Consent Mode Monitor Logo
Try our Extension
Try our Add-on
Consent Mode Monitor Logo
Consent Mode Monitor Logo

Consent Mode Monitor Sheets™ Add-on Privacy Policy

Last updated: 3 April 2026

This Privacy Policy explains how MeasureMinds Group Ltd (“we”, “us”, “our”) collects, uses, shares, and protects information when you use Consent Mode Monitor Sheets™ Add-on and the related service hosted at https://app.consentmodemonitor.com.

What information does Consent Mode Monitor Sheets™ Add-on collect?

Consent Mode Monitor Sheets™ Add-on is a Google Workspace add-on that runs in Google Sheets through a sidebar interface. It processes only the spreadsheet data needed to perform the actions you choose in the Add-on, such as website URLs, GTM container IDs, licence keys, selected cell ranges, result tab names, and scheduling settings, and sends the necessary inputs to our service at https://app.consentmodemonitor.com to generate consent and tag-governance audit results.

When you run a report from the Add-on sidebar, the website URL and/or GTM container ID you selected, together with related configuration such as selected ranges and result tab names, may be transmitted to our Service to perform the requested audit and return results to your spreadsheet. The audit analyses publicly accessible webpage content, including publicly available scripts and tag responses.

The Service generates a screenshot of the audited page and returns a screenshot URL as part of the site scoring results.

The Add-on also processes a licence key that you provide in the sidebar or spreadsheet. This licence key is sent to our Service in a request header (X-API-Key) to validate your plan and usage limits. Requests to our Service are authenticated using this licence key. Separately, the Add-on uses Google authorisation to obtain the Google Workspace permissions required to run inside Google Sheets.

The Add-on does not request permission to edit or manage Google Tag Manager containers and does not make changes to GTM on your behalf. It is used to run audits, fetch audit results, and write those results into the spreadsheet tabs selected by the user.

We do not use spreadsheet inputs for advertising. We may retain limited operational records (such as request metadata and usage counters) and diagnostic screenshots as described below.

We transmit requests from the Add-on to our Service over a secure channel (HTTPS).

The Add-on may access only the Google Sheets content needed to provide the selected feature. This may include the active spreadsheet, selected cell ranges containing website URLs or GTM container IDs, licence key values entered by the user, result tab names, scheduling settings, and the cells or sheets where audit results are written.

How does Consent Mode Monitor Sheets™ Add-on use the information?

We use the information described above to:

  • perform the requested audits and return results to your spreadsheet,
  • authenticate requests using the licence key issued via Lemon Squeezy checkout and enforce usage limits,
  • write results into user-selected sheets and result tabs,
  • support scheduled scans and recurring reporting where enabled by the user,
  • provide customer support and troubleshoot issues,
  • maintain the security and integrity of the Service, including preventing abuse, and
  • comply with legal obligations.

Marketing communications (opt-in only)

If you explicitly opt in, we may use your email address to send product updates or newsletters. You can opt out at any time. If you do not opt in, we do not use your email address for marketing communications.

Account and subscription data 

Email addresses may be collected when users subscribe or checkout through Lemon Squeezy. We use email for billing records, account communications, and support.

Requests sent from the Add-on to our external Service are authenticated using the licence key you provide. The Add-on also relies on Google authorisation for the Google Workspace permissions required to operate in Google Sheets.

If you enable Scheduler features, we may store the reporting configuration needed to run scheduled scans, such as frequency, selected range references, result tab names, and execution status metadata.

Diagnostic screenshots 

As part of site scoring, the Service captures a screenshot of the audited page and returns a screenshot URL in the output. Screenshot URLs are included to support audit evidence, troubleshooting, and report outputs inside the Add-on. Screenshots are retained for up to 90 days, unless a longer period is required to comply with legal obligations or investigate security issues. You should only submit URLs that you have the right to test.

Screenshots capture only the rendered content of the audited webpage. Depending on what is visible on that page, a screenshot may incidentally include personal data. We do not intentionally use screenshots to collect personal data, and we use them only for audit evidence and debugging.

What information does Consent Mode Monitor Sheets™ Add-on share?

We do not sell your personal data or share it with third parties for advertising.

We may share limited data with service providers (processors) that help us operate the Service. These providers are contractually required to protect your data and may only use it to provide services to us. This may include:

  • Infrastructure hosting and networking: DigitalOcean (server location: United Kingdom)
  • Payment processing and checkout: Lemon Squeezy (our checkout is hosted at https://cmm.lemonsqueezy.com/checkout)
  • Business email and communications: Google Workspace (Google Apps for Business)

We may also disclose information if required by law, or to protect the rights, safety, and security of our users, customers, and the Service.

Google API Services User Data Policy (Limited Use) 

The Consent Mode Monitor Sheets™ Add-on runs within Google Sheets and processes only the spreadsheet data required to perform the user-selected actions in the Add-on, such as website URLs, GTM container IDs, selected cell ranges, result tab names, scheduling settings, and the cells or sheets where results are written.

The Consent Mode Monitor Sheets™ Add-on’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Google user data is used only to provide the Add-on’s visible, user-facing features in Google Sheets, such as reading selected ranges, writing audit results, and supporting scheduled reports. Google user data is not used for advertising, profiling, or resale.

How we protect sensitive data

Access control

  • Role-based access controls: We restrict access to sensitive data within our systems to authorised personnel.
  • Least privilege principle: Access is granted only to the minimum extent necessary for individuals to perform their job functions.
  • Multi-factor authentication (MFA): Where available, we use MFA for administrative access to systems that process customer data.

Data Anonymisation and Masking

  • Anonymisation: When feasible, sensitive data is anonymised, meaning personal identifiers are removed to protect individual identities in our datasets.
  • Data Masking: In cases where anonymisation is not applicable, sensitive data fields are masked, making it unreadable to unauthorised users.

Security Audits and Penetration Testing

  • We periodically review our security controls and may use internal and/or third-party assessments to help identify and address vulnerabilities. This helps us maintain and improve security controls in line with current best practices.

Intrusion Detection and Monitoring

  • We use monitoring to help detect suspicious activity and unauthorised access attempts and respond appropriately.

Data Minimisation and Retention Policies

  • We practise data minimisation by collecting only the information required to provide the Service. We apply retention practices designed to limit data to what is necessary to provide the Service, maintain security, and meet legal obligations.

Compliance with Regulations

  • Our data protection mechanisms are designed to comply with industry standards and regulations, such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant laws. This ensures that your sensitive data is handled lawfully and responsibly.

User Control and Data Portability

  • Users have control over their data, including the ability to request access, correction, or deletion of their personal information at any time. We also provide mechanisms for users to download or export their data securely if needed.

Our data retention policy

We retain different categories of data for different periods depending on purpose. For example, diagnostic screenshots may be retained for up to 90 days, while limited request metadata, usage counters, subscription records, and support-related records may be retained for as long as needed to provide the Service, prevent abuse, meet billing obligations, resolve disputes, and comply with legal requirements.

Purpose of Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, regulatory, or contractual obligations, resolve disputes, and enforce our policies.

Data Deletion 

Users may request the deletion of their data at any time by contacting dpo@consentmodemonitor.com.

Legal Obligations 

We may retain data longer if required by law or to protect our legitimate interests (e.g., fraud prevention, enforcing terms).

Contact Us

If you have any questions about this Privacy Policy, please contact us at dpo@consentmodemonitor.com

Cookies used on this site

Save your business millions in privacy-related fines

Ensure Consent Mode is implemented properly with Consent Mode Monitor

  • Check for missing consent
  • Fix consent-related issues
  • Schedule monthly scanning
Use Consent Mode Monitor
Consent Mode Monitor Logo