Last updated: 5 February 2026
This Privacy Policy explains how MeasureMinds Group Ltd (“we”, “us”, “our”) collects, uses, shares, and protects information when you use Consent Mode Monitor Sheets™ Add-on and the related service hosted at https://app.consentmodemonitor.com.
What information does Consent Mode Monitor Sheets™ Add-on collect?
Consent Mode Monitor Sheets™ Add-on is a Google Workspace add-on that runs in Google Sheets. It processes only the specific data values you pass to the Add-on’s custom functions (such as website URLs and Google Tag Manager container IDs) and sends those inputs to our service at https://app.consentmodemonitor.com to generate consent and tag-governance audit results.
When you run an Add-on function, the website URL and/or GTM container ID you enter is transmitted to our Service to perform the requested audit and return results back to your spreadsheet. The audit analyses publicly accessible webpage content (including publicly available scripts and tag responses) and does not require access to your Google account for the audit itself.
In some cases, the Service may generate a diagnostic screenshot and return a screenshot URL as part of the results.
The Add-on also processes a licence key that you provide in the spreadsheet. This licence key is sent to our Service in a request header (X-API-Key) to validate your plan and usage limits. This is a licence-key based authentication method issued and managed via Lemon Squeezy checkout, and it is not Google OAuth.
The Add-on does not request permission to edit or manage Google Tag Manager containers and does not make changes to GTM on your behalf. It is used to fetch audit results and write them into your spreadsheet.
We do not use spreadsheet inputs for advertising. We may retain limited operational records (such as request metadata and usage counters) and diagnostic screenshots as described below.
We transmit requests from the Add-on to our Service over a secure channel (HTTPS).
How does Consent Mode Monitor Sheets™ Add-on use the information?
We use the information described above to:
- perform the requested audits and return results to your spreadsheet,
- authenticate requests using the licence key issued via Lemon Squeezy checkout and enforce usage limits,
- provide customer support and troubleshoot issues,
- maintain the security and integrity of the Service (including preventing abuse), and
- comply with legal obligations.
Marketing communications (opt-in only)
If you explicitly opt in, we may use your email address to send product updates or newsletters. You can opt out at any time. If you do not opt in, we do not use your email address for marketing communications.
Account and subscription data
Email addresses may be collected when users subscribe or checkout through Lemon Squeezy. We use email for billing records, account communications, and support. Add-on API requests are authenticated using the licence key you provide (not your Google account).
We may store limited account data associated with your subscription (such as subscription status and usage metadata) to operate the Service and support billing where applicable.
Diagnostic screenshots
If diagnostic screenshots are enabled for a check, the Service may capture a screenshot of the audited page and return a screenshot URL in the output. Diagnostic screenshots are retained for up to 90 days, unless a longer period is required to comply with legal obligations or to investigate security issues. You should only submit URLs that you have the right to test.
Screenshots capture only the rendered content of the audited webpage. Depending on what is visible on that page, a screenshot may incidentally include personal data. We do not intentionally use screenshots to collect personal data, and we use them only for audit evidence and debugging.
What information does Consent Mode Monitor Sheets™ Add-on share?
We do not sell your personal data or share it with third parties for advertising.
We may share limited data with service providers (processors) that help us operate the Service. These providers are contractually required to protect your data and may only use it to provide services to us. This may include:
- Infrastructure hosting and networking: DigitalOcean (server location: United Kingdom)
- Payment processing and checkout: Lemon Squeezy (our checkout is hosted at https://cmm.lemonsqueezy.com/checkout)
- Business email and communications: Google Workspace (Google Apps for Business)
We may also disclose information if required by law, or to protect the rights, safety, and security of our users, customers, and the Service.
Google API Services User Data Policy (Limited Use)
The Consent Mode Monitor Sheets™ Add-on runs within Google Sheets and processes spreadsheet values required to perform the requested functions (for example, the URL and/or GTM container ID you enter and the cells where results are written).
The Consent Mode Monitor Sheets™ Add-on’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. Google user data is used only to provide and improve user-facing features of the Add-on and is not used for advertising, profiling, or resale.
How we protect sensitive data
Access control
- Role-based access controls: We restrict access to sensitive data within our systems to authorised personnel.
- Least privilege principle: Access is granted only to the minimum extent necessary for individuals to perform their job functions.
- Multi-factor authentication (MFA): Where available, we use MFA for administrative access to systems that process customer data.
Data Anonymisation and Masking
- Anonymisation: When feasible, sensitive data is anonymised, meaning personal identifiers are removed to protect individual identities in our datasets.
- Data Masking: In cases where anonymisation is not applicable, sensitive data fields are masked, making it unreadable to unauthorised users.
Security Audits and Penetration Testing
- We periodically review our security controls and may use internal and/or third-party assessments to help identify and address vulnerabilities. This helps us maintain and improve security controls in line with current best practices.
Intrusion Detection and Monitoring
- We use monitoring to help detect suspicious activity and unauthorised access attempts and respond appropriately.
Data Minimisation and Retention Policies
- We practise data minimisation by collecting only the information required to provide the Service. We apply retention practices designed to limit data to what is necessary to provide the Service, maintain security, and meet legal obligations.
Compliance with Regulations
- Our data protection mechanisms are designed to comply with industry standards and regulations, such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant laws. This ensures that your sensitive data is handled lawfully and responsibly.
User Control and Data Portability
- Users have control over their data, including the ability to request access, correction, or deletion of their personal information at any time. We also provide mechanisms for users to download or export their data securely if needed.
Our data retention policy
Purpose of Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, regulatory, or contractual obligations, resolve disputes, and enforce our policies.
Data Deletion
Users may request the deletion of their data at any time by contacting dpo@consentmodemonitor.com.
Legal Obligations
We may retain data longer if required by law or to protect our legitimate interests (e.g., fraud prevention, enforcing terms).
Contact Us
If you have any questions about this Privacy Policy, please contact us at dpo@consentmodemonitor.com