Your privacy is of the utmost importance to us. This Privacy Policy describes how RendAndGoldMgmt ("we", "our", or "the application") handles, stores, and protects your information when you use our application to manage your jewellery inventory, reserves, and transactions.
🔒 Zero Server Access: RendAndGoldMgmt is a fully serverless, browser-based client application. We do not operate any external database or backend servers. Your keys and data never leave your browser, except when communicating directly and securely with Google Sheets API.
1. Information We Access and Collect
To provide its core inventory and ledger features, RendAndGoldMgmt requires integration with your Google account. We access the following information:
- Google OAuth Tokens: Temporary access tokens granted by you during sign-in to communicate securely with Google Sheets API.
- Google Spreadsheet Data: The application reads and writes data (stock boxes, reserves, transactions, ledger entries, lending records, and reminders) to a Google Spreadsheet that you specify.
- Configuration Settings: Your Spreadsheet ID, OAuth Client ID, and AI API Key (if provided).
2. How We Store and Protect Your Data
Since we do not run backend databases, all storage is handled strictly on your side:
- Local Encryption: Your Spreadsheet ID, Client ID, and AI API Key are encrypted on your local device using AES-256 (GCM) with a 4-digit PIN that you create. The encrypted payload is saved in your browser's local storage (
localStorage). - Security of your PIN: The encryption keys are derived using PBKDF2 with 100,000 iterations. The plaintext PIN is never saved in the browser.
- Google Sheets: Your actual business records are stored entirely within your personal Google Drive account in the designated Google Sheet.
3. Google User Data Policy Compliance
RendAndGoldMgmt's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only request permissions necessary to read and write your dedicated spreadsheet (
https://www.googleapis.com/auth/spreadsheets). - We do not transfer, sell, or share your Google user data or spreadsheet contents with any third parties.
- Your Google OAuth token is saved only in your browser session and is used solely to authenticate your requests directly to Google Sheets API.
4. Third-Party Services (AI API Keys)
If you choose to use the optional "Ask AI" natural language helper feature, the application will send your query along with relevant segments of your local inventory data directly to either the Anthropic (Claude) or Google (Gemini) API depending on the API Key you provide. This data transfer goes directly from your browser to the AI service endpoint and is governed by their respective privacy policies.
5. Managing and Deleting Your Data
You have full control over your credentials and data at all times:
- You can revoke access to your Google Account at any time through your Google Security Settings.
- You can clear all cached credentials and encrypted configurations from the browser instantly by going to Setup and clicking Clear Cache & Reset PIN.
- Your spreadsheet data is stored in your personal Google Drive and can be deleted or backed up via standard Google Sheets tools.
6. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. Any changes will be posted on this page with the updated date at the top.
7. Contact Us
If you have any questions or feedback regarding this Privacy Policy or security configurations, you can contact the host or deployment administrator of your RendAndGoldMgmt installation.