Excel Add In Privacy Policy

Document Viewer Add-in Privacy Policy

Effective: 26 May 2025

1. Introduction

AUTOFETCH AI PTY LTD (ABN: 39 686 695 321) and our affiliated entities ("AutoFetch.AI", “we”, “our” or “us”) provides a Microsoft Excel add-in that lets you view PDF documents inside Microsoft Excel by generating secure SAS URLs for files stored in our Azure Blob Storage. This Privacy Policy explains what information we collect, how we use it, your rights and choices with respect to your information, and how you can contact us if you have any questions or concerns.

This Privacy Policy may be updated from time to time. We will notify you of any material changes to our Privacy Policy by posting the new Privacy Policy on our Website.

2. What Information We Collect

We collect the following information when you use the AutoFetch.AI document viewer add-in, as further described below.

Authentication and Identity

Office SSO Token: When you click “Show Document Viewer,” the add-in calls Office.context.auth.getAccessTokenAsync() to obtain a Microsoft identity token.

‍User Identifier: We store (temporarily or in logs) your Azure AD UPN/email address or object ID extracted from that token to authorise PDF access.

‍
‍Usage Data

Document Requests: We log which documents you view, timestamps, and the generated SAS URL parameters (but never the document contents).

‍Application Logs: Errors and diagnostic data (e.g. Microsoft Excel version, browser User-Agent in the WebView2 control).

‍
‍Device & Environment Data

Microsoft Excel Add-in Environment: We may collect basic metadata (Microsoft Excel version, OS, Static Web App region) to help with support and troubleshooting.

3. How We Use Information We Collect

We use the information we collect for a variety of purposes, including:

‍Authentication & Authorisation: Verify that you’re entitled to view each PDF and generate time-limited SAS URLs.

‍Service Provision: Load your documents seamlessly in the document viewer task pane.

‍Security and Abuse Prevention: Detect and block unauthorised access attempts or suspicious patterns.

‍Support and Improvement: Diagnose technical issues and improve performance and reliability.

4. How We Share Information

Microsoft/Azure Services: We transmit your Office SSO token to Azure AD for validation, and we call our Azure Function App to generate SAS URLs. Microsoft and Azure adhere to their own privacy policies.

‍No Third-Party Sharing: We do not sell or rent your personal data.

‍Legal Compliance: We may disclose information if we believe doing so is required or appropriate to comply with legal obligations, law enforcement requests, and legal processes, such as a court order.

5. Data Retention

Token Data: We do not persist your raw Office SSO token.

‍Logs & Usage Records: Retained for up to 90 days to support debugging and abuse prevention, then automatically purged.

6. Security

Transmission: All communications occur over HTTPS with TLS 1.2+ encryption.

‍Storage: Any stored logs or metadata reside in our Azure Storage with encryption at rest.

‍Access Controls: Limited to authorised personnel and services in our Azure subscription.

7. Your Choices and Rights

Access & Correction: You may request a copy of or correction to the personal data we store about you by contacting us as provided below.

‍Data Deletion: You may request permanent deletion of your logs or usage records.

‍Opt-Out: If you choose not to use SSO, you will not be able to view protected PDF content in the add-in.

8. Contacting Us

If you have questions or comments about this Privacy Policy, how we collect and use your information, your choices or rights regarding such use, or wish to exercise your rights, please do not hesitate to contact us at info@autofetch.ai.