Skip to main content
Excelerate

Privacy Policy

Last updated: May 2026

On this page

1. Who We Are

Excelerate Financial Modelling Limited (“Excelerate”, “we”, “us”, “our”) is a company registered in England and Wales. We develop and operate the Excelerate Excel Add-in (“the Add-in”) and the Excelerate website and portal at exceleratefinancialmodelling.com (“the Service”).

This Privacy Policy is issued in compliance with the United Kingdom General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, and, where applicable to users in the European Economic Area, the EU General Data Protection Regulation (“EU GDPR”). For most processing activities Excelerate is the Controller. Where Excelerate processes personal data on behalf of a Team-plan customer, Excelerate is the Processor and the Data Processing Agreement applies in addition to this policy.

Contact: support@exceleratefinancialmodelling.com

2. What This Policy Covers

This Privacy Policy explains how we collect, use, store, and protect information when you:

  • Use the Excelerate Excel Add-in
  • Visit our website
  • Create an account on our platform
  • Subscribe to a paid plan
  • Contact us for support

3. The Excelerate Add-in - Data Handling

3.1 Routine Tool Data Handling

During routine tool use (formatting, auditing, formula and chart operations), the Excelerate Add-in operates entirely within your Excel environment:

  • We do not read, copy, or transmit your spreadsheet content for routine tool execution. Cell values, formulas, sheet names, file names, and workbook content stay on your device when you run tools.
  • We do not store your routine workbook content on our servers or any third-party servers.
  • We do not use AI, machine learning, or cloud processing to analyse your workbooks.

Exception - user-initiated portal uploads. If you choose to upload a template, brand file, or workbook through the Excelerate portal (e.g. to extract a brand palette, theme, or template into the Excelerate library), the file is uploaded to our servers and parsed server-side to extract metadata (cell styles, theme XML, sheet names of the template). This is a deliberate, user-triggered flow - not part of routine Add-in tool use. Files are processed by our infrastructure (Vercel, Supabase Storage) and retained only as long as needed to deliver the feature.

3.2 What the Add-in Does Collect

The Add-in collects three narrow categories of pseudonymous product and reliability telemetry linked to your Excelerate account:

  • Tool-usage events: the name of the tool used, success or failure status, execution duration, Excel host platform (Windows, Mac, or Web), and your Excelerate user ID, organisation ID, and organisation tier. Used to understand which features are valuable, identify reliability issues, and answer per-organisation feature-adoption questions.
  • One-time install heartbeat: a single record on first authenticated launch confirming an installation has been activated, plus the host platform.
  • Application error telemetry:if the Add-in encounters an uncaught JavaScript error or exception, a structured error event is sent to Sentry (Functional Software, Inc., EU region) so we can identify and fix reliability issues. Each event carries the error message and stack trace (symbolicated server-side), browser type, Excel host platform, and build version. The Add-in’s Sentry initialisation sets sendDefaultPii: false and uses a beforeSend scrubber to drop any user-email payload that future code paths may attach. See our Subprocessors page for full details.

This telemetry explicitly excludes cell values, formula strings, sheet names, file names, workbook structure, named ranges, chart data, and any other content of your workbooks. The exclusion applies to all three categories above, including error stack traces.

Admin and owner visibility within your organisation. If you are part of a Team-plan or Founders Club organisation, the owners and admins of that organisation can view aggregate tool-run counts for each member of the organisation over a rolling 30-day window, for the purposes of subscription renewal, ROI reporting, and seat management. The information surfaced is limited to: the count of tool executions per member, the names of the most-used tools, and the member’s display name as configured in their profile. No workbook contents, file names, formula contents, or cell values are shared with administrators at any time — this disclosure expands existing pseudonymous tool-event telemetry into a same-organisation aggregate view, not a new data collection.

3.3 Telemetry Opt-Out

You can disable tool-usage events and the install heartbeat from the Add-in’s settings. When disabled, neither category transmits any data from your device.

Application error telemetry (Sentry) is always on while the Add-in is running, because uncaught errors are the signal we use to detect and fix reliability defects that prevent you from using the Add-in. Sentry events carry no workbook content per the exclusion above; we may add a user-controlled opt-out for error telemetry in a future release.

This opt-out applies to the Add-in only. The authenticated Excelerate portal uses identified product analytics to deliver and improve the service - see §4.2.

3.4 Local Storage

The Add-in stores user preferences (colours, favourites, custom styles, shortcut bindings, view configurations) in your browser’s local storage. This data remains on your device, is not transmitted to us, and can be cleared through your browser settings or by signing out of Office.

4. The Website & Portal

4.1 Account Information

If you create an account, we collect: email address, display name, organisation name, role within your organisation, and a hashed password (we never see plain-text passwords). We use these to authenticate you, manage organisation access, and deliver the service.

When you sign up, we ask a short series of questions about your role, the company you work in (revenue band, company profile), the workflows you’ll use Excelerate for, and the tools you currently use. We use these answers to tailor product communications and improve Excelerate for finance practitioners like you. You can choose “Prefer not to say” on the revenue question. You can update or delete these answers at any time from your profile settings.

We may ask you a short, optional feedback question - “why wasn’t Excelerate the right fit?” - at three points: after your free trial ends (via email), inside the portal if your trial has expired (a dismissible banner), and inside the portal when you cancel a paid subscription. If you choose to respond, we record the structured reason category you select (one of seven options, e.g. price, missing feature, chose competitor) plus any free-text notes you write, alongside the related subscription and account identifiers. This data is used only to improve the product and prioritise our roadmap. Survey participation is entirely optional at every surface; skipping it has no effect on your account. You can request deletion of these responses at any time via support@exceleratefinancialmodelling.com.

4.2 Analytics

The public marketing website uses privacy-focused analytics (page views, browser type, country-level location, referral source) and does not identify individual visitors.

The authenticated portal uses identified product analytics linked to your Excelerate user ID - covering page views, feature interactions, and time on surfaces. These are used to (a) deliver the service correctly, (b) debug account-specific issues you report, and (c) build aggregated usage insights. They do not capture any spreadsheet content from the Add-in.

4.3 Cookies

We use only essential cookies for authentication and session management on the portal, plus a small number of third-party cookies set during the Paddle checkout flow when you subscribe. We do not use advertising cookies, retargeting pixels, or third-party marketing trackers.

5. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Excelerate service
  • Authenticate your identity and manage your account and organisation
  • Process subscription payments via our Merchant of Record (see §7)
  • Send transactional and lifecycle emails (such as account verification, password reset, organisation invitations, billing receipts, trial reminders, save offers, and post-trial research surveys)
  • Improve the product based on aggregated usage patterns
  • Respond to support requests
  • Comply with legal and regulatory obligations

We do not use your information for advertising, marketing profiling, or selling to third parties.

See §4.1 for how we use the signup-questionnaire answers (role, company profile, revenue band, workflows, tools) to tailor product communications.

6. Subprocessors and Service Providers

We rely on a small number of trusted service providers (“subprocessors”) to operate the Service. They process personal data on our behalf, only on our documented instructions, and under written Data Processing Agreements compliant with UK GDPR Article 28 and EU GDPR Article 28.

The categories of provider are:

  • Supabase - primary backend: database, authentication, edge functions, file storage
  • Vercel - website and platform hosting
  • Cloudflare - DNS resolution and network security
  • Resend - transactional email delivery
  • PostHog - identified product analytics (portal) and pseudonymous tool-usage telemetry (Add-in)
  • Sentry - application error and exception telemetry (Add-in); EU region; sees no workbook content
  • Paddle - Merchant of Record for subscription billing (see §7)
  • DigitalOcean - supplementary infrastructure hosting

For the full list with the exact data processed, region, transfer mechanism, and provider DPA links, see our Subprocessors page.

We do not sell, rent, or trade your personal data to any third party.

7. Payments and Subscriptions

Excelerate uses Paddle as our Merchant of Record. When you subscribe to a paid plan, Paddle handles payment processing, invoicing, sales tax and VAT collection, fraud screening, and refund processing, in accordance with Paddle’s own Privacy Notice and Buyer Terms.

Paddle collects information necessary to process your transaction, including your name, email address, billing address, tax residency, and payment card details (tokenised - Excelerate never sees raw card numbers). Excelerate receives back a limited subset: your subscription identifier, plan tier, status, billing email, and high-level transaction metadata, which we use to manage your entitlement to paid features.

You can manage your subscription, payment methods, and invoices at any time via Paddle’s buyer portal at paddle.net. Refunds are governed by our Refund Policy.

8. Your Rights (UK GDPR & EU GDPR)

Under the UK GDPR, and the EU GDPR where you are located in the European Economic Area, you have the right to:

  • Access - request a copy of your personal data
  • Rectify - correct inaccurate personal data
  • Erase- request deletion (“right to be forgotten”)
  • Restrict - limit how we process your data
  • Port - receive your data in a machine-readable format
  • Object - object to processing based on legitimate interests
  • Withdraw consent - where processing is based on consent

To exercise any of these rights, contact support@exceleratefinancialmodelling.com. We respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect personal data, including: encryption in transit (HTTPS/TLS) for all data transmission, encryption at rest for stored data, role-based access controls, row-level security policies on customer data, principle-of-least-privilege service credentials, and regular security reviews.

10. International Transfers

Some subprocessors operate outside the United Kingdom and the European Economic Area. Where personal data is transferred internationally, we rely on appropriate safeguards, including the UK International Data Transfer Agreement (IDTA), the EU Standard Contractual Clauses (SCCs), and the UK Addendum, as applicable. The specific transfer mechanism per provider is set out on the Subprocessors page.

11. Data Retention

  • Account data: retained until you delete your account or request erasure
  • Add-in telemetry: 12 months (rolling)
  • Website analytics: 12 months
  • Billing and tax records: 6 years (as required by UK tax law)
  • Support correspondence: 24 months
  • Administrative audit logs: records of sensitive staff actions on your account or organisation (such as trial extensions, manual support actions, or impersonation sessions) are retained as security and compliance records for as long as necessary to investigate misuse and to establish, exercise, or defend legal claims (UK GDPR Article 17(3)(e)). Account deletion does not automatically erase these administrative records.

12. Business Customers (Data Processing Agreement)

If you are subscribing on behalf of an organisation and require a Data Processing Agreement, see our Data Processing Agreement. By subscribing to a Team plan, that DPA forms part of your agreement with us in addition to these Terms of Use.

13. Children

Excelerate is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have done so, we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the “Last updated” date above and, for material changes that affect existing subscribers, give at least 30 days’ advance notice by email before the change takes effect.

15. Contact & Complaints

Excelerate Financial Modelling Limited
Email: support@exceleratefinancialmodelling.com
Website: exceleratefinancialmodelling.com

If you are not satisfied with our response, UK residents have the right to lodge a complaint with the Information Commissioner’s Office (ICO): ico.org.uk. Residents of the European Economic Area have the right to lodge a complaint with their local supervisory authority - a list is published by the European Data Protection Board at edpb.europa.eu.