1. Introduction

This Privacy Policy describes how Form Approvals ("we", "us", "our") collects, uses, stores, shares, and protects information when you use our approval workflow service for Google Forms (the "Service"). This policy applies to all users of the Service, including add-on administrators who configure the Service, form requestors who submit forms, and recipients who participate in the approval workflow.

Related documents: Security Overview, Data Processing Agreement, Terms of Service.

2. Google User Data

2.1 Authorization Scopes Requested

The Service requests access to specific Google APIs via OAuth authorization scopes. Each scope is used solely for delivering the Service and is not used for analytics, profiling, or any other purpose. For a complete list of the authorization scopes requested and their purposes, refer to the Authorization section of our Security Overview.

2.2 How Google User Data Is Used

• Form responses: Accessed at runtime from your Google Sheet to populate notification emails and approval records. Form response data is not stored by Form Approvals.
• Form structure (questions, options, settings): Read to display form questions in the web dashboard for workflow configuration, to analyse field types for smart routing (AI Field Mapping), and to create or modify form questions via the AI Form + Workflow Builder. Form structure metadata may be sent to our AI provider for processing (see Section 5).
• Gmail (send only): Used solely to send workflow notification emails from your account. We do not read, access, or store emails in your account.
• Google Sheets: Used to read form responses and write approval records in the spreadsheet linked to your form. The add-on only accesses the specific spreadsheet linked to your form.
• Google Drive: Access is limited to files you explicitly select as attachment templates for notifications. We do not request broad Google Drive access.

2.3 Google API Services Limited Use Disclosure

Form Approvals' use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

3. Data We Collect

3.1 Personal Information

We collect the add-on administrator's email address, name, profile picture, locale, and Google Workspace domain from the OAuth authorization flow. If you upgrade to a paid plan, we also collect billing and payment information via our PCI-compliant payment processor, Stripe. We do not store credit card details.

3.2 File Metadata

We store file metadata required to operate the Service, including your Google Form ID, Google Sheet ID, form title, and sheet identifiers (approvals sheet, responses sheet).

3.3 Configuration Data

We store workflow configuration data that you provide, including recipient email addresses, recipient roles and receiving order, conditional logic rules, email template content (sender name, subjects, bodies), and feature settings. If you use AI features, we also store AI-generated field mappings (form category, semantic roles, field labels) to avoid reprocessing.

3.4 Subscription and Billing

We store subscription data including subscription type (Free, Individual, Team, Enterprise), monthly usage and quota, subscription dates, and a Stripe customer identifier for billing. Payment card details are processed and stored entirely by Stripe and are never stored on our systems.

3.5 OAuth Credentials

We store OAuth access tokens, refresh tokens, token expiry, and a list of granted scopes in Google Cloud Firestore. These credentials are encrypted at rest using GCP's server-side encryption (AES-256) and access is restricted via Identity-Aware Proxy (IAP) and IAM policies. Credentials are automatically deleted if a token refresh fails.

3.6 Security Information

We may collect standard technical information including IP addresses, domain names, access times, cookies, and other unique identifying information. This information is used for operating the Service, identifying and protecting our customers, and controlling unauthorized use or abuse.

3.7 Data We Do Not Store

We do not store your form response data and we do not store your approval records. Your form response data is stored by Google in your spreadsheet as part of normal Google Forms functionality. We add approval records to the same spreadsheet and access the information at runtime using the authorization you provide.

4. How We Use Your Data

We use the data we collect for the following purposes:

• Providing the Service: Processing approval workflows, sending notification emails, tracking request status, and managing subscriptions.
• AI-powered features: Generating forms, suggesting workflow configurations, and mapping form fields (see Section 5).
• Service communications: Sending onboarding guidance and product updates based on usage activity.
• Support and diagnostics: Diagnosing, supporting, or resolving problems that might limit or disrupt the quality of your service experience.
• Legal obligations: Complying with applicable laws and regulations.

We will not view any of your information except as necessary to appropriately support the Service or as required by law.

5. AI-Powered Features

The Service includes optional AI-powered features that use machine learning to assist with form and workflow creation. These features are optional and the core approval workflow operates without them.

5.1 AI Features Available

• AI Form + Workflow Builder: Creates Google Forms and approval workflows based on your natural language description.
• AI Workflow Assistant: Suggests approval workflow recipients and settings based on your description of the desired workflow.
• AI Field Mapping: Analyses form questions to suggest semantic roles (e.g., identifying which field contains an email address, date, or amount) for smart routing and notifications.

5.2 Data Sent to AI Providers

When you use AI features, the following data may be sent to our AI provider for processing:

• Form question titles, field types, and response options (form structure only)
• Your natural language descriptions of desired forms or workflows
• Your email domain (for generating realistic placeholder values)

5.3 AI Provider

AI features are powered by Google Vertex AI (Gemini), which processes data within Google Cloud infrastructure. In accordance with Google Cloud terms, data sent to Vertex AI is not used for model training. No form data is retained by the AI provider after processing is complete.

6. Data Sharing and Third Parties

6.1 We Do Not Sell Your Data

We do not sell, trade, or rent your personal information to third parties. We do not use your data for advertising purposes.

6.2 Service Providers (Subprocessors)

The Service uses third-party service providers to deliver functionality. Each provider has access only to the data necessary to perform their function and may not use it for any other purpose. For a complete list of subprocessors, the data they process, and their locations, refer to our Data Processing Agreement.

6.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

7. Data Storage and Protection

All service data (configuration, credentials, subscriptions, and metadata) is stored in Google Cloud Firestore in the United States. The region you select during setup (US, EU, or AU) determines which application server handles your web requests for latency.

Form response data and approval records are stored in your Google Sheet, not on our systems. The storage location for this data is governed by the data region policy configured by your Google Workspace administrator.

We implement commercially reasonable precautions to protect your data, including:

• All data in transit is encrypted using TLS.
• All data at rest is encrypted using GCP's server-side encryption (AES-256).
• OAuth credentials are encrypted at rest and access is restricted via Identity-Aware Proxy (IAP) and IAM policies.
• All users' data is logically separated to prevent unauthorized access.
• We store as little information as possible and cryptographically hash personal information where applicable (e.g., email addresses used as storage keys are hashed using SHA-512).

For full details on our security practices, refer to our Security Overview.

Since Google Forms stores all form responses in the Google Sheet linked to your form and Form Approvals adds all approval records in the same spreadsheet, we strongly recommend that at least two people in your organization have access to this spreadsheet and that ownership is transferred to a new user if the current owner's account is ever planned to be deleted.

8. Revoking Access

By toggling the add-on OFF on each of your forms, the add-on will no longer run when new form submissions are made. In addition, you can remove the add-on's authorization to your account at any time via Google's third party app permissions page. By removing the authorization, the add-on will no longer be able to access your files and therefore will prevent any of your users from using the add-on (including your requestors and recipients).

9. Data Retention and Deletion

9.1 Retention Schedule

We retain your data while your account is active. The following automated retention policies apply:

• Active accounts: Data is retained for as long as the account is active, as needed to provide you services, comply with legal obligations, resolve disputes, and enforce our agreements.
• 6 months of inactivity: Forms with no submissions processed in 6 months are automatically deactivated.
• 12 months of inactivity: Accounts with no form responses processed for 12 months are deemed inactive and all associated data is automatically deleted (including forms, credentials, subscriptions, and user records).

We do not delete data from your Google Form or Google Sheet. Form responses and approval records remain in your spreadsheet under your control.

9.2 Requesting Deletion

You may request deletion of your data at any time. We recommend first following the steps in Section 8 to revoke the add-on's access to your account, then contacting support@formapprovals.com with the email address of the user(s) that configured the add-on and confirmation that you want all stored data deleted. We will process your request promptly.

9.3 What Happens on Deletion

When your data is deleted, all associated Firestore documents are removed, including your user record, form configurations, OAuth credentials, subscription records, and AI-generated field mappings. Data in your Google Sheet is not affected — form responses and approval records remain under your control and can be deleted by you at any time.

10. Your Rights

10.1 GDPR (European Economic Area)

If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate personal data
• Right to erasure — request deletion of your personal data
• Right to restriction of processing — request that we limit how we use your data
• Right to data portability — request your data in a structured, machine-readable format
• Right to object — object to our processing of your personal data
• Right to withdraw consent — withdraw your consent at any time
• Right to lodge a complaint with a supervisory authority

10.2 CCPA (California)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by us
• Right to opt-out of the sale of personal information — we do not sell personal information
• Right to non-discrimination for exercising your privacy rights

10.3 FERPA and COPPA

Form Approvals is designed to comply with the Family Educational Rights and Privacy Act (FERPA) and the Children's Online Privacy Protection Act (COPPA). As a service provider to a large number of educational institutions, we store minimal data and do not collect personal information directly from children. The Service processes only the data that the educational institution (as the add-on administrator) chooses to include in their forms and workflows.

10.4 How to Exercise Your Rights

To exercise any of the above rights, contact us at support@formapprovals.com. We will respond to your request within 30 days.

11. Google API Compliance

Form Approvals has been through several reviews by Google and is subject to ongoing reviews each time a change is made to the application or its authorizations. The application has been through Google's OAuth Client Verification review and Add-on review.

We maintain strict compliance with the Google API Services User Data Policy (including the Limited Use requirements) and the Google APIs Terms of Service.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting a notice on our website and, where possible, by email. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at support@formapprovals.com.