Privacy, TOS, SLA and Liability
Updated on Apr. 04, 2023
As long as we only work within the Google Cloud Platform, mostly using Google Apps Script (as a web app or add-on) within the user’s Google account, privacy is for us not just by design but also a premise.
We don’t store or access your data directly, we rely on Google services to process the information as required by the script.
We collect minimal information from you when using our services and scripts
What information we collect?
We collect your email address.
Then, associated with your email address we also collect:
Locale (language of your document),
Settings (just boolean flags associated with your choice to enroll in the beta and alpha program)
Subscription details at PayPal (subscription ID, plus name and email you use @PayPal when subscribing to the premium plan)
Error and warning messages
Usage stats (just numbers like: number of processed items, execution time, etc),
OS (Linux, Windows, etc) and Browser (Chrome, Firefox, Edge, etc) you are using
Note that some other information might come as part of an error message from Google, so far we only know of the following pieces of information: sheet name (on sheet not found error)
Where is that information stored?
Google Firebase Database (email address and settings, premium plan subscription details),
Google Sheets (last 30 days Logs and stats, Merging Mail lists for users we communicate with),
Gmail (email communications with clients), Google Vault and Spanning Backup
PayPal (email address to link the premium plan subscription to your account)
How is that information used?
We use Logs for context when providing support
Merging Mail for some users we communicate with, in case of errors or other important matters
Google Analytics (hashed/obscured with Sha256 email address as user id) for stats, but also to track back ownership in case of complaints or excessive usage
How we protect that information?
Private within our domain @thexs.ca, using 2-step verification
Never login with other account in the same browser session
Do we access your data?
No, we don’t have access to your information, data or settings, other than the aforementioned
All your data stays within your Google account under your full control.
Do we share your information?
We do not and will not share your information with any third party
How we communicate with you?
We might communicate with you by email from time to time to follow up on errors or script issues, as well as other matters we could consider of your interest in relation with our services. When doing that we either send you a personal email or use our own private Merging Mail from Sheets tool
We also provide occasional in-app announcements, polls and surveys with relevant information.
For premium plan subscribers we send a reminder email the month before of the renewal
And of course, we respond to your feedback tickets and follow up your questions until you are satisfied.
Special access for support and troubleshooting
In very special and seldom cases, we respond to requests to and also offer help on troubleshooting specific issues.
In those cases we might have access to your data, provided you share your Google document with us, after agreeing on the following premises and terms:
There is no sensitive, private or personally identifiable information in your data
All your data will remain within your document and
You must remove the sharing access when the support session is completed
Access, scopes, permissions and authorization
When using any of our web apps and add-ons Scripts, hosted on Google Apps servers, you would be asked for authorization to access several services running on your Google account, as shown below.
About the purpose and actual use of each of these scopes.
Depending on the Script you are using, you might just have to authorize just some of these scopes
View and manage Google Drive files and folders that you have opened or created with this app
the Script can only access a private folder it creates within your Google Drive and the data files it creates within that folder
Basic account info (View your email address, Know who you are on Google)
collect your email address for registration and authentication purpose
View and manage documents that this application has been installed in
reading and writing only in the documents you install and use the script
View and manage data associated with the application
reading and writing the properties associated with the script, user and document
Connect to an external service
posting stats, errors and warning messages to the script private log and accessing user's settings
Display and run third-party web content in prompts and sidebars inside Google applications
showing web content for user interaction in a sidebar or dialogue
Allow this application to run when you are not present
running some tasks using triggers (time-based, on form submit), the user must opt-in to set the triggers
View your email messages and settings
getting the list of draft messages, reading the content of the draft message selected by the user
Send email (as you) on your behalf
sending emails based on the selected user's template with information from the current datasheet
Note that the Script having access to those services doesn’t mean we do.
We, as the developers, won’t have direct access to any of those services neither to your data within your Google account or domain.
You can remove any app with access to your account in My Account
TOS, SLA and Liability
Our web apps and add-ons scripts are hosted on Google Apps servers and all your data stays there within your Google account, accordingly both the scripts and your data will enjoy the same Terms of Services (TOS) and Service Level Agreement (SLA) you already have with Google.
The same way that Google “End Users Using Scripts or Add-ons” Terms, declines to assume any responsibility for Scripts or Add-ons, we also do decline as declared in such Terms.
Our services and scripts are provided on an "AS IS" basis. In addition to that we just offer Best Effort basis SLA for the expected and correct functioning of our services and scripts, and on that we commit fully.
Other than that we offer no guarantees, warranties, or any assurances, expressed or implied, about or around the use of our scripts. Neither we can be hold accountable or liable for anything that could happen, related or not with the use of our services and scripts, even if it’s not explicitly written here.
We are all riding at the edge of Google Cloud Platform technologies, that are constantly evolving, usually for the better. However, as a result, features that we are using and relying on, might be discontinued by Google in the future. We aim to adapt and evolve as Google technologies does, but we cannot guarantee we will always succeed on that effort.
In addition to all above statements we might include some more details for specific scripts and custom solutions, in their own main page and terms.
About user's data and content
The users are responsible for the data and content they create when using our solutions, either if it's published or not
We have no ways neither the intention to access or evaluate the user's data and content
However, in case of complaints we might be able to trace back the owner of a specific map
About acceptable use
In addition to our content policies we aim to comply with "Google Cloud Platform Acceptable Use Policy" while dealing with content you might publish using our Cloud solutions
To facilitate the compliance with these policies we provide a webform dialog to report such abuses, usually using a ⓘ information icon
About fair usage
We expect a fair usage of our solutions, both in content and the number of instances or calls per user and per map
When our solution is publicly available, we would consider excessive usage any significant deviation from the user's averages
We reserve the right to contact any user in such cases, to discuss alternative solutions to avoid this situation
We have no intentions to enforce our fair usage policy, however we might do so in some extreme cases
About the GDPR
About 3rd party Api access
In some of our custom solutions our scripts connect to 3rd party products using REST Api calls.
We never collect neither store the user’s credentials to access those 3rd party Api
An example of 3rd party integration we have made are related with Zoho, Solve CRM, Quickbooks, Clio, etc.
(†) We may change these terms from time to time at our sole discretion. Your continued use of our solutions after any change in these terms will constitute your acceptance of such changes.
Please, contact us for any questions or concerns you might have about our privacy and terms.
All our Apps (†) use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
(†) Including all our web apps, add-ons and scripts, like Merging Mail from Sheets, Mapping Sheets, Sheets from Quickbooks, Sheets from Solve and any others