Privacy Policy

Last updated: February 16, 2026

Overview

XLKeys ("we", "our", or "the extension") is a Chrome extension that brings Excel-style keyboard shortcuts, formula auditing, and analysis tools to Google Sheets. We are committed to protecting your privacy and being transparent about what data we access and how we use it.

Data We Access

Google Sheets Data

XLKeys accesses your Google Sheets data through the Google Sheets API solely to provide its core functionality. This includes:

  • Reading cell formulas and values for formula auditing (Trace Precedents, Trace Dependents)
  • Reading and writing cell values for Goal Seek and What-If Analysis
  • Applying formatting changes (number formats, colors, borders, fonts) that you initiate via keyboard shortcuts
  • Reading sheet metadata (sheet names, grid dimensions) to support navigation features

All spreadsheet data is processed locally in your browser or through direct authenticated calls to the Google Sheets API. We never send your spreadsheet data to our servers or any third party.

Google Account Information

When you sign in with Google, we access your email address and profile name for:

  • Displaying your identity in the extension popup
  • Verifying your license status with our licensing server

User Preferences

Your custom shortcut configurations, color palettes, and number format preferences are stored locally in Chrome's built-in storage (chrome.storage.sync) and synced across your Chrome browsers via your Google account. This data never touches our servers.

Data We Send to Our Servers

The only communication between the extension and our servers is for license verification. When checking your license status, we send:

  • Your Google OAuth token (used to identify your account)

Our licensing server (xl-keys.vercel.app) uses this token to look up your subscription status and returns only your license tier (free or pro) and expiration date. We do not store your OAuth token — it is used solely for the duration of the API call.

Data We Store

  • On our servers: Your email address, license tier, and Stripe customer ID (if you subscribe to Pro). This is the minimum needed to manage subscriptions.
  • In your browser: User preferences, cached license status, and a short-lived OAuth token cache. All stored via Chrome's extension storage APIs.

Third-Party Services

  • Google APIs: We use the Google Sheets API and Google Identity API to provide core functionality. Google's privacy policy applies to data processed by their services.
  • Stripe: If you subscribe to Pro, payment processing is handled entirely by Stripe. We never see or store your credit card information. See Stripe's privacy policy.
  • Supabase: Our backend uses Supabase for user account and license data storage.

Permissions Explained

  • activeTab: Allows the extension to interact with the current Google Sheets tab when you use it.
  • storage: Stores your preferences and cached license status locally in Chrome.
  • identity: Enables Google OAuth sign-in for Sheets API access and license verification.
  • Host permissions (docs.google.com, sheets.googleapis.com): Required to inject keyboard shortcut handling into Google Sheets and to call the Sheets API.

Data Retention & Deletion

If you uninstall the extension, all locally stored data (preferences, caches) is automatically removed by Chrome. To delete your account data from our servers, email us at the address below and we will remove your records within 30 days.

Children's Privacy

XLKeys is not directed at children under 13. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the extension after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy or your data, please contact us at: support@xlkeyz.com