This page explains, in plain language, how we treat your data, what permissions the add-on uses, and what it never does.
Our security commitments
- ProductImageSync runs only when you click "Run" in the sidebar. There is no background access, no scheduled scanning, and no automatic processing of any spreadsheet you have not explicitly opened the add-on inside.
- ProductImageSync does not persist your product images on our servers. During a job, images may be processed transiently in memory by our Cloud Run worker only to complete the upload into a folder in your own Google Drive. That folder is created by the add-on inside your Drive and remains under your control.
- We do not request any restricted-tier Google permissions. The add-on uses the per-file
drive.filescope, which means it can only see and modify files it creates on your behalf. Every other file in your Drive is invisible to ProductImageSync. - We do not sell your data. We do not share your data with advertisers, marketers, or any third party for promotional purposes. We do not use your spreadsheet content to train machine-learning models.
- You can revoke ProductImageSync's access at any time from your Google account settings: myaccount.google.com/permissions.
OAuth scopes the add-on uses
ProductImageSync requests five OAuth scopes — no more than the workflows on this site require. None of them are restricted-tier scopes.
- spreadsheets — read product rows and image positions from the active sheet, and write image URLs and
=IMAGEformulas back into it. - drive.file — upload exported images into a folder in your Drive. Per-file access: the add-on sees only files it created.
- script.container.ui — display the add-on sidebar and dialogs inside Google Sheets. No data access.
- script.scriptapp — schedule short-lived internal triggers that resume large jobs across Apps Script's six-minute limit.
- script.external_request — send the job to our private Cloud Run worker and poll for status.
The full technical breakdown of every permission is published in our Privacy Policy and Google API Disclosure.
What data the add-on processes
When you start a job, the add-on works with the minimum information needed to complete that job:
- It reads the active spreadsheet to find product rows and the positions of floating images.
- It sends the spreadsheet ID, sheet name, target Drive folder ID, and the list of image positions to our private worker on Google Cloud.
- It sends a short-lived Google access token so the worker can perform the Google API operations the job requires on your behalf. The token is used only during the active job, is not stored, and is not written to our logs.
What the worker does
The worker is a small private service we run on Google Cloud Platform (Cloud Run, currently in the us-central1 region). For each job, it:
- Fetches the source images needed for the job.
- Uploads them to the target folder in your Google Drive.
- Returns the new image URLs and cell positions to the add-on so the spreadsheet can be updated.
The worker holds job metadata (status, item counts, error messages) in Firestore for twenty-four (24) hours, then deletes it automatically. Image content is processed transiently in memory and is not persisted in our databases, object storage, or logs after a job completes.
About public image URLs
For =IMAGE formulas to render inside spreadsheet cells, and for exported URLs to be usable in external systems such as a CRM, ERP, CMS, online store, or marketplace, the image files must be reachable by those systems. For this reason, the images ProductImageSync uploads to your Google Drive folder are shared with "anyone with the link can view" access. This means that anyone who obtains such a link — not only you — can view that image. The links do not expose any other file in your Drive. You can change or revoke this sharing at any time through the standard Google Drive sharing controls.
How we protect operational data
- All traffic between the add-on, the worker, and Google services runs over HTTPS.
- The short-lived Google OAuth access token included with a job is used only for the Google API operations the job requires, such as exporting the sheet and uploading files to your Drive folder. We do not store or log Google OAuth access tokens.
- Automated telemetry events (sidebar opens, job starts and completions, errors) are stored in Google Cloud Logging for thirty (30) days, then deleted. They are tagged with a random pseudonymous identifier and contain no spreadsheet content and no personal information.
- If you use the in-add-on Feedback form, the message you write — together with an email address, if you choose to provide one — is sent to the same logging system so that we can read and respond to it. Please do not include sensitive or confidential information in feedback messages. Full details are in our Privacy Policy.
- Access to our Google Cloud project is restricted to authorized maintainers, and administrative actions are logged.
What we will never do
- ProductImageSync is designed to read and modify only the spreadsheet in which you open and run the add-on.
- We will never access any file in your Google Drive that the add-on did not create.
- We will never sell, rent, or share your data with third parties for advertising.
- We will never silently expand the permissions the add-on requests. Any new OAuth scope would appear on the Google consent screen for your explicit approval and would be reflected in updated documentation.
Security incidents
If we discover a security incident affecting user data, we will investigate promptly, take reasonable steps to limit its impact, and notify affected users where required by applicable law.
Reporting a security issue
If you discover a vulnerability or any behavior that looks unsafe, please contact us at hello@productimagesync.com with the subject line "Security report". We respond to verifiable reports within seven (7) business days.
Contact
ProductImageSync Team
Email: hello@productimagesync.com
Website: productimagesync.com