1. Introduction

Workspace Guard ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Google Workspace security auditing service.

2. Information We Collect

2.1 Account Information

When you sign in with Google, we collect:

Your name and email address
Google account identifier
Profile picture (if available)

2.2 Workspace Data (Read-Only Access)

With your explicit authorization, we access the following data in read-only mode:

User directory information (names, emails, admin status)
MFA enrollment status
OAuth application permissions and scopes
File sharing settings and external sharing exposure
Domain configuration settings

2.3 Usage Data

We automatically collect certain information about your device and usage, including browser type, IP address, pages visited, and time spent on pages.

3. How We Use Your Information

We use the information we collect to:

Provide security audit reports and risk assessments
Generate recommendations to improve your security posture
Send you alerts about security issues (if enabled)
Improve and optimize our service
Respond to your inquiries and support requests

4. Data Storage and Security

4.1 Minimal Data Retention

We follow a minimal data retention policy:

Audit scan results are stored temporarily during your session
Historical trend data is aggregated and anonymized
Raw workspace data is not permanently stored
You can request deletion of your account and all associated data at any time

4.2 Security Measures

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, secure authentication, and regular security audits of our own systems.

5. Data Sharing

We do not sell, trade, or rent your personal information. We may share data only in the following circumstances:

Service Providers: With trusted third-party services that help us operate our platform (e.g., hosting providers)
Legal Requirements: When required by law, regulation, or legal process
Business Transfers: In connection with a merger, acquisition, or sale of assets
With Your Consent: When you explicitly authorize us to share information

6. Google API Services

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only request the minimum scopes necessary to provide our security auditing service.

7. Your Rights

You have the right to:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate personal data
Deletion: Request deletion of your personal data
Revoke Access: Revoke our access to your Google Workspace at any time through your Google Account settings
Data Portability: Request your data in a portable format

8. Cookies and Tracking

We use essential cookies to maintain your session and preferences. We do not use third-party tracking cookies for advertising purposes. You can control cookie settings through your browser.

9. Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us.