Privacy Policy

Last updated: April 6, 2026

Introduction

Welcome to GDocify ("we," "our," or "us"). GDocify is a Software-as-a-Service (SaaS) automation platform that automates Google Docs generation by processing data from various datasource providers through OAuth integrations. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the service.

Our Service

GDocify is an automation platform that connects to your datasource providers (such as Google Sheets, Airtable, Notion, HubSpot, Salesforce, and custom APIs) through OAuth consents that you grant. Our service retrieves data from these sources, processes it to replace placeholders in Google Docs templates, and generates documents. We do not permanently store the data retrieved from your datasource providers beyond what is necessary for the immediate processing and document generation.

Information We Collect

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, password, and profile information you choose to provide
  • OAuth Connection Information: When you connect datasource providers (Google Sheets, Airtable, Notion, HubSpot, Salesforce, or custom APIs), we store OAuth tokens and connection metadata necessary to access your data. These tokens are encrypted and stored securely.
  • Automation Configuration: Templates, mappings, and automation settings you create
  • Payment and Billing Information: If applicable, payment method details and billing address (processed through secure third-party payment processors)
  • Communications: Support requests, feedback, and other communications with us

We also automatically collect certain information when you use our service:

  • Usage Data: Pages visited, features used, time spent, automation execution logs, and error logs
  • Device Information: IP address, browser type, operating system, device identifiers
  • Cookies and Tracking Technologies: We use cookies and similar technologies to maintain your session and improve service functionality

Data Processing and Storage

Important: GDocify processes data from your connected datasource providers but does not permanently store this data. Here's how our data processing works:

  • OAuth Consent: You grant OAuth permissions to allow GDocify to access data from your datasource providers (Google Sheets, Airtable, Notion, HubSpot, Salesforce, or custom APIs)
  • Data Retrieval: When an automation is triggered, we retrieve the necessary data from your connected datasource provider using the OAuth tokens you authorized
  • Processing: The retrieved data is processed in memory to replace placeholders in your Google Docs templates and generate the final documents
  • Document Generation: The processed documents are created in your Google Drive account (you maintain full ownership and control)
  • No Persistent Storage: The data retrieved from your datasource providers is not stored permanently on our servers. It exists only in memory during the processing phase and is discarded immediately after document generation

We do store:

  • OAuth tokens (encrypted) necessary to maintain your datasource connections
  • Automation configurations, templates, and mappings you create
  • Execution logs and metadata for troubleshooting and service improvement (these do not contain the actual data from your datasources)

OAuth Integrations and Third-Party Data Access

GDocify integrates with the following datasource providers through OAuth:

  • Google Sheets: Access to read data from your Google Sheets
  • Airtable: Access to read data from your Airtable bases and tables
  • Notion: Access to read data from your Notion workspaces
  • HubSpot: Access to read data from your HubSpot account
  • Salesforce: Access to read data from your Salesforce org
  • Custom APIs: Access to data from APIs you configure

Your Control: You have complete control over these OAuth connections:

  • You can revoke OAuth access at any time through your account settings or directly through the third-party provider
  • You can disconnect datasource providers at any time, which will immediately stop all data access
  • You can view and manage all active OAuth connections in your account settings

Google Drive and Google Sheets: What We Access and Why

We do not read any of your Google files except the ones you explicitly give us access to (e.g. the document or spreadsheet you open or connect in the app). We do not read, scan, or access any other files in your Google Drive or account.

Why we need these permissions:

  • drive.file — See, edit, create, delete only the specific Drive files used by the app. We need it to open and save only the Doc or file you explicitly open or create in GDocify. Official reference: Google Drive API scopes.
  • drive.readonly — See and download Drive files. We need it so you can pick a file from Drive inside the app; we only access the file you select. We do not list or read your other files. Official reference: same Drive API scopes link above.
  • spreadsheets — See, edit, create, delete spreadsheets. We need it to read and write only the spreadsheet(s) you explicitly connect for automation. We do not access your other spreadsheets. Official reference: Google Sheets API scopes.

You can review Google's official OAuth 2.0 and scope documentation here: OAuth 2.0 Scopes for Google APIs.

Airtable: What We Access and Why

We do not read any of your Airtable data except the bases and tables you explicitly connect in the app. We do not access, list, or read your other bases or workspaces.

Why we need these permissions:

  • data.records:read — Read records from tables. We use it only to read records from the base(s)/ table(s) you explicitly connect for automation. Official reference: Airtable OAuth / third-party integrations.
  • data.records:write — Create, update, delete records. We use it only for the bases you've connected (e.g. writing automation results). We do not modify any other bases.
  • schema.bases:read — Read base schema (tables, fields). We use it only for the base(s) you connect so you can map fields in GDocify. We do not read schema for your other bases. Official reference: Airtable API scopes.

You can review Airtable's official OAuth and scope documentation here: Third-party integrations via OAuth.

Google API Services User Data Policy: Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our automation service
  • Process your automation requests and generate Google Docs as configured
  • Maintain OAuth connections to your datasource providers
  • Send you technical notices, updates, security alerts, and support messages
  • Respond to your comments, questions, and support requests
  • Monitor and analyze usage patterns, performance, and trends to improve our service
  • Detect, prevent, and address technical issues, security threats, and fraudulent activity
  • Process payments and send related billing information (if applicable)

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information or data from your datasource providers to third parties for their marketing purposes.

We may share your information in the following limited situations:

  • Service Providers: With trusted third-party vendors who perform services on our behalf (such as hosting, payment processing, analytics). These providers are contractually obligated to protect your information and use it only for the purposes we specify.
  • Third-Party APIs: When you configure automations, we access data from your connected datasource providers (Google, Airtable, Notion, HubSpot, Salesforce, etc.) as authorized by your OAuth consents. We do not share this data with other third parties.
  • Business Transfers: In connection with any merger, sale, acquisition, or transfer of assets, provided that the receiving party agrees to honor this Privacy Policy
  • Legal Requirements: When required by law, court order, or governmental authority, or to protect our rights, property, or safety, or that of our users or others
  • With Your Consent: For any other purpose disclosed to you with your explicit permission

Data Security

We implement industry-standard technical and organizational security measures to protect your information:

  • Encryption: All data in transit is encrypted using TLS/SSL. OAuth tokens are encrypted at rest.
  • Access Controls: Strict access controls and authentication mechanisms to ensure only authorized personnel can access your information
  • Secure Infrastructure: Our infrastructure is hosted on secure cloud platforms with regular security updates and monitoring
  • OAuth Token Security: OAuth tokens are stored securely and can be revoked by you at any time. We follow OAuth security best practices.
  • Regular Audits: We conduct regular security audits and assessments

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account.

Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request access to and receive a copy of your personal data
  • Rectification: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data and account
  • Objection: Object to or restrict processing of your data
  • Data Portability: Receive your data in a structured, commonly used, and machine-readable format
  • Withdraw Consent: Withdraw consent where processing is based on consent (e.g., revoke OAuth connections)
  • Opt-Out: Opt out of certain data processing activities, such as marketing communications

To exercise these rights, please contact us using the information provided in the Contact Information section below. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and improve service functionality. Cookies are small files with a small amount of data that may include an anonymous unique identifier. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service, particularly those requiring authentication.

Third-Party Services

Our service integrates with third-party datasource providers (Google Sheets, Airtable, Notion, HubSpot, Salesforce, and custom APIs) through OAuth. When you connect these services, you are subject to their respective privacy policies and terms of service. We encourage you to review the privacy policies of these third-party services:

We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services beyond what is necessary to provide our automation service.

Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law:

  • Account Information: Retained while your account is active and for a reasonable period after account deletion for legal and business purposes
  • OAuth Tokens: Retained until you revoke the connection or delete your account
  • Automation Configurations: Retained while your account is active and deleted when you delete your account
  • Datasource Data: Not stored permanently. Data retrieved from your datasource providers exists only in memory during processing and is discarded immediately after document generation
  • Logs and Metadata: Retained for a limited period for troubleshooting, security, and service improvement purposes

Children's Privacy

Our service is not intended for children under the age of 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using our service, you consent to the transfer of your information to these countries. We take appropriate safeguards to ensure that your information receives an adequate level of protection.

Changes to This Policy

We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We may also notify you via email or through a notice on our service for significant changes. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Your continued use of our service after any changes constitutes acceptance of the updated Privacy Policy.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: saudchougle.sc@gmail.com

Address: Mumbai, Maharashtra, India