Privacy Policy
Last updated: July 1, 2026
Who We Are
"We" are MonteSheet, a product of Pipewriter OÜ (Sepapaja 6, Tallinn 15551, Estonia, reg. no. 14904870). I'm Ivan. I build software tools for people who model uncertainty for a living — analysts, founders, engineers, consultants — and believe they deserve better than a $2,900 Windows-only license or a broken RAND() hack in a spreadsheet.
Products covered by this policy: the MonteSheet Google Workspace add-on at montesheet.com and any tools distributed under the MonteSheet brand.
MonteSheet is not directed at children, and we do not knowingly collect personal data from anyone under 13 (or under 16 in the EU without parental consent). If we learn we've inadvertently collected data from a child under these thresholds, we'll delete it. See our Terms of Service for our full eligibility requirements.
1. Google Workspace Add-on
This section exists specifically for Google's compliance review and for users who want to understand exactly what MonteSheet can and cannot see inside your Google account.
Google API Limited Use
MonteSheet's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
No AI Training on Your Data
We do not use data obtained through Google Workspace APIs to train, develop, or improve any AI or machine learning models — generalized, personalized, or otherwise. Your spreadsheet data is yours. It does not feed any model belly. Not ours, not anyone else's.
What MonteSheet Actually Does
MonteSheet is a Monte Carlo simulation engine that lives in a Google Sheets sidebar. You point it at an output cell (your ARR, your project cost, your NPV). You assign probability distributions to your input cells. MonteSheet clones your formula graph into a local, headless spreadsheet engine (HyperFormula), runs 1,000–100,000 iterations entirely inside your browser, and returns statistical outputs: histogram, CDF, P10/P50/P90, sensitivity tornado chart.
When the simulation completes, results are optionally written back to your active Google Sheet. That is the complete data flow. Your financial model never leaves your computer.
Permissions
MonteSheet requests the minimum scopes necessary to function:
- Current spreadsheet only (
https://www.googleapis.com/auth/spreadsheets.currentonly): We interact exclusively with the sheet you have open. We cannot access your other Google Drive files, your other spreadsheets, or anything else in your Google account. We do not read, log, or transmit your spreadsheet contents anywhere — your formula graph, cell values, and simulation results stay in your browser session and your sheet. - Sidebar UI (
https://www.googleapis.com/auth/script.container.ui): Renders the MonteSheet interface, charts, and controls inside the Google Sheets sidebar. - External requests (
https://www.googleapis.com/auth/script.external_request): Used solely to verify your Pro license key against Gumroad's license verification API (api.gumroad.com/v2/licenses/verify). We send your license key and receive back a valid/invalid status. No spreadsheet data is included in this request — just your license key. - Storage (
https://www.googleapis.com/auth/script.storage): Used exclusively to store your Pro license key (so you stay authenticated) and your saved simulation configuration (so the sidebar remembers your setup) in Google's PropertiesService. This data never leaves Google's infrastructure.
Data stored via PropertiesService is scoped to your script/document and protected by Google's own infrastructure; we don't export or copy it elsewhere. See Section 5 for more on how we protect data generally.
Google user data accessed through these scopes (your license key, saved configuration) is never sold, rented, or transferred to third parties for advertising, data brokerage, credit determination, or any purpose other than operating MonteSheet itself. See Section 7 for our general data sale and retention policy.
2. Purchases and Licensing
If you purchase a MonteSheet Pro lifetime license via Gumroad, Gumroad handles payment processing under their own terms. We store your license key, purchase date, and email address to validate your software access. We never see your payment card details.
License validation is a one-way check: your key is sent to Gumroad's verification API, they confirm it's valid, and we return a green light. We do not log your IP address, your spreadsheet content, or anything about the model you're running.
3. Email and Newsletter
You can subscribe to MonteSheet updates via signup forms on montesheet.com. We use email to send:
- Transactional emails: license keys, purchase confirmations, support replies
- Newsletter: product updates, new distribution types, the occasional piece of writing about risk modeling that we'd actually want to read ourselves
You can unsubscribe from the newsletter at any time via the link in any email. Unsubscribing from marketing does not affect transactional emails related to your license.
We store your email to manage your subscription and validate your license. We don't sell it, share it with advertisers, or send you anything we'd be embarrassed to receive ourselves.
4. Analytics and Technical Data
We use basic, privacy-respecting analytics on montesheet.com to understand which pages are useful and to catch errors. This includes page views and session duration. We do not use advertising trackers. Analytics data is not linked to personally identifiable information.
We do not run analytics inside the Google Sheets sidebar add-on.
5. Data Security
We take reasonable technical and organizational measures to protect your data against unauthorized access, disclosure, alteration, or loss. This includes:
- Encryption in transit: All connections to MonteSheet services (license validation, Apps Script external requests) use HTTPS/TLS.
- Encryption at rest: Data stored with our infrastructure providers (Vercel for hosting) is encrypted at rest by those providers' standard security practices.
- Access controls: Only Ivan (as sole operator of Pipewriter OÜ) has access to production data and infrastructure. We don't have a support team or contractors with standing access to your data.
- Google Workspace data specifically: Data accessed through MonteSheet's Google API scopes (your license key, saved simulation configuration) is stored via Google's own PropertiesService, inheriting Google's security infrastructure rather than a separate MonteSheet database.
No system is perfectly secure, and we can't guarantee absolute security. If we become aware of a data breach affecting your personal information, we will notify affected users and relevant authorities as required by GDPR.
6. Information Sharing
We do not sell personal data. Full stop.
We share data only with infrastructure providers necessary to operate: Vercel (hosting), Gumroad (payments), and Resend (transactional email). We may disclose data if required by Estonian or applicable international law. We will push back on requests we consider unreasonable.
Some of our infrastructure providers (Vercel, Gumroad, Resend) are based or operate servers outside the EU, including in the United States. Where we transfer personal data outside the EU/EEA, we rely on providers that maintain appropriate safeguards, such as Standard Contractual Clauses or equivalent frameworks recognized under GDPR.
7. No Sale of Data
We do not sell, rent, or trade your personal data — including data obtained through Google APIs — to third parties, data brokers, or information resellers, under any circumstances.
We do not use your data for targeted advertising, personalized or retargeted advertisements, interest-based advertising, credit-worthiness determination, lending decisions, or to build databases for resale. The only third parties who see your data are the infrastructure providers listed in Section 6, and only to the extent needed to operate MonteSheet (hosting, payments, email delivery).
8. Data Retention
We keep your data only as long as needed for the purposes described in this policy:
- License keys and saved simulation configuration (via PropertiesService): retained until you unlink your license or delete the add-on, whichever comes first.
- Email addresses: retained until you unsubscribe or request deletion. Unsubscribing removes you from marketing sends; deletion removes the record entirely.
- Purchase and license records: retained for as long as needed to validate your license and for standard accounting/tax purposes, per Estonian law.
You can request deletion of your data at any time — see Section 9 (Your Rights) for how.
9. Your Rights
You can request access to, correction of, or deletion of your personal data at any time by emailing us. Under GDPR you have the right to data portability, the right to restrict processing, and the right to object to processing based on our legitimate interests. Note that deleting your license record will invalidate your Pro access — we'll warn you before doing so.
If you believe we've mishandled your data, you can also lodge a complaint with your local data protection authority, or with Estonia's Data Protection Inspectorate (www.aki.ee), our lead supervisory authority.
10. Contact
Email: ivan@montesheet.com
Address: Pipewriter OÜ, Sepapaja 6, Tallinn 15551, Estonia
This policy is governed by Estonian law and EU privacy regulations (GDPR).