Legal · Privacy Policy

Privacy Policy

Effective 2026-05-09.

Pre-launch draft — under counsel reviewFor specific questions, email legal@modelxcel.com.

This Privacy Policy explains how ModelXcel collects, uses, and protects personal data when you visit modelxcel.com or use the ModelxcelPro Excel add-in.

We serve customers in the United States and the European Union. EU-resident user data is stored in EU data centers. For questions, contact privacy@modelxcel.com.

This document is a pre-launch draft under counsel review.

01.Data we collect

Account data: name, email, company, role, billing address, payment information processed by Stripe.

Usage data: pages visited, features used, error reports. The desktop add-in collects telemetry only when you opt in (default off).

Local diagnostic logs: the desktop add-in writes a daily-rotated log to %LOCALAPPDATA%\ModelxcelPro\Logs\ on your own machine. These logs help diagnose support tickets when you choose to attach them; they are never automatically uploaded. Logs contain command names, timings, and error messages — never formula contents, cell values, file names, or workbook content.

What we never collect from inside Excel: formula contents, cell values, file names, workbook contents, file paths. The Causality ledger lives entirely inside your workbook file and never leaves your machine without your action.

02.How we use data

  • Provide and maintain the Service (account management, license issuance, billing).
  • Communicate operational updates, transactional emails, and support replies.
  • Improve product quality (aggregated usage analysis when you opt in).
  • Comply with legal obligations.

03.Subprocessors

We rely on the following subprocessors to deliver the Service:

  • Stripe — payment processing
  • Brevo (formerly Sendinblue) — transactional and marketing email
  • Vercel — website hosting
  • Neon — managed Postgres database (EU region for EU customers)
  • PostHog — product analytics (EU region)

A current list with contractual links is maintained at /legal/dpa#subprocessors.

04.Cookies

We use a small number of strictly-necessary cookies for session management. Analytics cookies (PostHog) load only after you grant consent via the cookie banner. You can withdraw consent at any time by clearing cookies and returning to the site.

05.Your rights

You have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate data;
  • request deletion (right to be forgotten); use the Delete account button in your portal or email us;
  • request portability — we\'ll export your data in machine-readable format;
  • withdraw consent for analytics or marketing email at any time.

To exercise any of these rights, email privacy@modelxcel.com. We respond within 30 days.

06.GDPR (EU customers)

For EU residents: ModelXcel acts as a data controller for marketing-site visitors and account holders, and as a processor for workbook data when an EU customer engages our Enterprise tier. EU customer data is stored in EU regions of our subprocessors (Neon, PostHog). The relevant Standard Contractual Clauses are linked from the DPA.

07.Security

We use TLS for all network traffic, hash and salt password equivalents, and rotate service credentials regularly. License signing keys are held in a managed KMS, never in source control. Detailed controls and incident response procedures are available under NDA for Enterprise customers.

08.Children

The Service is not directed to children under 16 and we do not knowingly collect data from children. If you believe we have, contact us and we will delete it.

09.Changes to this policy

We may update this Policy from time to time. Material changes will be announced on the website and emailed to active accounts at least 30 days before they take effect.

10.Contact

Privacy questions: privacy@modelxcel.com. General support: support@modelxcel.com.