This Privacy Policy describes how ProductImageSync ("the Service", "we", "us", "our") handles information when you install or use our Google Sheets add-on. ProductImageSync is operated by ProductImageSync Team. For any questions about this policy or to exercise the rights described below, contact us at hello@productimagesync.com.
1. Summary
ProductImageSync is a Google Sheets add-on that converts floating images from spreadsheet imports into proper in-cell images and Google Drive-hosted URLs. The add-on runs only when you explicitly start a job from the sidebar. We do not read your spreadsheets in the background, we do not access Google Drive files we did not create, and we do not sell, rent, or share your data with any advertiser or third-party marketer.
2. Who we are
ProductImageSync is operated by ProductImageSync Team. The Service is delivered as a Google Workspace add-on backed by a private cloud worker hosted on Google Cloud Platform. All inquiries — privacy, support, data deletion, and legal — are handled through hello@productimagesync.com. We commit to responding to verifiable requests within thirty (30) days.
3. Information we access
When you install and use ProductImageSync, the add-on requests the following Google OAuth permissions ("scopes"):
3.1. Google Sheets — spreadsheets
Scope: https://www.googleapis.com/auth/spreadsheets
We read product rows, image columns, and floating image positions from the active spreadsheet you have open, and we write image URLs and =IMAGE formulas back into that same spreadsheet. ProductImageSync is designed to access only the spreadsheet in which you open and run the add-on, and only the rows, columns, formulas, images, and metadata necessary to complete the job you start. We act only when you click "Run" inside the sidebar.
3.2. Google Drive (per-file access) — drive.file
Scope: https://www.googleapis.com/auth/drive.file
We upload extracted product images into a folder owned by you in your Google Drive. The drive.file scope means we can only see and modify files our add-on creates on your behalf. All other files in your Drive remain completely inaccessible to ProductImageSync. So that =IMAGE formulas can render inside cells and exported URLs can be used in external systems, the images the add-on uploads are shared with "anyone with the link can view" access. This means that anyone who obtains such a link can view that image. You can change or revoke this sharing at any time using the standard Google Drive sharing controls.
3.3. Sheets UI — script.container.ui
Scope: https://www.googleapis.com/auth/script.container.ui
This permission allows ProductImageSync to display the sidebar (Setup, Progress, Help, Feedback, and Settings sections) and validation dialogs inside the Google Sheets interface. Without it, the add-on cannot present its user interface.
3.4. Apps Script triggers — script.scriptapp
Scope: https://www.googleapis.com/auth/script.scriptapp
Apps Script imposes a six-minute execution limit per run. Larger jobs (up to 500 images) exceed that limit, so we schedule short-lived triggers that resume the work in stages (context preparation, job start, polling, completion). This scope is used solely to create, manage, and delete these internal resume triggers. The triggers are deleted as soon as the job completes, fails, or expires, and the scope is not used to send notifications or run code on any schedule outside of an active job.
3.5. External requests — script.external_request
Scope: https://www.googleapis.com/auth/script.external_request
This permission allows the add-on to send your job request to our private Cloud Run worker (hosted on Google Cloud, currently in the us-central1 region) and to poll for job status and results. No other external endpoints are contacted.
drive.file scope instead of broader Drive access, so the add-on can only see files it created on your behalf.
4. Information sent to our worker
For each job you start, the add-on transmits the following to our Cloud Run worker:
- A short-lived Google OAuth access token. The worker uses this token only for the Google API operations the job requires: exporting the active sheet to obtain its embedded floating images, fetching source images that require Google authentication, and uploading the resulting images to your Google Drive folder. The token is transmitted over HTTPS, is used only during the active job, is not stored persistently, is not written to our logs, and is discarded when the job completes or fails.
- The spreadsheet ID, sheet name, and target Drive folder ID.
- The list of image positions (cell anchors) and source image URLs for the current job.
Image content is processed transiently in memory by the worker only to complete the upload to your Google Drive folder. We do not persist image content in databases, object storage, or application logs.
5. Telemetry and pseudonymous usage data
5.1. Automated telemetry
ProductImageSync records automated operational events to Google Cloud Logging to monitor reliability and improve the Service. These events include: sidebar_opened, job_started, job_completed, job_failed, validation_warning_shown, validation_user_action, addon_installed, size_limit_exceeded, orphan_detected, orphan_user_action, and orphan_resumed. Each event is tagged with a randomly generated pseudonymous installation UUID. Automated telemetry does not include your name, email address, spreadsheet contents, product data, image bytes, or file names. The UUID alone does not identify you.
5.2. Feedback you submit
If you use the Feedback section of the add-on's sidebar, we receive the message text you write, an email address if you choose to provide one (this field is optional), and the name of the sheet you are working in at that moment. This is recorded as a user_feedback event in the same Google Cloud Logging system, and we use it only to understand and respond to your feedback. Free-text feedback may contain whatever information you choose to submit; we recommend that you do not include sensitive or confidential information in feedback messages.
5.3. Support requests
If you contact us and provide your installation UUID, we may use it only to locate and respond to your support or data-deletion request.
6. Data retention
- Job records (job status, item counts, error messages) are stored in our Firestore database (collection: pisync_jobs) for twenty-four (24) hours, then automatically deleted.
- Pseudonymous telemetry events are retained in Google Cloud Logging for thirty (30) days, then automatically deleted.
- Image content is not persisted on our servers. It is processed transiently in memory only to complete the upload to your Google Drive folder, where the images remain under your control.
7. Sharing of data
ProductImageSync does not sell, rent, lease, license, or otherwise share your data with any third party for advertising, marketing, or any other purpose. The only sub-processor we rely on is Google Cloud (Google LLC), which provides the underlying compute, storage, and logging infrastructure that makes the Service work.
8. Limited Use compliance
ProductImageSync's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We use Google user data only to provide, maintain, secure, troubleshoot, and improve the user-facing features of ProductImageSync.
- We do not use Google user data to develop, improve, or train generalized machine-learning or artificial-intelligence models.
- We do not use Google user data to serve advertisements.
- We do not allow humans to read Google user data unless we have your affirmative consent for a specific support case, it is required for security purposes (such as investigating abuse), or it is required by applicable law.
- We do not transfer Google user data to third parties except as necessary to provide or improve the Service, and only with appropriate confidentiality protections.
9. Your rights
Depending on where you live, applicable privacy laws (which may include the European General Data Protection Regulation or the California Consumer Privacy Act) may give you certain rights regarding your data. These may include the right to access, correct, or delete data, and the right to object to or restrict its processing.
Because the only data we hold about your use of the Service is pseudonymous telemetry, you can:
- request a copy of the telemetry data associated with your installation UUID;
- request deletion of that telemetry;
- stop further processing at any time by uninstalling the add-on and revoking permission at myaccount.google.com/permissions.
To exercise any of these rights, send an email to hello@productimagesync.com with the subject line "GDPR data request" and include your add-on installation UUID (visible in Sheets: Extensions → ProductImageSync → Settings).
10. Children's privacy
ProductImageSync is a business productivity tool intended for users of legal working age. The Service is not directed at children under sixteen (16), and we do not knowingly collect any data from children.
11. International data transfers
Our infrastructure runs in the us-central1 Google Cloud region (Iowa, United States). When you use ProductImageSync from outside the United States, the limited operational data described in Sections 4 and 5 is processed on United States servers. Where applicable, such international transfers are protected through Google Cloud's data processing terms and the safeguards described in this policy.
12. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this document reflects the most recent revision. Material changes will be announced inside the add-on's Help section before they take effect.
13. Contact
ProductImageSync Team
Email: hello@productimagesync.com
Website: productimagesync.com