Privacy Policy
Last updated: July 6, 2025
1. Introduction
This Privacy Policy describes how Attachment Hippo ("we," "our," or "us") collects, uses, and handles your information when you use our Google Workspace Add-on service.
2. Information We Collect
2.1 User-Provided Information
- Email addresses and other criteria specified in your rules
- Rule configurations and preferences
- Google Drive folder selections
2.2 Automatically Collected Information
- Message IDs of processed emails
- Processing duration metrics
- Number of attachments processed
- Number of rules created and stored
- Performance and usage statistics
2.3 Data Classification and Protection Levels
We classify all collected data into protection levels to ensure appropriate security measures are applied:
Critical Protection Level (Authentication Data)
- Data Type: OAuth authentication tokens, service account credentials
- Protection Measures: Encrypted storage in Google Script Properties, never exposed to client-side code, server-side only access, automatic Google-managed encryption
- Access: No user or client access; backend services only
High Protection Level (Personal Information)
- Data Type: Your email address and user identity information
- Protection Measures: User isolation (you can only access your own data), AES-256 encryption at rest, strict access controls, Google OAuth session authentication
- Access: Accessible only to authenticated account owner
Medium-High Protection Level (User Configuration)
- Data Type: Rule configurations (email patterns, subject keywords, file extensions), Google Drive folder selections, custom filename templates
- Protection Measures: User-scoped database queries, server-side validation, encrypted storage, no direct client database access
- Access: Accessible only to authenticated account owner through secured application interface
Medium Protection Level (Processing Metadata)
- Data Type: Message IDs of processed emails, processing timestamps, attachment processing counts, rule execution history
- Protection Measures: Encrypted storage, user isolation, no sharing with external parties, automatic cleanup of old data
- Access: System use only for functionality and rate limiting; not exposed to users
Universal Protection Measures Applied to All Data:
- Encryption at rest using AES-256 encryption (Google Cloud managed keys)
- Protected by Google Cloud Platform's FIPS 140-2 compliant security infrastructure
- Strict database access controls preventing direct client access
- User data isolation - you can only access your own data
- Server-side only processing within Google's secure infrastructure
- Minimal scope OAuth permissions (read-only Gmail access, limited Drive access)
3. How We Use Your Information
We use the collected information for:
- Operating and maintaining the Service
- Processing email attachments according to your rules
- Improving the Service performance
- Analyzing usage patterns and service metrics
- Tracking and enforcing plan-specific rule limits
- Communicating with you about the Service
4. Data Storage and Security
4.1 Infrastructure
We operate entirely within Google's infrastructure and rely on Google's robust security measures. All data is processed and stored using Google Workspace and Google Cloud services.
4.2 Data Protection
We implement appropriate technical and organizational measures to protect your data, including:
- Secure processing within Google's infrastructure
- Mandatory email verification for file operations
- Access controls and authentication measures
5. Data Retention
We retain your data for as long as necessary to provide the Service and comply with our legal obligations. You may request deletion of your data at any time by contacting us.
6. Analytics and Monitoring
We use:
- Google's logging services for operational monitoring
- BigQuery for analyzing service performance and usage patterns
- Google Firestore for data storage
No third-party analytics services outside of Google's infrastructure are used.
7. Information Sharing
Important Notice
We do not share your personal information with third parties except:
- As required by law
- When necessary to provide the Service
- With your explicit consent
8. Your Rights
You have the right to:
- Access your personal information
- Request deletion of your data
- Opt-out of future communications
To exercise these rights, contact us at attachmenthippo@gmail.com.
9. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.
10. Google Workspace Integration
10.1 Scope of Access
Our Service integrates with Google Workspace and requires specific permissions to:
- Access your Gmail account to process attachments
- Access your Google Drive to save files
- Store configuration data in Google's infrastructure
10.2 Google's Privacy Policy
Our Service operates within Google's infrastructure and is subject to Google's privacy and security standards. We recommend reviewing Google's Privacy Policy to understand how Google processes your data.
