Privacy Policy

Last Updated: February 2026

1. Introduction

This Privacy Policy explains how AI Sheet Filler ("Service") handles information when you use our open-source MCP server for managing tabular data with Google Sheets.

1.1 Scope and data controller

This Privacy Policy applies to the hosted AI Sheet Filler service offered at ai-sheet-filler.com. For this hosted offering, the data controller (operator) is the operator of ai-sheet-filler.com (contact: see section 12).

If you self-host the Service (run the server yourself), you are the data controller for that instance. You are responsible for complying with applicable data protection law and should provide your users with your own privacy policy. This document does not cover self-hosted deployments.

2. Information We Collect

2.1 User Identity

When using HTTP transport, we collect your email address from your Google OAuth token for the purpose of:

  • Authenticating requests
  • Per-user token isolation (if separate auth flow is used)

2.2 Optional Debug Logging

The Service may log (when the server operator enables debug logging):

  • Tool invocations and operations performed
  • Error messages and stack traces
  • Timestamps of operations

Logs collected with the private mask do not contain field values, OAuth tokens, or other unmasked personal data.

2.3 Website Analytics

The ai-sheet-filler.com website may use Google Analytics. For that processing, Google's Privacy Policy applies.

3. Information We Do NOT Collect (Service)

The Service (the MCP server) does NOT:

  • Store your spreadsheet data on our servers
  • Track your usage with cookies or analytics
  • Collect browsing history or device information
  • Share any information with third parties except: Google APIs (used to operate the Service), and the client application you use to access the Service (e.g. ChatGPT, Claude), to which responses and results are returned

The above applies only to the Service. The ai-sheet-filler.com website may use analytics as described in section 2.3.

4. Data Storage

4.1 Your Data Location

All your tabular data is stored in Google Sheets documents that you own and control. The Service acts as a bridge to read and write this data but does not retain copies.

4.2 Token Handling

Access tokens: They are validated per-request and returned only to the client. During the OAuth code exchange flow, a Google access token is temporarily held in the server database for a maximum of 10 minutes; it is single-use and deleted immediately after exchange or on expiry.

When the built-in OAuth Authorization Server is used: The Service stores in SQLite (via AUTH_DB_PATH) mappings of opaque refresh tokens to Google refresh tokens, registered OAuth client data (client_id, client_secret, redirect_uris), and transient OAuth flow state (pending authorizations, pending Google auth requests). Transient entries are single-use with a 10-minute TTL. Token exchange and API calls use TLS in transit. Access to the auth database is restricted (least privilege) to the Service process only.

5. Third-Party Services

The Service integrates with Google services:

5.1 Google Sheets API

5.2 Google OAuth 2.0

  • Used for authentication
  • Token validation performed via Google's tokeninfo endpoint
  • Subject to Google's Privacy Policy

6. Google API Services User Data Policy (Limited Use)

AI Sheet Filler's use of information received from Google APIs (including the Google Sheets API) will adhere to the Google API Services User Data Policy and the Google Workspace API User Data and Developer Policy, including the Limited Use requirements.

  • We do not sell Google user data.
  • We do not use Google user data for advertising, retargeting, or user profiling.
  • We do not use or retain Google user data obtained via Google Workspace APIs to develop, improve, or train generalized (non-personalized) AI/ML models.
  • We only access and use Google user data to provide the functionality you explicitly request (reading and writing to the spreadsheets you connect).
  • We do not allow humans to access Google user data except where necessary for security/legal compliance, or with your explicit consent for a specific support action.

7. Data Retention

7.1 Spreadsheet Data

Your data is retained in your Google Sheets according to your Google account settings. The Service does not control data retention in Google Sheets.

7.2 Debug Logs

If debug logging is enabled by the server operator:

  • Log retention is controlled by the server operator
  • Logs are stored locally on the server where the Service runs

8. Your Rights

8.1 Data Access and Portability

  • Your data is stored in Google Sheets, which you fully control
  • You can export, modify, or delete your data at any time through Google Sheets
  • You can revoke the Service's access to your Google account at any time via Google Account Permissions

8.2 GDPR and CCPA Rights

Since your data is stored in Google Sheets:

  • Data subject rights (access, correction, deletion, portability) are exercised through Google
  • See Google's Privacy Policy for details on exercising your rights

8.3 Token Revocation

You can revoke access at any time:

  1. Visit Google Account Permissions
  2. Find "MCP Sheet Filler" (or the OAuth app name)
  3. Click "Remove Access"

9. Security

The Service implements security measures including:

  • RFC 9728 MCP Authorization compliance
  • Token validation via Google's tokeninfo endpoint
  • Per-user authentication isolation
  • Access tokens are not persistently stored on the server; during OAuth code exchange, they are temporarily held in SQLite (max 10 min, single-use, auto-deleted). Only refresh token mappings, client registrations, and transient OAuth flow state are stored in SQLite (AUTH_DB_PATH)
  • Logs collected with the private mask do not contain sensitive data

10. Children's Privacy

The Service is not intended for use by children under 13 years of age. We do not knowingly collect information from children under 13.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be indicated by updating the "Last Updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

For questions about this Privacy Policy, please: