entries that may relate to you:

1. Locate the support code shown by the add-on at the time of the error you want deleted.
2. Email that support code (and, ideally, the approximate date and time of the error) to support@cloudnetix.de.
3. CloudNetix will delete the matching log entries, provided the support code has not yet rotated (typically rotation occurs within a few weeks).

If you do not have a support code (no error occurred, or your support code has rotated since the error), CloudNetix is happy to assist — please contact us with whatever details you have. Note that because logs contain no email address, Google account ID, or other personal identifier, locating specific entries without a support code may not be technically possible. In all cases, all operational logs are automatically deleted after 30 days, after which no log data exists.

For any other data-related question, contact support@cloudnetix.de.

7. Artificial Intelligence and Machine Learning

This section mirrors the AI/ML clause of the Google Workspace API Services User Data and Developer Policy, which prohibits "transferring, selling, or using user data to create, train, or improve a machine learning or artificial intelligence model beyond that specific user's personalized model for the appropriate use case or user-facing feature."

Sheet Audit Pack does not transfer, sell, or use Google user data — including spreadsheet content, formulas, cell display values, sheet metadata, file content, file names, or any other data obtained from Google Workspace APIs — to create, train, or improve any machine learning or artificial intelligence model.

This commitment applies without exception. Sheet Audit Pack does not incorporate any AI or machine-learning functionality. All audit analysis is deterministic and rule-based, performed by Google Apps Script during the audit run. There is no personalised AI/ML model, generalised AI/ML model, or any other AI/ML use of Google user data, whether by CloudNetix, by a third party, or by any subprocessor.

Sheet Audit Pack does not retain Google user data for any AI or ML training purpose. Spreadsheet content read during an audit is processed in memory by Google Apps Script and is not retained by CloudNetix after the audit run completes. Audit findings (which may include short formula strings as evidence) are written back to your own spreadsheet and, optionally, your own exported Google Doc — both remain in your Google account, under your control.

8. Prohibited Uses

Sheet Audit Pack explicitly does not:

• Sell, rent, transfer, or broker Google user data to any third party
• Use Google user data for targeted advertising, interest-based advertising, or user profiling
• Build or contribute to any database of users or user data derived from Google APIs
• Use spreadsheet content, file content, or any Google user data to train AI or ML models
• Store, cache, or transmit spreadsheet content outside of Google's infrastructure
• Collect or store email addresses or Google account identifiers
• Access any spreadsheet other than the one currently active when the add-on runs

9. Logging and Support Diagnostics

Sheet Audit Pack does not log spreadsheet content, formulas, cell values, Google Drive file content, file names, email addresses, or Google account identifiers.

When an audit runs or an error occurs, the add-on may record only the following technical metadata in CloudNetix's Google Cloud Logging project: event name, timestamp, run identifier (a per-run UUID), execution context (such as audit scope, sheet count, enabled-check count, durations), and — for errors — error type, error message, stack trace containing only script function names and line numbers, and a temporary support code.

About the support code: The support code is generated by Session.getTemporaryActiveUserKey(). Per Google's documentation, this key:

• Is unique to the user within Sheet Audit Pack
• Does not reveal the user's identity
• Rotates periodically

The support code is shown to the user only when an error occurs (so you can include it in a support email). CloudNetix uses it solely to locate the matching log entry when you contact support. Because the code is anonymous and rotates, CloudNetix has no way to associate logs with a specific user without it.

10. Your Choices

You control which outputs are generated, whether to export a Google Docs report, and which Drive folder is used. You may reset your configuration or stop using the add-on at any time. To clear your per-user settings, use the Reset button in the sidebar, or uninstall Sheet Audit Pack from Google Sheets. See Section 6 for the full deletion procedure. For any other data-related requests, contact support@cloudnetix.de.

11. Lawful Basis and Your Rights (EU/UK Users)

Data controller

The data controller for personal data processed by Sheet Audit Pack is:

• Maher Mahouachi (operating under the trading name CloudNetix)
• Braunschweig, Germany
• Email: support@cloudnetix.de

For the full statutory contact address and other legal disclosures, see our Impressum.

If you are located in the European Economic Area (EEA), the General Data Protection Regulation (GDPR) grants you certain rights. Users located in the United Kingdom enjoy equivalent rights under the UK GDPR and the Data Protection Act 2018.

Lawful basis for processing (GDPR Article 6)

CloudNetix processes Google user data on the following lawful bases:

• Article 6(1)(a) — consent: when you install Sheet Audit Pack, authorise the OAuth scopes, and run an audit, you give explicit consent for the add-on to access the Google user data listed in Section 2. You may withdraw your consent at any time by uninstalling Sheet Audit Pack from Google Sheets (Extensions → Add-ons → Manage add-ons). Withdrawal stops future processing; data already processed follows the retention and deletion procedures described in Section 6.
• Article 6(1)(f) — legitimate interests: CloudNetix has a legitimate interest in recording minimal technical metadata (event name, timestamp, run identifier, execution context, error type, error message, and an anonymous support code) for the purpose of detecting and resolving operational errors. This interest is balanced against your privacy by being narrow in scope, excluding spreadsheet content and direct user identifiers, and subject to automatic deletion after 30 days.

Your data protection rights

You have the following rights under the GDPR (and equivalent rights under the UK GDPR). Where Sheet Audit Pack already supports a right through its design, the existing mechanism is noted; for any other request contact support@cloudnetix.de.

• Right of access (Article 15): you have the right to obtain confirmation of whether personal data about you is processed and, if so, a copy of that data. Your add-on settings are visible in the sidebar; your audit outputs are stored in your own Google account. You can also email support@cloudnetix.de at any time to request confirmation of what (if any) personal data CloudNetix holds about you, including any operational log entries identifiable by support code.
• Right to rectification (Article 16): you can update your add-on settings at any time via the sidebar.
• Right to erasure (Article 17): see Section 6 for the deletion procedure for each data category.
• Right to restrict processing (Article 18): you can disable individual audit checks, change scope, or stop using the add-on at any time.
• Right to data portability (Article 20): your audit outputs are standard Google Sheets and Google Docs files which you can download, copy, or transfer using Google's own export tools.
• Right to object (Article 21): you have the right to object, on grounds relating to your particular situation, to processing of operational metadata carried out under Article 6(1)(f) (legitimate interests) for error diagnosis. To exercise this right, email support@cloudnetix.de. You can also stop all processing immediately by uninstalling Sheet Audit Pack.
• Right to withdraw consent (Article 7(3)): you may withdraw your consent at any time by uninstalling Sheet Audit Pack. Withdrawal does not affect the lawfulness of processing before withdrawal.

Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority.

The supervisory authority for the data controller (operating from Lower Saxony, Germany) is:

• Der Landesbeauftragte für den Datenschutz Niedersachsen
• Postal address: Postfach 221, 30002 Hannover, Germany
• Visitor address: Prinzenstraße 5, 30159 Hannover, Germany
• Telephone: 0511 120-4500
• Email: poststelle@lfd.niedersachsen.de
• Website: www.lfd.niedersachsen.de

You may also lodge a complaint with the supervisory authority of the EEA member state where you reside or where the alleged infringement occurred. A list of EEA supervisory authorities is published by the European Data Protection Board at edpb.europa.eu. Users in the United Kingdom may lodge a complaint with the Information Commissioner's Office (ico.org.uk).

Personal data breach notification

If a personal data breach occurs in relation to Sheet Audit Pack, CloudNetix will comply with its notification obligations under Articles 33 and 34 of the GDPR, including notification to the competent supervisory authority and, where applicable, to affected users.

International data transfers

All Google user data processed by Sheet Audit Pack remains within Google's own infrastructure. Sheet Audit Pack does not initiate any transfer of Google user data outside Google's infrastructure. Any cross-border data transfer that may occur as part of Google's operation of its services is governed by Google's own privacy and data-transfer policies, published at policies.google.com/privacy.

Automated decision-making

Sheet Audit Pack performs automated rule-based analysis of your spreadsheet to generate the audit findings. This processing does not produce legal effects concerning you and does not constitute automated decision-making within the meaning of Article 22 GDPR. No profiling is performed.

Children

Sheet Audit Pack is intended for adult professional and educational use. The add-on is not directed at children under 16, and CloudNetix does not knowingly collect or process personal data from children under 16. If you become aware that a child under 16 has used Sheet Audit Pack, please contact support@cloudnetix.de. CloudNetix will delete any associated data within its control and will provide guidance for deleting any data held in the user's own Google account.

12. Cookies on the Marketing Website

The Sheet Audit Pack add-on (the sidebar inside Google Sheets and the Google Docs export) does not set or read any cookies on your device. The disclosures below relate solely to the public marketing website at sheet-audit-pack.cloudnetix.de.

The marketing website is hosted on Cloudflare Pages. Depending on your browser, your network, and which Cloudflare features are active during your visit, Cloudflare may set one or more cookies that Cloudflare describes as necessary to operate its security and content-delivery services. The two cookies most likely to appear in connection with this site are:

• __cf_bm — set by Cloudflare to support its Bot Management and Bot Fight Mode services. Per Cloudflare's documentation, this cookie expires after 30 minutes of continuous inactivity by the end user.
• cf_clearance — set by Cloudflare only after a security challenge has been solved. It stores proof that the challenge was passed.

Cloudflare may also set additional cookies in connection with specific security, rate-limiting, or always-online features. Cloudflare publishes the complete and current list (with purposes and lifetimes) in its Cloudflare cookies reference.

You can check which cookies, if any, are currently set on your device by opening your browser's developer tools (Application → Cookies) while viewing the marketing website.

These cookies are described by Cloudflare as necessary to operate its security and content-delivery services. They are not used for analytics, advertising, behavioural profiling, or cross-site tracking. The marketing website does not load Google Analytics, Google Tag Manager, advertising pixels, social-media trackers, or any other third-party analytics or marketing scripts.

You can clear or block cookies at any time through your browser settings. Doing so may affect the security checks performed by Cloudflare on the marketing website but will not affect your use of the Sheet Audit Pack add-on inside Google Sheets.

This disclosure is provided in line with § 25 TDDDG, the EU ePrivacy Directive, and Article 13 of the GDPR.

13. Changes To This Policy

This Privacy Policy may be updated from time to time. The latest version will always be published at this URL.

14. Contact

For questions about this Privacy Policy, contact support@cloudnetix.de.