Privacy Policy
Last Updated: May 10, 2026 · Effective: May 10, 2026
Key Points at a Glance:
- We do not permanently store your Excel file contents, cell values, or formulas
- Authentication is exclusively via Microsoft Azure AD — we never see your password
- Account data is stored in Google Cloud Platform, region: us-central1 (United States)
- For EU/EEA users, GDPR applies — Standard Contractual Clauses (SCC) govern data transfers
- You can request complete account deletion at any time by emailing us
1. Data Controller
The data controller for personal data processed in connection with Cellify.app is:
Piotr Janikowski (trading as Cellify.app)
NIF / NIE: ES4089233P
Spain
Email: contact@cellify.app
For any privacy-related questions or to exercise your data rights, contact us at the email address above. For GDPR requests, use subject line "GDPR Request" to ensure timely routing.
2. Data We Collect
Account & Authentication Data (via Microsoft Azure AD SSO)
When you sign in, Microsoft's identity platform provides us with the following from your JWT access token:
- Azure AD Object ID (OID) — your unique, permanent, pseudonymous identifier; used as our primary account key
- Email address
- Display name
We receive this data from Microsoft's secure token. We never ask for or store your Microsoft password.
Subscription & Usage Data (Firestore: subscriptions/{azureOid})
- Subscription plan:
free, pro, or power
- Monthly AI action counter (
actionsThisMonth) and lifetime total (totalActionsAllTime)
- Monthly action limit for your plan: 50 (Free), 1,000 (Pro), or 3,000 (Power)
- Chat-only messages (no Excel actions) do not count toward your limit
- Subscription status:
active, suspended, or cancelled
- Microsoft AppSource Subscription ID (when subscribed via AppSource)
- Subscription end date and grace period end date (if applicable)
- Account creation date (
createdAt) and last activity timestamp (lastSeen)
- Current billing month in YYYY-MM format (
currentMonth)
Session Data (Firestore: sessions/{sessionId})
To manage multi-device access and detect unauthorized session use:
- Session token hash (one-way hash — the original token is never stored)
- Device identifier (non-personal, derived from platform/browser info)
- Session creation and expiry timestamps
- Azure AD OID (links the session to your account)
AI Processing Data (Google Vertex AI — transient, not stored permanently)
- Your natural language chat messages (the prompts you type)
- Excel workbook context: active sheet name, table names and column headers, chart names and types
- Values of your currently selected cells (up to 10 rows) — only the range you have selected, never the full workbook
- If you attach a file (PDF, CSV, or image), its content is included in the request
- Conversation history within the current session (for multi-turn context)
- None of this data is retained on our servers after the AI response is delivered. Unselected cell values, formulas, and full workbook contents are never sent.
Note: Our AI system prompt instructions are cached in Google Vertex AI Context Cache (TTL: 30 days) purely for performance. This cache contains only our technical system instructions — no personal data or user content.
Website Registration Data (Firestore: website-registrations/{email})
If you submit the "Get Started Free" form on cellify.app before installing the add-in:
- Email address and name you submitted in the form
- Registration timestamp and optional message
- This data is stored separately from your add-in account and is not merged unless you explicitly create an add-in account
Operational Logs
- Server logs: Standard HTTP request logs (IP address, timestamp, endpoint, HTTP response code) on Google Cloud Run — retained up to 30 days, then auto-deleted
- Error logs (Firestore:
errors/{...}): Technical error details for debugging purposes, retained up to 30 days
- Security monitoring (Firestore:
security-probes/{userId}): Records of anomalous or potentially fraudulent request patterns, retained up to 90 days
What We Do NOT Collect
- Excel cell values, formulas, or file contents
- Passwords (Microsoft Azure AD manages all authentication)
- Payment card details (processed exclusively by Microsoft AppSource)
- Persistent browser fingerprints or cross-site tracking identifiers
- Location data beyond what may be inferred from IP address for security purposes
3. Legal Basis for Processing (GDPR Article 6)
For users in the EU/EEA, we process personal data on the following legal bases:
- Contract performance (Art. 6(1)(b)): Account creation, authentication, subscription management, usage limit enforcement, session management — all necessary to provide the Service you have contracted for
- Legitimate interests (Art. 6(1)(f)): Security monitoring, fraud prevention, error logging, and service improvement — our legitimate interest in maintaining a secure and reliable service, balanced against your privacy rights
- Legal obligation (Art. 6(1)(c)): Compliance with applicable laws and responding to lawful requests from competent authorities
- Consent (Art. 6(1)(a)): Website analytics (GA4 cookies on cellify.app) — you may withdraw consent at any time by adjusting your browser cookie settings
4. How We Use Your Data
- Authenticate your identity and create/manage your Cellify account
- Process your natural language commands and generate Excel actions via Google Gemini AI
- Enforce subscription tier limits (20 requests/month for Free; unlimited for Pro)
- Manage multi-device sessions and detect unauthorized access to your account
- Process subscription lifecycle events from Microsoft AppSource (purchase, renewal, cancellation, suspension)
- Restore PRO access after payment reinstatement within the 7-day grace period
- Detect and prevent fraud, abuse, and unauthorized API access
- Provide customer support
- Improve AI accuracy and service quality using aggregated, anonymized usage patterns
5. Data Storage, Security, and Retention
Storage Location: Google Cloud Platform, region us-central1 (Iowa, United States)
Security Measures
- Encryption in transit: TLS 1.3
- Encryption at rest: AES-256 (Google Cloud default)
- Authentication: Microsoft Azure AD OAuth 2.0 / MSAL NAA (Nested App Authentication)
- Backend on Google Cloud Run with IAM service account isolation
- All administrative API endpoints require authenticated admin tokens
- Session tokens stored as one-way cryptographic hashes (not reversible)
Data Retention
- Active accounts: Subscription data retained for the duration of your use plus 30 days after account deletion request
- Deleted accounts: All Firestore account and subscription data permanently deleted within 30 days of your deletion request
- AI conversation data: Not stored after the session ends. Vertex AI Context Cache stores only system prompt instructions (no user data), TTL 30 days, auto-renewed on deploy
- Server logs: Up to 30 days on Google Cloud Run, then auto-deleted
- Error logs: Up to 30 days, then deleted
- Security monitoring data: Up to 90 days
- Session data: Expires at session end or upon account deletion
- Website registration data: Retained until you request deletion or until it is superseded by your add-in account creation
6. Third-Party Services
- Microsoft Azure AD: Authentication and SSO token issuance — Microsoft Privacy Statement
- Google Cloud Firestore: Account, subscription, and session data storage
- Google Vertex AI (Gemini Flash): AI natural language processing of your commands
- Google Cloud Run: Backend API hosting
- Firebase Hosting: Frontend web hosting (Excel add-in taskpane and website)
- Microsoft AppSource: Subscription billing and lifecycle management — subject to Microsoft's privacy practices
- Google Analytics (GA4): Anonymized usage statistics on the cellify.app website only (IP anonymization enabled; not used inside the Excel add-in)
All Google services are governed by the Google Privacy Policy and Google Cloud Data Processing and Security Terms. Google has signed Standard Contractual Clauses for international data transfers.
7. Cookies and Analytics
The Cellify.app website (cellify.app) uses the following cookies:
- Essential cookies: Required for basic site security and functionality (no consent required under ePrivacy Directive)
- Analytics cookies (Google Analytics GA4): Help us understand how visitors use the website. IP anonymization is enabled. You may opt out via your browser settings or the Google Analytics Opt-out Browser Add-on.
The Excel add-in taskpane does not use tracking cookies or analytics.
8. Your Rights (GDPR)
If you are in the EU/EEA, you have the following rights regarding your personal data:
- Right of Access (Art. 15): Request a copy of all data we hold about you
- Right to Erasure (Art. 17): Request deletion of your account and all associated data ("right to be forgotten")
- Right to Data Portability (Art. 20): Receive your account and usage data in a structured, machine-readable format (JSON)
- Right to Rectification (Art. 16): Correct inaccurate personal data
- Right to Object (Art. 21): Object to processing based on legitimate interests
- Right to Restrict Processing (Art. 18): Request restriction of processing in certain circumstances
- Right to Withdraw Consent: Withdraw any consent you have given at any time (e.g., for analytics cookies) without affecting the lawfulness of prior processing
To exercise any of these rights, contact us at contact@cellify.app. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection supervisory authority (e.g., AEPD in Spain, UODO in Poland, or the authority in your country of residence).
9. International Data Transfers
Your data is processed in the United States (Google Cloud us-central1, Iowa). For EU/EEA users, this transfer is governed by Standard Contractual Clauses (SCC) as approved by the European Commission under GDPR Article 46(2)(c). Google Cloud Platform and Microsoft Azure are both certified under applicable data protection frameworks and maintain SCCs for international transfers. You may request a copy of applicable transfer safeguards by contacting us.
10. Children's Privacy
Cellify.app is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such data, please contact us immediately at contact@cellify.app and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated by email to registered users (using the email address from your Microsoft account) at least 14 days before taking effect. The updated policy will also be posted at cellify.app/privacy.html with the new effective date. Continued use of the Service after changes take effect constitutes your acceptance of the updated policy.
12. Contact
Data Controller: Piotr Janikowski (Cellify.app), Spain
NIF/NIE: ES4089233P
Email: contact@cellify.app
Website: https://cellify.app