Privacy Policy

Last updated: January 2026

Summary

Excel Risk Check is designed with privacy as a core principle. Your uploaded files are processed ephemerally and deleted immediately after analysis. We do not store your spreadsheets, sell your data, or share file contents with third parties.

1. File Handling

When you upload an Excel file for analysis:

  • Temporary processing: Files are written to temporary storage solely for the duration of analysis (typically under 60 seconds).
  • Immediate deletion: Files are deleted immediately after analysis completes, regardless of success or failure.
  • No persistent storage: We do not store uploaded files in databases, cloud storage, or any long-term storage system.
  • Isolated processing: Each analysis runs in an isolated process that terminates after completion.

Technical detail: Files are processed using Python's tempfile module and explicitly deleted in a finally block to ensure cleanup even if errors occur.

2. What We Collect

Analysis Results

Analysis results (risk scores, issue counts, category breakdowns) exist only in memory during your session. We do not persist analysis results after they are returned to you.

Usage Metrics

For API users, we track basic usage metrics in memory:

  • Number of files analyzed
  • Number of requests made
  • Timestamps of requests

This data is stored only in server memory and is not persisted. It resets when the server restarts. We use this solely for rate limiting and usage reporting.

Telemetry (Opt-In Only)

Telemetry collection is disabled by default. If explicitly enabled by an API operator, we may collect anonymized performance metrics:

  • Operation durations (how long analysis takes)
  • Error counts and types (not error details)
  • Feature usage counts

When telemetry is enabled:

  • File paths and names are hashed using SHA-256 before transmission
  • File contents are never transmitted
  • All transmissions use HTTPS encryption

3. What We Do NOT Collect

  • File contents or cell values
  • Formula text or expressions
  • Personal data within spreadsheets
  • User account information (we have no user accounts)
  • Browsing history or tracking cookies

4. API Keys

If you use our API with an API key:

  • Keys are validated in memory only
  • Keys are never logged or included in error messages
  • We do not store API keys in databases (they are loaded from secure configuration)

5. Third-Party Services

Excel Risk Check does not send your file data to any third-party services. The analysis engine runs entirely on our servers without external API calls.

Our infrastructure uses:

  • Google Cloud Run: For API hosting (files never leave the processing container)
  • Vercel: For the web application frontend (no file data passes through Vercel)

6. Data Retention

Data Type Retention Period
Uploaded files Deleted immediately after analysis
Analysis results Not retained (returned to you only)
Usage metrics In-memory only (cleared on restart)
Server logs 30 days (standard cloud provider retention)

7. Security

  • All data transmission uses HTTPS/TLS encryption
  • File uploads are validated for type and size before processing
  • Analysis runs in isolated processes with resource limits
  • API authentication uses secure key-based validation

8. Your Rights

Because we do not store your files or personal data, there is nothing to delete or export. Your data exists only during the brief analysis window and is automatically removed.

If you have questions about how your data was handled, contact us and we can confirm the ephemeral processing model.

9. GDPR Compliance

For users in the European Union:

  • Data minimization: We collect only what is necessary for analysis
  • Purpose limitation: Data is used solely for providing risk analysis
  • Storage limitation: No persistent storage of file data
  • Right to erasure: Automatic—files are deleted immediately

We do not transfer personal data outside the processing region. Analysis occurs on servers in the United States (Google Cloud us-central1 region).

10. Children's Privacy

Excel Risk Check is designed for business use and is not directed at children under 13. We do not knowingly collect information from children.

11. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or for legal compliance. Material changes will be noted with an updated "Last updated" date at the top of this page.

12. Contact Us

If you have questions about this privacy policy or our data practices:

Email: support@excelriskcheck.com