Legal
Privacy Policy
Last updated: March 26, 2026
🔒 We never store your AWS credentials on any external server. Your Access Key and Secret are stored exclusively within your own Google account using Google's encrypted storage.
📋 This add-on accesses only the current Google Sheet — it does not access Google Drive, Gmail, or any other Google service.
AWS Cost Health ("the Add-on") is a Google Sheets Editor Add-on that connects to the AWS Cost Explorer API to display billing and cost data in your Google Sheet. This policy explains how we handle your data.
1. Data We Collect
- AWS Access Key ID — used to authenticate API calls to AWS Cost Explorer
- AWS Secret Access Key — used to sign SigV4 requests to the AWS API
- AWS Region — used to determine the API endpoint
We do not collect, read, or store any other AWS data beyond cost and billing information explicitly fetched to display in your sheet.
2. Google User Data Accessed
The Add-on requests the following Google OAuth scopes. Each scope is used for the specific purpose described below and for no other purpose:
-
spreadsheets.currentonly (
https://www.googleapis.com/auth/spreadsheets.currentonly) —
Read and write data in the specific Google Sheet where the add-on is installed.
Used to write AWS cost report data (daily costs, service breakdowns, and the summary dashboard) into the sheet.
-
script.external_request (
https://www.googleapis.com/auth/script.external_request) —
Make outbound HTTPS requests from Google Apps Script.
Used solely to call the AWS Cost Explorer API to fetch cost data using your AWS credentials.
-
script.container.ui (
https://www.googleapis.com/auth/script.container.ui) —
Display a sidebar panel within Google Sheets.
Used to show the add-on's configuration interface where users enter AWS credentials and trigger cost syncs.
-
script.scriptapp (
https://www.googleapis.com/auth/script.scriptapp) —
Create and manage time-based triggers.
Used to enable optional scheduled automatic cost syncs so you do not have to trigger them manually.
The add-on does NOT access Google Drive files, Gmail, Google Calendar, Google Contacts, or any other Google service beyond the current spreadsheet. No personal information (email address, profile, or identity data) is accessed or stored.
3. Google User Data Storage
- No Google user data is stored on any external server or database operated by us.
- Cost report data is written directly to the user's own Google Sheet and remains entirely under the user's control.
- The add-on does not maintain any server-side storage, database, or analytics backend.
- AWS credentials (provided by the user) are stored in Google Apps Script's PropertiesService — encrypted, per-script storage managed entirely by Google within the user's account. This data never leaves Google's infrastructure.
4. Google User Data Usage
- Google Sheets access is used exclusively to write AWS cost report data into the active spreadsheet.
- No Google user data is used for advertising, analytics, market research, profiling, or any purpose unrelated to the core functionality of displaying AWS cost data.
- The add-on does not read existing spreadsheet data except for its own previously-written cost report sheets (to update them on subsequent syncs).
5. Google User Data Sharing and Transfer
- The add-on does NOT share, transfer, sell, or disclose any Google user data to third parties.
- The only external API communication is outbound from Google's servers to the AWS Cost Explorer API. This call transmits only your AWS credentials (not any Google data) in order to fetch your AWS billing information.
- This Add-on's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
6. How We Store AWS Data
- Your AWS credentials are stored using Google Apps Script's ScriptProperties — encrypted, per-project storage managed by Google
- Data is stored within your Google account and is only accessible to you
- We do not operate any external servers or databases
- No data is stored outside of your Google account
7. How We Use AWS Data
Your credentials are used solely to:
- Call the AWS Cost Explorer API (
ce:GetCostAndUsage) to fetch daily and monthly cost data grouped by service
- Display this cost data in your Google Sheet as a structured dashboard
8. Data Sharing
We do not share your data with any third parties. All API calls go directly from Google's servers to the AWS Cost Explorer API. There are no intermediary servers, analytics services, or tracking tools.
9. Third-Party Services
The Add-on communicates only with:
- AWS Cost Explorer API (ce.{region}.amazonaws.com) — to fetch cost data using your credentials
- Google Sheets API — to write dashboard data to your spreadsheet
10. Data Retention
- Your AWS credentials are stored until you click "Disconnect" in the Add-on panel
- Cost data written to the spreadsheet persists until you delete it
- Disconnecting removes all stored credentials immediately
11. Security
- All API calls use HTTPS encryption
- Requests to AWS are signed using AWS SigV4 — your Secret Key is never transmitted in plaintext
- Your credentials are stored in Google's encrypted ScriptProperties storage
- We recommend creating a dedicated IAM user with only
ce:GetCostAndUsage permission
12. Your Rights
- Disconnect — removes all stored credentials from your Google account instantly
- Revoke AWS credentials — deactivate the Access Key in AWS IAM to immediately disable all access
- Uninstall the Add-on — removes the Add-on and all associated stored data
13. Google API Services User Data Policy
This Add-on's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
14. Contact
For questions about this privacy policy, contact us at: ajaypadwal73@gmail.com
15. Changes
We may update this policy occasionally. Changes will be posted on this page with an updated date.