Skip to content
Gallium Technologies Gallium Technologies
    • FormChime
    • ApproveKit
    • HeyDB
  • About
  • Team
  • Docs
  • Blog
  • Support
  • Products

    • FormChime
    • ApproveKit
    • HeyDB
  • About
  • Team
  • Docs
  • Blog
  • Support
  1. Home
  2. ApproveKit Privacy Policy

ApproveKit Privacy Policy

Last updated: 1 March 2026

This policy explains the planned data handling model for ApproveKit. ApproveKit is not yet publicly launched, so this page describes the intended privacy posture for product planning, review, and future Marketplace preparation.

What data we access

ApproveKit is expected to access the following data when the product is launched:

  • Google Form structure — field names, field types, and form title. Used to configure approval workflows.
  • Form submission responses — the answers a respondent provides. Used to route approval requests and display submission details to approvers.
  • Your Google account email address — used for authentication and to identify form owners and approvers.
  • Approval configuration — the approval chains, approver email addresses, and workflow rules you create within ApproveKit.

Why we access it

Data typePurpose
Form structureConfigure which fields are relevant to the approval decision
Form responsesDisplay submission details to approvers and track approval status per submission
Email addressesAuthenticate users, send approval request emails, and notify requesters of decisions
ConfigurationStore approval chains and routing rules

What OAuth scopes we request and why

ScopeTypePurposeWhat happens if revoked
forms.currentonlyNon-sensitiveRead form structure and submissions to manage approval workflowsApproveKit cannot track submissions or display approval details
gmail.sendSensitiveSend approval request emails and status notificationsApprovers will not receive email notifications
script.external_requestNon-sensitiveConnect to Stripe for licence validationPremium features will be unavailable; free tier continues to work

How data is processed

ApproveKit is intended to run on Google’s infrastructure as a Google Apps Script add-on. In the planned model, when a form is submitted:

  1. Google triggers the ApproveKit script attached to your form.
  2. The script reads the submission data and your approval chain configuration.
  3. The script sends an approval request email to the first approver in the chain.
  4. When an approver responds, the script updates the status and notifies the next approver or the original requester.

The intended design keeps workflow processing on Google’s infrastructure. If that changes during implementation, this page will be updated before launch.

What data is stored and where

  • Approval configuration and approval status are expected to be stored in Google’s PropertiesService or another Google-controlled storage layer chosen during implementation.
  • No Gallium Technologies-hosted user database is planned for the core workflow.
  • Billing and entitlement details are still to be finalised.

What data is shared

Your data is never sold, rented, or shared with third parties for advertising or marketing.

  • Stripe is expected to process billing details if paid plans are introduced. See Stripe’s privacy policy.
  • No other third parties receive your data.

Data retention and deletion

  • Uninstall the add-on from the Google Workspace Marketplace to remove all ApproveKit functionality and configuration from your Google account.
  • Revoke permissions at myaccount.google.com/permissions to remove all OAuth access.
  • Gallium Technologies does not retain any user data after uninstallation.

Your rights

You have rights over your personal data regardless of where you are located. Depending on your jurisdiction, these may include the right to:

  • Access your personal data and obtain a copy of it.
  • Correct inaccurate or incomplete personal data.
  • Delete your personal data (also known as the ‘right to be forgotten’).
  • Restrict or object to certain processing of your data.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent at any time where processing is based on consent.
  • Opt out of sale — we do not sell your personal data to any third party.

These rights are provided under frameworks including the Australian Privacy Principles, the EU/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), among others.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days, or sooner if required by your local law.

Legal basis for processing

If you are in the EU, EEA, or UK, we process your personal data on the following legal bases under GDPR:

Processing activityLawful basis
Accessing your Google Form structure to configure approval workflowsContract performance — necessary to deliver the service you installed
Reading form submission responses to route approval requestsContract performance — core functionality you configured
Sending approval request and status notification emails via GmailContract performance — the primary purpose of ApproveKit
Billing or licence validation, if introducedLegitimate interest — verifying authorised access to paid functionality

International data transfers

ApproveKit runs on Google’s infrastructure. Google’s Data Processing Terms include Standard Contractual Clauses for transfers of personal data outside the EU/EEA.

If Stripe is introduced for billing, it will process payment data in accordance with its own privacy policy. See Stripe’s privacy policy.

Data breaches

In the event of a personal data breach:

  • We will notify affected users without undue delay.
  • We will notify the Office of the Australian Information Commissioner (OAIC) within 30 days, in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988.
  • For users in the EU/EEA or UK, we will notify the relevant supervisory authority within 72 hours where required under GDPR.
  • We will provide details of the breach, likely consequences, and measures taken.

Contact the OAIC: oaic.gov.au Contact the UK ICO: ico.org.uk

Contact

For privacy enquiries or to exercise your rights under any applicable privacy law:

Email: [email protected]

Gallium Technologies Pty Ltd Australia

Gallium Technologies Gallium Technologies

Google Workspace add-ons that do one thing well.

Company

  • About
  • Team
  • Blog
  • Support
  • Documentation

Products

  • FormChime
  • ApproveKit
  • HeyDB

Legal

  • Terms of Service
  • FormChime Privacy
  • ApproveKit Privacy
  • HeyDB Privacy

© 2026 Gallium Technologies Pty Ltd

Made with ❤️love in Australia