Right Menu Enterprise

Security & CISO Verification

Technical Declaration of Non-Interference for Enterprise Security Officers

Enterprise (B2B) Product

Right Menu Enterprise is offered as a B2B product for organizations and business users. This security overview is provided for transparency and compliance review. For individual personal use, see our Personal (B2C) edition. For questions, contact ciso@open-europe.cz.

Zero Data Exfiltration

100% Local Processing

All worksheet operations — navigation, cross-sheet references, and data validation reports — run entirely within the local Excel process. All data scanning and report generation happens locally on the user's device. No spreadsheet data is transmitted to our servers.

Zero Payload Transfer

No cell content, formulas, sheet names, or workbook metadata leaves your local Excel environment. This can be independently verified by monitoring network traffic.

Minimal Network Footprint

Outbound HTTPS requests are limited to the open-europe.cz domain only. All network traffic is restricted to:

  • License session verification (no Excel data)
  • Subscription status verification (no personal information, no Excel data)
  • One-time license key submission (key only, no Excel data)
  • Static UI assets

None of these requests contain any Excel cell data, formulas, or workbook content.

Standard Office Add-in

Right Menu is a standard Office Task Pane Add-in that operates within the sandboxed runtime provided by the Microsoft Office platform. No macros, no VBA, no ActiveX.

Privacy by Design

No Access to Your Microsoft 365 Identity

Right Menu does not access your Microsoft 365 user profile, email address, organizational directory, or any other identity information from your Microsoft account.

Minimal Data Collection

Only the organization administrator's email is collected during subscription setup. No individual employee data, Microsoft accounts, or user identities are required.

GDPR Data Minimisation

We collect the absolute minimum data required: the organization administrator's email address (provided during subscription setup) and a license key. No individual employee data is collected. This aligns with the GDPR principle of data minimisation (Art. 5(1)(c)).

No Admin Consent Required

IT administrators can deploy Right Menu without granting any OAuth permissions or third-party application access to the organization's directory.

ReadWriteDocument Permission

The ReadWriteDocument permission is required by the Office Add-in platform for the following features:

  • Read worksheet names, visibility, and tab colors for navigation
  • Activate (navigate to) selected worksheets
  • Insert user-initiated cross-sheet formula references
  • Run the Data Validation Report (scans cells locally for errors, formatting issues, and external links)

All data accessed through this permission is processed locally and is never transmitted to our servers.

Verification Protocol

Install the add-in, use all features with test data, and monitor outbound network traffic with your preferred tool. You will confirm that zero requests contain any Excel cell data.

Microsoft AppSource Certification — Pending

Right Menu is submitted for distribution through Microsoft AppSource and is undergoing Microsoft's certification process, which includes automated security scanning and manual review. This section will be updated upon successful certification.

For detailed information, please review our compliance documentation:

Privacy Policy Terms of Service ciso@open-europe.cz