ModelMonkey Logo

Privacy Policy for ModelMonkey

Last Updated: 23 August 2025

1. Introduction

ModelMonkey is an AI-powered data assistant that operates as a Google Workspace add-on for Google Sheets. We are committed to protecting your privacy and being transparent about how we collect, use, and protect your data. This privacy policy explains our data practices in detail.

Data Protection Officer: dpo@modelmonkey.io

2. Data We Collect and Why

2.1 Google Sheets Data

What we collect:

  • Spreadsheet content you choose to share with ModelMonkey (cell values, formulas, formatting)
  • Spreadsheet metadata (sheet names, cell ranges, chart configurations)
  • Your active selection and navigation context within spreadsheets

Why we collect it:

  • To provide AI-powered assistance with data analysis, formatting, and manipulation
  • To understand context for generating relevant responses
  • To execute requested operations (writing data, creating charts, formatting cells)

Legal basis: Legitimate interest (providing the service) and contract performance

2.2 Google Account Information

What we collect:

  • Google account email address
  • Basic Google profile information
  • OAuth access tokens for Google Sheets and Drive APIs

Why we collect it:

  • To authenticate your identity and authorize access to your spreadsheets
  • To maintain secure sessions and prevent unauthorized access

Legal basis: Contract performance and legitimate interest (security)

2.3 Conversation and Interaction Data

What we collect:

  • Your questions and instructions to ModelMonkey
  • AI assistant responses and tool usage logs
  • Session duration and interaction patterns

Why we collect it:

  • To provide personalized AI assistance
  • To improve service quality and troubleshoot issues
  • To maintain conversation context during your session

Legal basis: Legitimate interest (service improvement) and contract performance

2.4 Technical Data

What we collect:

  • IP address and approximate location (city-level via GeoLite2 database)
  • Browser type and version
  • Timestamp of requests
  • Performance metrics and error logs

Why we collect it:

  • To ensure service security and prevent abuse
  • To optimize performance and diagnose technical issues
  • To comply with legal obligations

Legal basis: Legitimate interest (security and service optimization)

3. How We Process Your Data

3.1 AI Processing

We use third-party AI model providers to process your spreadsheet data and questions. When you interact with ModelMonkey:

  • Only spreadsheet data relevant to your specific request and questions are sent to Anthropic's API
  • The AI generates responses based on this data
  • We do not store your spreadsheet data permanently - it is only processed during your active session
  • We do not store conversations permanently unless you enable conversation history

3.2 Spreadsheet Operations

ModelMonkey can perform various operations on your spreadsheets:

  • Reading and writing cell data
  • Creating and formatting charts
  • Manipulating sheet structure (rows, columns, formatting)
  • Searching through spreadsheet content using our search system

3.3 Data Indexing

For spreadsheet search functionality:

  • We create searchable indexes of your spreadsheet content for search purposes only
  • These indexes contain metadata and search vectors, not your original spreadsheet data
  • Indexes are stored in our PostgreSQL database with encryption at rest
  • Your original spreadsheet data remains only in your Google Sheets - we do not store copies

4. Data Sharing and Third Parties

We do not transfer user data to any third party for advertising (targeted, personalized, retargeted, interest-based), for sale to data brokers/information resellers, for determining credit-worthiness, or for lending purposes.

4.1 AI Model Provider

  • Data shared: Only spreadsheet content relevant to your specific request, your questions, and necessary context
  • Purpose: AI-powered assistance and response generation
  • Data location: Our AI provider's secure cloud infrastructure
  • Retention: Subject to our AI provider's data retention policies
  • Legal basis: Contract performance and legitimate interest
  • Restrictions: No secondary use; no training of generalized models without explicit consent; no advertising use; retention only as needed to serve the request

4.2 Google APIs

  • Data shared: OAuth tokens and API requests to access your spreadsheets
  • Purpose: Reading from and writing to your Google Sheets
  • Data location: Google's infrastructure
  • Legal basis: Contract performance

4.3 Web Search Services (Brave Search)

  • Data shared: Only the web query text is sent. We do not send your data or spreadsheet content with web search requests.
  • Purpose: To fulfill requests that require up-to-date information from the internet
  • Legal basis: Contract performance

5. Data Storage and Security

5.1 Data Storage

  • Session data: Stored temporarily during active sessions, automatically cleaned up
  • Spreadsheet data: Not stored permanently - only processed during active sessions
  • Spreadsheet indexes: Search metadata and vectors stored in encrypted PostgreSQL database (not original data)
  • Logs: Retained for 30 days for debugging and security monitoring
  • Configuration: User preferences stored in Google Apps Script properties

5.2 Security Measures

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for database storage
  • Regular security monitoring and audit logs
  • Access controls limiting data access to authorized personnel only

5.3 Data Location

  • Primary servers: Singapore
  • Third-party processors: See section 4 above

6. Data Retention

  • Spreadsheet data: Not stored permanently - only processed during active sessions and immediately discarded
  • Session data: Deleted when session ends or after 24 hours of inactivity
  • Spreadsheet indexes: Search metadata retained while you use the service, deleted within 30 days of account deletion
  • Error logs: Retained for 90 days for debugging purposes
  • Authentication tokens: Expire automatically based on Google's OAuth policies

7. Your Rights

Under GDPR, CCPA, and other privacy laws, you have the right to:

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Restriction: Limit how we use your personal data
  • Portability: Receive your data in a structured format
  • Object: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent

To exercise these rights, contact us at [privacy contact].

8. Google Workspace Marketplace Compliance

8.1 OAuth Scopes and Justification

ModelMonkey requests the following Google OAuth scopes:

  • https://www.googleapis.com/auth/spreadsheets.currentonly - Required to read and modify your spreadsheets as requested
  • https://www.googleapis.com/auth/drive.file - Required to access spreadsheet metadata and continually index spreadsheet data for search
  • https://www.googleapis.com/auth/script.container.ui - Required for the Google Sheets sidebar interface
  • https://www.googleapis.com/auth/script.external_request - Required to communicate with our AI backend
  • https://www.googleapis.com/auth/userinfo.email - Required for user authentication and session management

8.2 Limited Use Disclosure

ModelMonkey's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

9. Children's Privacy

ModelMonkey is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13.

10. International Data Transfers

When you use ModelMonkey, your data may be transferred to and processed in countries outside your jurisdiction, including the United States. We ensure appropriate safeguards are in place for such transfers.

11. Changes to This Policy

We may update this privacy policy periodically. When we make material changes, we will:

  • Update the "Last Updated" date
  • Notify users through the Google Sheets add-on interface
  • For significant changes, request renewed consent where required

12. Contact Information

For privacy-related questions or to exercise your rights:

  • Email: dpo@modelmonkey.io

For technical support or general inquiries about ModelMonkey, please use our standard support channels.