Security Overview

Form submission and approval records
We do not store your Google Form submission data and we do not store your approval records also. This information is retained in your Google account and is accessed by the add-on with the authorization you provide.
Authorizations
When you install the add-on, it will ask for authorization to run on your account. The authorizations will be used for the sole purpose of providing the service to you. The add-on requires the following authorizations to operate:
The authorization... ...is required for
Display and run third-party web content in prompts and sidebars inside Google applications This authorization is required for the add-on to work within a sidebar inside Google Forms, where you can add recipients, recipient order, recipient logic, and configure other settings.
Allow this application to run when you are not present This authorization is required for the add-on to detect when form responses are made on your form and include information from the form submission in notifications sent to the requestor and recipients.
Connect to an external service This authorization is required for the add-on to send/retrieve information from Google Cloud Firestore. Refer to section below titled 'Data stored'
View and manage your spreadsheets This authorization is required for the add-on to read and write approval records to the spreadsheet linked to your form.
View and manage your forms This authorization is required for the add-on to access the form for which you have setup the add-on. The add-on obtains response data from this form and includes it in email notifications to your requestor and recipients.
Send email as you This authorization is required for the add-on to send email notifications to requestors and recipients on your behalf. The add-on will send email from your account each time a form submission is received or an approval is made.
View and manage Google Drive files and folders that you have opened or created with this app This authorization is required for the add-on to provide the feature that includes an attachment on notifications (i.e allowing users to choose a file from the Google Drive to be used as a template).
It is important to note:
  • The add-on does not have authorization to read or modify emails in your email account.
  • Unlike other add-ons, Form Approvals does not have broad access to your Google Drive (only what is required to access your Google Forms, linked Google Sheets and a file you select as a template for an attachment).
  • The add-on will only ever use the authorizations listed above for the sole purpose of providing you the service.
  • The add-on developer and support team have no access to your files. Should you require technical assistance we may ask you to grant temporary access to your files in order to troubleshoot. You are under no obligation to grant access.
  • Your G Suite administrator can use the OAuth Token audit logs to view / monitor the activity of any third party application.
If you are still unsure, feel free to use a new G Suite account that only has the Google Form and linked Google Sheet stored within it (and nothing else).
Data stored
When developing the add-on, we have consciously designed the information flow in a way that minimizes the data which is required to be stored. To function, the add-on stores the following minimal information in Google's Cloud Firestore. The add-on stores the add-on administrator's email address, authorization details and file metadata (e.g Google Form Id, Google Sheet Id). We may also store usage and subscription related information.

That is the minimum information we are required to store, to provide you the service. Further details of the information we collect is in our Privacy Policy. All form response data and approval records are stored in your linked spreadsheet and are therefore not required to be stored separately by the add-on.
Data center security
The Service is a cloud service, hosted by Google in data centers with the highest level of certifications including ISO 27001 and SOC 2. For more compliance information, you can visit the Google Cloud Platform (GCP) webpage or refer to GCP Security and GCP Compliance.
Data residency
All application servers are hosted by Google and data stored by the add-on is stored in Google Cloud Platform's datacentres. When first configuring the add-on, you will be asked to select a region 'Americas', 'Europe' or 'Asia'. The Form Approvals add-on processes data in the region you select when recipients respond to requests and when you view and track the status of requests via our dashboard. Selecting the region closest to you also provides an incremental performance benefit.

Image showing the Form Approvals architecture

Note, since your Form Response data and Approval Records are stored in your spreadsheet, the data region policy set by your G Suite Administrator determines the location in which this data is stored.
Decommissioning and data removal
All customer data is stored on GCP services, and follows a strict decommissioning policy outlined under Secure Data Storage of the Google Infrastructure Security Design Overview. For customer-specific data, we will manually remove all data associated with your account from our database on request. You may remove the add-ons access to your account at any time by following the intstructions in Google's support article remove a site or app with access to your account.
Uptime & Reliability
We constantly monitor our service performance and have automatic notifications to ensure rapid response for service interruptions. All code is audited before deploying to production servers. We also monitor updates from the security community and immediately update our systems when vulnerabilities are discovered.
Encryption
Customer data is encrypted when in-transit and at rest. When at rest, customer data is encrypted using a key management system which logs all access automatically. Additionally, encryption key is itself encrypted with a regularly rotated set of master keys, which protect them even in the unlikely event of unauthorized database access. When in transit, mail is encrypted using Transport Layer Security (TLS). TLS ensures that a message and its metadata is encrypted as it passes between the sending and receiving mail server. In situations where a receiving mail server doesn’t support TLS, the message is sent unencrypted. Note: if you use Google Mail, you can check if your emails have been encrypted. On an email you have received, click the down arrow (show details) next to the recipients email address. Encrypted emails appear with a closed padlock and non-encrypted emails appear with an open padlock.
Whitelisting
Email notifications can be delivered from your account directly via Google Mail or via the formapprovals.com domain via Google or AWS. Organisations that do not have MX records pointed to Google for incoming mail will need to use the add-on from another account or request for emails to be sent from the formapprovals.com domain.
All emails sent from the formapprovals.com domain include DKIM, SPF and DMARC authentication so you can always be sure they are sent from us. All emails are also encrypted using TLS, unless the receiving domain does not accept TLS. Emails are first attempted to be sent over a TLS connection, and if it’s not offered by the receiving domain the message is then delivered over a plaintext SMTP connection.
Approval and tracking links within email notifications will direct your users to a subdomain of formapprovals.com. Organisations that utilise URL protection services, will need to whitelist our domain / subdomain when using our one-click approval feature. One-click approvals may be disabled in the Settings tab of the add-on.
Internal policies for data handling
All employees undergo training on data handling. No employee is permitted to access end user data unless required to provide support to an end user. Application level user data is limited to our developers only who each have physical security keys for their Google account that meet FIDO standards.
Disaster recovery
Due to the limited amount of data stored by the application and ease of data restoration, customer data is not backed up. Google Form submission data and approval records are stored in your linked spreadsheet and are therefore not stored by the add-on. It is your responsibility to protect this information.
Incident response
In the unlikely event of a security breach, our team will promptly notify you of unauthorized access to your data.
How to contact us
We know these issues are important to you too. If you have any additional questions that aren't answered above, please email support@formapprovals.com.