Google API Services User Data Policy Compliance

This page documents our full compliance with Google's API Services User Data Policy and Limited Use requirements.

This page is publicly accessible without login and is maintained for Google OAuth Verification purposes.
Docs & PDF Mail Merge fully complies with the Google API Services User Data Policy, including the Limited Use requirements.
🔒
No Google Workspace user data is transmitted to, stored on, or processed by any external server operated by the developer.

1. Limited Use Compliance

Docs & PDF Mail Merge's use of data obtained from Google APIs complies strictly with the Limited Use requirements. Specifically:

🎯

User-Facing Functionality Only

Google Workspace data (Sheets, Docs, Drive) is used exclusively to perform the document merge and PDF generation functionality that users directly request. No secondary uses exist.

🚫

No Data Transfers to Third Parties

Google Workspace data is never transferred, sold, disclosed, or made available to any third party, including data brokers, aggregators, or analytics providers.

📵

No Advertising Use

Google Workspace data is never used for advertising purposes, targeted advertising, retargeting, or advertising-related profiling of any kind.

🤖

No AI/ML Model Training

Google Workspace data obtained through the API is never used to train, improve, or validate any artificial intelligence or machine learning model — generalised or specific.

👤

Restricted Human Access

Since no user data is transmitted to developer servers, no developer personnel can access user document content. Human access is restricted solely to user-initiated support, security incident response, and legal obligations.

🔑

Least-Privilege Scopes

The Add-on uses the minimal OAuth scopes necessary: drive.file (not drive), documents.currentonly (not documents), ensuring access is restricted to only files the user explicitly interacts with.

2. Complete Compliance Statement

"The use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements."

3. OAuth Scopes Justification

The following OAuth scopes are requested and are the minimum required for Add-on functionality:

Scope Justification Limited to
drive.file Copy template Docs, upload PDF files to Drive Only files Add-on creates or user explicitly opens
documents.currentonly Replace placeholders in document copy Only the current document being processed
script.container.ui Display Add-on sidebar within Google Sheets UI rendering only, no data access
script.external_request Call Google Drive and Docs REST APIs (within Google infrastructure) Restricted to google.com API endpoints
script.locale Read locale for date format in generated documents Read-only locale preference, no user data

4. No External Data Transmission

Docs & PDF Mail Merge does not operate a backend server. All processing runs within Google Apps Script on Google's infrastructure. The urlFetchWhitelist in the project manifest restricts external network calls to Google's own API endpoints only. No user data (document content, spreadsheet values, or personal information) is ever transmitted outside of Google's infrastructure.

5. Contact for Compliance Inquiries

For questions related to our Google API compliance practices:

Email: brahim.charhoune20@gmail.com

We respond to compliance inquiries within 48 hours.