Privacy, TOS, SLA and Liability
Updated on Nov. 13, 2018
As long as we only work within the Google Cloud Platform, mostly using Google Apps Script (as a web app or add-on) within the user’s Google account, privacy is for us not just by design but also a premise.
We don’t store or access your data directly, we rely on Google services to process the information as required by the script.
We collect minimal information from you when using our services and scripts
What information we collect?
We collect your email address.
Then, associated with your email address we also collect:
- Locale (language of your document),
- Installation date,
- Settings (just boolean flags associated with your choice to enroll in the beta and alpha program)
- Subscription details at PayPal (subscription ID, plus name and email you use @PayPal when subscribing to the premium plan)
- Error and warning messages
- Usage stats (just numbers like: number of processed items, execution time, etc),
- OS (Linux, Windows, etc) and Browser (Chrome, Firefox, Edge, etc) you are using
- Note that some other information might come as part of an error message from Google, so far we only know of the following pieces of information: sheet name (on sheet not found error)
Where is that information stored?
- Google Firebase Database (email address and settings, premium plan subscription details),
- Google Sheets (last 30 days Logs and stats, Merging Mail lists for users we communicate with),
- Gmail (email communications with clients), Google Vault and Spanning Backup
- PayPal (email address to link the premium plan subscription to your account)
How is that information used?
- We use Logs for context when providing support
- Merging Mail for some users we communicate with, in case of errors or other important matters
- Google Analytics (hashed/obscured with Sha256 email address as user id) for stats, but also to track back ownership in case of complaints or excessive usage
How we protect that information?
- Private within our domain @thexs.ca, using 2-step verification
- Never login with other account in the same browser session
Do we access your data?
- No, we don’t have access to your information, data or settings, other than the aforementioned
- All your data stays within your Google account under your full control.
Do we share your information?
- We do not and will not share your information with any third party
How we communicate with you?
- We might communicate with you by email from time to time to follow up on errors or script issues, as well as other matters we could consider of your interest in relation with our services. When doing that we either send you a personal email or use our own private Merging Mail from Sheets tool
- We also provide occasional in-app announcements, polls and surveys with relevant information.
- For premium plan subscribers we send a reminder email the month before of the renewal
- And of course, we respond to your feedback tickets and follow up your questions until you are satisfied.
Special access for support and troubleshooting
In very special and seldom cases, we respond to requests to and also offer help on troubleshooting specific issues.
In those cases we might have access to your data, provided you share your Google document with us, after agreeing on the following premises and terms:
- There is no sensitive, private or personally identifiable information in your data
- All your data will remain within your document and
- You must remove the sharing access when the support session is completed
Access, scopes, permissions and authorization
When using any of our web apps and add-ons Scripts, hosted on Google Apps servers, you would be asked for authorization to access several services running on your Google account, as shown below.
About the purpose and actual use of each of these scopes.
Depending on the Script you are using, you might just have to authorize just some of these scopes
- View and manage the files in your Google Drive
- create a private folder within your Google Drive for data files, but only access that folder
- Basic account info (View your email address, Know who you are on Google)
- collect your email address for registration and authentication purpose
- View and manage documents that this application has been installed in
- reading and writing only in the documents you install and use the script
- View and manage data associated with the application
- reading and writing the properties associated with the script, user and document
- Connect to an external service
- posting stats, errors and warning messages to the script private log and accessing user's settings
- Display and run third-party web content in prompts and sidebars inside Google applications
- showing web content for user interaction in a sidebar or dialogue
- Allow this application to run when you are not present
- running some tasks using triggers (time-based, on form submit), the user must opt-in to set the triggers
- View your email messages and settings
- getting the list of draft messages, reading the content of the draft message selected by the user
- Send email (as you) on your behalf
- sending emails based on the selected user's template with information from the current datasheet
Additional access for custom solutions
In addition to above scopes for publicly available Scripts, we also develop custom/tailored solutions for specific clients, that might have some of the extra scopes listed below
- Gmail access: Read, send, delete, and manage your email
- create new labels matching user’s predefined settings
- loop through Gmail threads/conversations to apply some labels and gather stats
- build a report based on these stats and send it by email to the designated person within the domain
Note that the Script having access to those services doesn’t mean we do.
We, as the developers, won’t have direct access to any of those services neither to your data within your Google account or domain.
- You can remove any app with access to your account in My Account
TOS, SLA and Liability
Our web apps and add-ons scripts are hosted on Google Apps servers and all your data stays there within your Google account, accordingly both the scripts and your data will enjoy the same Terms of Services (TOS) and Service Level Agreement (SLA) you already have with Google.
The same way that Google “End Users Using Scripts or Add-ons” Terms, declines to assume any responsibility for Scripts or Add-ons, we also do decline as declared in such Terms.
Our services and scripts are provided on an "AS IS" basis. In addition to that we just offer Best Effort basis SLA for the expected and correct functioning of our services and scripts, and on that we commit fully.
Other than that we offer no guarantees, warranties, or any assurances, expressed or implied, about or around the use of our scripts. Neither we can be hold accountable or liable for anything that could happen, related or not with the use of our services and scripts, even if it’s not explicitly written here.
We are all riding at the edge of Google Cloud Platform technologies, that are constantly evolving, usually for the better. However, as a result, features that we are using and relying on, might be discontinued by Google in the future. We aim to adapt and evolve as Google technologies does, but we cannot guarantee we will always succeed on that effort.
In addition to all above statements we might include some more details for specific scripts and custom solutions, in their own main page and terms.
About user's data and content
- The users are responsible for the data and content they create when using our solutions, either if it's published or not
- We have no ways neither the intention to access or evaluate the user's data and content
- However, in case of complaints we might be able to trace back the owner of a specific map
About fair usage
- We expect a fair usage of our solutions, both in content and the number of instances or calls per user
- When our solution is publicly available, we would consider excessive usage any significant deviation from the user's averages
- We reserve the right to contact any user in such cases, to discuss alternative solutions to avoid this situation
About the GDPR
About 3rd party Api access
- In some of our custom solutions our scripts connect to 3rd party products using REST Api calls.
- We never collect neither store the user’s credentials to access those 3rd party Api
- An example of 3rd party integration we have made are related with Zoho, Solve CRM, Quickbooks, Clio, etc.
(†) We may change these terms from time to time at our sole discretion. Your continued use of our solutions after any change in these terms will constitute your acceptance of such changes.
Please, contact us for any questions or concerns you might have about our privacy and terms.