Add-in Privacy Policy

The ROIC AI add-ins let you pull financial data — income statements, balance sheets, cash flow statements, ratios, and custom metrics — directly into Excel or Google Sheets. This policy explains exactly what data the add-ins access, what we collect, and how you can delete your data.

What the add-ins access

Both add-ins operate on a minimal-access model. They only read the inputs you explicitly type into the sidebar or formula (ticker symbols, metric names, periods, fiscal years) and write the returned financial data into the currently open spreadsheet.

Google Sheets Add-in requests these OAuth scopes:

• spreadsheets.currentonly — write financial data into the active spreadsheet only. This scope does NOT grant access to any other spreadsheet in your Google Drive.
• script.container.ui — display the add-in sidebar inside Google Sheets.
• script.external_request — fetch financial data from our API at api.roic.ai.

Excel Add-in uses the standard Office Add-in host permissions defined in its manifest. It reads and writes cells only in the currently open workbook and makes outbound HTTPS requests to api.roic.ai.

What we do NOT access

The add-ins do not:

• Read the contents of your spreadsheet beyond the inputs you explicitly provide
• Access other files in your Google Drive, OneDrive, or local file system
• Access Gmail, Google Calendar, Outlook, Microsoft Teams, or any other Google or Microsoft service
• Collect your Google or Microsoft account email through OAuth or identity tokens
• Use cookies, advertising identifiers, or third-party trackers
• Share any data with advertising networks or data brokers

What we collect

When you use the add-ins, we receive the following data through our API at api.roic.ai:

• Request parameters — ticker symbols, metric names, period types (annual, quarterly, TTM), and fiscal year ranges you enter
• Technical metadata — IP address, user agent, and request timestamps for rate limiting and abuse prevention
• Account data (paid plans only) — your email and subscription status, used solely to authorize API access

Third-party services

The add-ins communicate with exactly one external service: our own API at api.roic.ai. No data is shared with advertising networks, analytics providers, or any other third party through the add-ins.

Google authentication (for the Google Sheets Add-in) is handled by Google itself and is subject to Google's own privacy policies. We never receive your Google password or OAuth tokens.

Data retention and deletion

You can stop the add-ins from collecting any data at any time by uninstalling them from Google Sheets or Microsoft Excel. Upon uninstall, the add-in immediately stops sending requests to our API.

To permanently delete your Roic AI account and all associated data, email [email protected]. We will delete your account data within 30 days of your request.

Cached API responses and request logs are retained for up to 30 days for performance and abuse-prevention purposes, then automatically purged. We do not retain copies of your spreadsheet contents or any data beyond the parameters included in your API requests.

Data protection

We protect the data described above using the following measures:

• Encryption in transit — all traffic between the add-ins and our API at api.roic.ai uses HTTPS with TLS 1.2 or higher. Google authentication for the Google Sheets Add-in is handled by Google over TLS; we never receive your Google password or OAuth refresh tokens.
• Limited network exposure — only our HTTPS API endpoint at api.roic.ai is reachable from the public internet. Databases, application logs, and internal services are not exposed publicly.
• Administrative access controls — production systems are accessible only to authorized Roic AI engineering staff on a least-privilege basis, authenticated via single sign-on with multi-factor authentication.
• Retention— request logs and cached API responses are purged after 30 days (see “Data retention and deletion” above). Account data (email and subscription status for paid plans) is retained only while your account is active.
• No sale or sharing — we do not sell, rent, or share Google user data with third parties for advertising or any unrelated purpose. The add-ins do not embed third-party analytics, trackers, or advertising SDKs.
• Breach notification — in the event of a data breach affecting add-in users, we will notify affected users by email within 72 hours of confirmation.

AI and machine learning

The ROIC AI Google Sheets Add-in and the ROIC AI Excel Add-in do not integrate with any AI or machine-learning model, first-party or third-party. Inputs you type into the sidebar or formula (ticker symbols, metric names, period types, fiscal years) are used only to look up pre-computed financial data in our database.

Specifically, with respect to Google Workspace APIs:

• We do not use Google Workspace APIs data to develop, improve, or train generalized or non-personalized AI or machine-learning models.
• We do not transfer Google Workspace APIs data to any third-party AI tool or model provider.
• No spreadsheet content is read by the add-in beyond the explicit parameters you type, and no such content is sent to any AI service.

Google API Services compliance

ROIC AI's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Children's privacy

The ROIC AI add-ins are not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has used the add-ins, contact us at [email protected] and we will delete any associated data.

Changes to this policy

We may update this privacy policy from time to time. Material changes will be reflected at this URL with an updated last-modified date. Your continued use of the add-ins after changes take effect constitutes acceptance of the revised policy.

Contact

Questions about this privacy policy or the ROIC AI add-ins? Email us at [email protected].