Privacy Policy for Verex

Introduction

This Privacy Policy describes how Verex ("we," "our," or "the Add-in") collects, uses, processes, and protects information when you use our Excel Add-in for AI-powered spreadsheet verification. Verex is committed to protecting your privacy and handling your data with transparency and security.

Information We Collect

Spreadsheet Data

When you use Verex to verify your Excel workbooks, we temporarily process:

• Cell Contents: Values, formulas, and formatting from your active Excel workbook
• Worksheet Structure: Sheet names, cell references, and relationships between worksheets
• Formula Logic: Calculations and expressions contained in your spreadsheet cells

User Account Information

When you create an account with Verex, we collect:

• Email Address: Used for account authentication and service communications
• Authentication Credentials: Securely hashed passwords or authentication tokens for account security

Technical Information

We automatically collect:

• Session Data: Temporary session identifiers to maintain verification streams
• Usage Information: Feature usage patterns to improve service functionality

Information We Do NOT Collect

We do not collect or store:

• Personal identification information beyond email (such as name, phone number, or physical address)
• Excel files or workbook contents after verification completes
• Usage tracking across different sessions or workbooks
• Personally identifiable information (PII), except to the extent PII is included in spreadsheet data submitted for verification, which is processed solely for verification purposes and not retained after the verification session completes

How We Use Your Information

Primary Purpose: AI-Powered Verification

Your spreadsheet data is processed exclusively to:

1. Interpret Formulas: Analyze and explain spreadsheet logic and calculations
2. Verify Accuracy: Check formulas and calculations for potential errors or inconsistencies
3. Generate Reports: Provide real-time streaming verification results in the task pane

Processing with Third-Party AI Services

Google Cloud Vertex AI (Gemini 2.5 Pro): We transmit your spreadsheet data to Google's Vertex AI service for analysis and verification. This transmission:

• Occurs only when you explicitly click "Verify" in the Add-in
• Uses secure HTTPS/SSL encrypted connections
• Is limited to the minimum data necessary for verification
• Does not persist after your verification session completes

Critical Privacy Protections:

• No Model Training: Google Cloud does not use your data (prompts, spreadsheet content, or verification outputs) to train or improve its foundation AI models without your explicit permission
• No Logging in Production: We do not log, store, or retain prompts or AI-generated outputs in production environments
• Enterprise-Grade Privacy: Vertex AI complies with Google Cloud's AI/ML Privacy Commitment, ensuring customer data remains under customer control
• Zero Data Retention Option: Our configuration ensures your data is not cached or retained beyond the active verification session

Future AI Service Providers

We reserve the right to use alternative or additional AI service providers (such as Anthropic Claude, OpenAI, or others) to improve service quality, reliability, or performance. Any such changes will:

• Maintain equivalent or stronger privacy protections
• Be disclosed through updates to this Privacy Policy
• Notify users through the Add-in interface or AppSource listing
• Require AI providers that do not train on customer data

Data Retention

• Session Data: Automatically deleted when verification completes
• Temporary Processing: All spreadsheet content is removed from our servers immediately after verification results are delivered
• No Long-Term Storage: We do not store your workbook data, formulas, or verification results
• No Logging in Production: Prompts and AI outputs are never logged or persisted to disk in production environments

How We Share Your Information

Third-Party AI Service Provider

Google LLC (Vertex AI): We share your spreadsheet data with Google Cloud Vertex AI solely for AI-powered verification processing. This sharing is essential for the Add-in's core functionality and is subject to Google Cloud's enterprise privacy commitments.

We Do NOT Share With

• Advertisers or marketing companies
• Data brokers or analytics services
• Any other third parties for commercial purposes
• Any party for AI model training purposes

Legal Disclosure

We may disclose information if required by law, regulation, legal process, or governmental request.

Data Security

We implement industry-standard security measures:

• Encryption in Transit: All data transmission uses HTTPS/SSL (TLS 1.2 or higher)
• Secure Servers: Backend infrastructure follows secure coding and deployment practices
• Session Management: Temporary session identifiers expire automatically
• No Persistent Storage: Spreadsheet data is never written to permanent storage or logs
• Access Controls: Limited technical access to processing systems
• Production Security: No logging of sensitive prompts or outputs in production environments

User Consent and Control

Explicit Consent Required

By using Verex, you explicitly consent to:

• Transmission of your spreadsheet data to AI service providers for verification
• Temporary processing of your workbook contents as described in this policy
• Use of session identifiers to deliver streaming verification results

Control Over Your Data

• Opt-In Processing: Verification only occurs when you explicitly click "Verify"
• No Automatic Collection: We do not access your spreadsheet data without your action
• Session Termination: Close the Add-in to immediately end data processing
• No Background Processing: We do not process your data when the Add-in is not actively in use

Your Rights and Privacy Controls

Your Privacy Rights

Depending on your location, you may have rights under data protection laws including:

• Access: Request confirmation of what data we process (note: no data is retained after sessions)
• Deletion: Request deletion of your session data (automatically occurs after verification)
• Objection: Stop using the Add-in to prevent further data processing
• Portability: Verification results appear in the Add-in interface for you to copy or export

GDPR (EU/EEA Users): You have rights to access, rectification, erasure, restriction, objection, and data portability under the General Data Protection Regulation.

CCPA (California Users): You have rights to know what data is collected, delete data, and opt-out of data sales. Note: We do not sell personal information.

Exercising Your Rights

To exercise privacy rights or ask questions, contact us at: support@tryverex.com

Children's Privacy

Verex is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will delete the information immediately.

Office Add-in Permissions

Verex requires the following Microsoft Office permissions:

• ReadWriteDocument: Access to read workbook contents for verification and write verification results to the task pane interface

These permissions are necessary for the Add-in's core functionality. We do not access data beyond what is required for verification when you explicitly trigger it.

International Data Transfers

Your spreadsheet data may be transferred to and processed in:

• United States: Our backend servers
• Google Cloud Infrastructure: For Vertex AI processing (may include multiple regions)

These transfers are necessary for service functionality and protected by:

• Encryption in transit and at rest
• Compliance with applicable data transfer mechanisms (e.g., Standard Contractual Clauses)
• Google Cloud's data protection commitments for Vertex AI services
• Zero data retention configurations

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, AI service providers, or legal requirements. When we make material changes:

• The "Last Updated" date will be revised
• We will notify users through the Add-in interface or AppSource listing
• Continued use of Verex after changes constitutes acceptance of the updated policy
• Material changes affecting data processing will be clearly communicated

Compliance with Laws and Standards

This Privacy Policy and our data practices comply with:

• Personal Information Protection and Electronic Documents Act (PIPEDA) - Canada
• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Microsoft AppSource Certification Policies (Policy 1100.1 and related requirements)
• Office Add-in Security and Privacy Requirements
• Google Cloud AI/ML Privacy Commitment
• SOC, ISO, IEC, HIPAA, and PCI DSS standards (through Google Cloud Vertex AI)

Contact Information

For privacy questions, concerns, or to exercise your rights:

• Email: support@tryverex.com
• Website: https://tryverex.com
• Service Provider: Verex (Ontario, Canada)

Third-Party Links and Services

This Privacy Policy applies only to Verex. Our Add-in integrates with:

• Microsoft Office/Excel: Subject to Microsoft Privacy Statement
• Google Cloud Vertex AI: Subject to Google Cloud Privacy Notice and Google Cloud AI/ML Privacy Commitment

We are not responsible for the privacy practices of these third-party services. We recommend reviewing their privacy policies directly.

Data Protection Inquiries

For data protection inquiries or concerns about how we handle your information, contact: support@tryverex.com

Supervisory Authority

If you are located in the EU/EEA, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not adequately addressed your privacy concerns.