Privacy Policy

Effective Date: May 2026

Overview

Open Excel is a Chrome extension that lets you open, view, edit, save, and export Excel files (.xls, .xlsx) directly in Chrome. The core viewer/editor is local-first: by default, your workbook content is processed in your browser and is not uploaded to our servers unless you choose a feature that requires remote processing or storage.

Optional features may use Open Excel cloud storage, AI tools, Google Sheets export, authentication services, and payment processing. This Privacy Policy explains what data is processed, when it is uploaded, and how you can control it.

Data Processing: Local-First by Default

By default, Excel files are processed locally in your browser. We do not upload your workbook contents in the background. File content is uploaded only when you explicitly use a feature that requires it, such as:

• Cloud files / Save to Cloud (Pro): uploads the workbook to your Open Excel cloud storage so you can access it from your account.
• AI tools (Pro): sends the spreadsheet context you choose, together with your prompt, to our backend so an AI model can generate a response.
• Google Sheets export (optional): uploads the workbook to your own Google Drive and opens it in Google Sheets.

Local storage on your device

To provide core features, Open Excel stores some data locally in your browser:

• Excel file bytes are stored in the browser’s IndexedDB to support Recent files and local saving.
• Recent files list (metadata such as file name and internal file id) and settings are stored in chrome.storage.local.
• Session state may be stored in chrome.storage.local to keep you signed in.
• AI chat history is stored locally in your browser for convenience. It is not stored in your Open Excel cloud files.

You can remove individual recent items or clear the recent list. Clearing local browser data may also remove cached files, settings, and local AI history.

Account & Authentication (api.openexcel.org)

Some features, including editing, Pro features, Cloud files, and AI tools, may require sign-in. Open Excel offers:

• Google sign-in via Chrome Identity / OAuth
• Email OTP, a one-time code sent to your email address

When you sign in, we process minimal data needed for authentication, security, account management, and entitlements:

• Email address and account identifier
• Auth provider (Google or Email)
• Optional marketing consent, only if you choose it
• Privacy policy version and UI language
• Session and entitlement data, such as plan, enabled features, and usage limits
• Basic security signals, such as IP address and user agent, for abuse prevention and rate limiting

We do not upload Excel file contents to our servers as part of sign-in.

Cloud Files and Version History (Pro)

If you choose to save or open files in Open Excel Cloud, the workbook file bytes are stored in private cloud object storage and associated metadata is stored in our backend database. Metadata may include file name, owner account, file id, version id, version number, file size, timestamps, and pointers to stored objects.

Cloud files and their versions are used to provide features such as Save to Cloud, Open from Cloud, Copy Local → Cloud, Copy Cloud → Local, and Version History. Each Save to Cloud may create a new file version, up to the configured version limit.

Access to cloud file bytes is controlled by our backend using short-lived signed URLs. Cloud storage credentials are not exposed to the extension.

If your Pro access expires, we may restrict creating new cloud files, saving new versions, restoring versions, or using other Pro actions. To support data portability, we may continue to allow you to list, view, download, or delete your own existing cloud files and versions, subject to the Service’s current product rules.

AI Tools (Pro)

Open Excel AI tools can help audit spreadsheet structure, clean selected data, rewrite text, generate formulas, answer custom questions, and propose changes that you can review before applying. AI changes are not applied automatically; for patch-style actions, you must explicitly click Apply.

When you use AI tools, the extension sends the following to our backend:

• the action you selected, such as audit, clean, rewrite, formula, or custom;
• your optional user prompt or note;
• the spreadsheet context you choose, such as selected cells, the current sheet, or the workbook context;
• basic metadata needed to process the request, such as locale, range, sheet name, and usage accounting data.

The backend may send this context to an AI provider to generate the response. We use the AI request and response to provide the requested feature, validate safe patch operations, handle errors, and account for usage limits. AI provider behavior may be governed by that provider’s own terms and privacy practices.

We design AI requests to avoid sending more spreadsheet data than needed. For example, clean, rewrite, and formula actions are based on selected spreadsheet context, while broader audit or custom requests may use larger context only when you choose that scope. Do not send sensitive data to AI tools unless you are comfortable with it being processed for the requested AI feature.

Google Sheets Export (Optional)

If you click “Edit in Google Sheets”, the extension exports the current workbook and uploads it to your Google Drive, converts it to a Google Sheets file in your account, and opens it on docs.google.com. This upload happens only when you explicitly use this feature.

Payments and Billing

If you purchase Open Excel Pro, payments are processed by Paddle, our Merchant of Record. Paddle may collect billing information such as your name, email address, country, tax or VAT details, and payment method information to process transactions, calculate taxes, prevent fraud, provide receipts, and manage subscriptions. We do not store your full card number on our servers.

We may store billing-related identifiers and subscription status received from Paddle, such as customer id, subscription id, plan/price id, billing status, renewal or cancellation status, and relevant timestamps. We use this information to activate, update, or revoke Pro entitlements.

Permissions

The extension requests the following Chrome permissions:

• storage — store local settings, session state, recent file metadata, local AI history, and cached workbook bytes.
• identity — authenticate with Google when you sign in with Google and/or export to Google Sheets.

The extension also uses host permissions to access:

• https://accounts.google.com/* — Google OAuth sign-in flow
• https://www.googleapis.com/* — Google APIs for user info and Google Drive upload when requested
• https://docs.google.com/* — open exported spreadsheets in Google Sheets
• https://api.openexcel.org/* — Open Excel backend for authentication, entitlements, Cloud, AI, usage, and billing-related account status
• Open Excel cloud storage host — upload and download your cloud files through signed URLs when you use Cloud features

Google OAuth scopes

• userinfo.email — used for Google sign-in to retrieve your email address.
• drive.file — requested only when you click “Edit in Google Sheets”. This scope is limited to files you create or select with the app and does not provide access to your entire Google Drive.

Data Retention

• Local cached files / recent list / AI history: stored locally in your browser; you can remove items or clear browser data.
• OTP codes: expire after a short time and are used only to complete sign-in.
• Sessions: expire after a limited period; you can log out to clear local session data.
• Cloud files and versions: retained while your account uses Cloud features, until you delete them, or as otherwise required to provide the Service.
• Account, entitlement, billing, and security records: retained as needed for account operation, fraud prevention, legal compliance, billing, tax, and dispute handling.
• AI requests: processed to provide the requested AI feature and usage accounting. We do not use AI history as cloud file storage.

Security

We use reasonable technical and organizational measures to protect account data and cloud file access. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

Remote Code

The extension ships with all required assets and does not execute remote code.

Changes

We may update this Privacy Policy in the future. Updates will be posted here with a revised effective date.

Contact

For questions about this policy, email us at valmislab.studio@gmail.com.