Policy Scope Notice: This document applies exclusively to Dawent’s Google Workspace Apps and related services. It does not govern any other Dawent products or service lines. For legal terms applicable to other offerings, please refer to our Legal Overview.
Effective Date: May 23, 2024
Dawent ("we," "us," or "our") respects your privacy and is committed to protecting personal data in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This statement outlines how Dawent's Google Workspace Apps access, process, and safeguard user data.
This policy applies to any individual ("you," "your," or "user") whose personal data is processed in the context of our operations within the European Economic Area (EEA), regardless of nationality.
For the purpose of this document, "Google Workspace Services" refer to the suite of productivity and collaboration tools provided by Google LLC ("Google"), as defined and updated by Google from time to time.
Dawent licenses access to proprietary apps designed to extend or enhance Google Workspace. These apps serve as supplemental tools to Google’s core services and do not replace or replicate their core functionality. Dawent does not offer standalone service delivery but instead provides licensed access to tools that interoperate with Google Workspace, subject to Google’s platform permissions and policies.
You, as the user, act as the Data Controller when using Dawent’s Google Workspace Apps. This means:
You determine which Google Workspace data is accessed and processed.
You control the permissions granted to our apps via OAuth.
You are responsible for compliance with data protection regulations regarding the data you manage.
As a Data Controller, Dawent determines why and how this data is processed.
Dawent acts as a data controller when processing personal data explicitly collected from users who upgrade to a licensed version of the add-on. This includes:
Licensing and subscription details (e.g., name, email address, subscription status, billing information).
Transaction-related data received from payment processors (e.g., transaction ID, subscription status, and payment confirmation).
⚠ Note: We do not store or process payment information, including but not limited to card details, virtual cards, or digital wallets. All payment transactions are handled exclusively by third-party payment processors (see [Section 10: Payment Processing]).
Customer support inquiries that include personally identifiable information (PII).
As a Data Processor, Dawent follows the instructions of the user (Data Controller) and processes data on their behalf.
Dawent acts as a data processor when its apps process Google Workspace data strictly within your account and solely as permitted by Google Workspace's API policies.
Data access is limited to the OAuth scopes explicitly authorized by you during installation and use.
No Google Workspace data is stored, transferred, or retained outside of your account.
Some apps facilitate third-party integrations, where data is transmitted only as explicitly authorized by you (see [Section 3: Third-Party Processing]).
Dawent may use third-party services that act as sub-processors to facilitate specific functionalities.
Each third-party service operates under its own GDPR-compliant policies (see [Section 10]).
Before enabling third-party integrations, users must explicitly authorize data sharing.
Dawent processes data in accordance with the following lawful bases under the GDPR:
When you install our apps via the Google OAuth flow, you grant access to your Google Workspace Services and data, allowing us to provide essential functionalities as part of the service agreement.
For users purchasing a subscription, we process subscription-related data (e.g., transaction ID, subscription status, and payment confirmation) as part of our contractual obligation to manage licensing and billing. However, payment card processing is handled exclusively by third-party payment processors (see [Section 10: Payment Processing]).
We do not store or process payment card details.
We collect and process certain non-personally identifiable technical and diagnostic data to enhance security, maintain functionality, and resolve errors.
Users may explicitly authorize our apps to integrate with third-party services, resulting in data transmission. This may occur in the following ways:
OAuth Authorization – You initiate an OAuth flow to grant our apps permission to process your third-party data, enabling integration and functionality.
Credential-Based Access – You provide API keys, tokens, or security credentials stored within your Google account, allowing our apps to interact with third-party services.
Our website uses cookies from Google to provide services and analyze traffic. Information about your use of the site is shared with Google. When visiting the website, you have the option to Accept or Reject cookies.
For more details, refer to Google’s Cookie Policy.
Additionally, users can manage or disable cookies through their browser settings.
Google Workspace Service Data
Processed directly within Google Workspace without being stored on our servers.
Access is limited to the OAuth scopes explicitly authorized by you during installation and use.
Processing Scope: Restricted to essential operations required for the add-on’s functionality.
Payment & Subscription Data
When users purchase a subscription, payment details (e.g., card information) are entered directly on third-party payment processors (see [Section 10: Payment Processing]).
We do not store, process, or have direct access to users' payment card details.
We only access subscription-related data (e.g., transaction ID, subscription status, and payment confirmation) via third-party payment processors to manage licensing and billing.
User-Provided Data (PII)
Collected when users interact with our apps, such as when purchasing a license, subscribing to an app, or requesting support.
Subscription & Licensing Data
Collected when users subscribe to a licensed version of the add-on by making a payment.
Examples: Name, email, subscription plan, billing information, and communication preferences.
Processing Scope: Used for licensing, invoicing, and customer support.
Support & Communication Data
Collected when users engage with our support team or submit service-related inquiries, issues, or explicit debug information.
Examples: Emails, chat messages, customer support tickets, and diagnostic logs shared for troubleshooting.
Processing Scope: Used solely for responding to inquiries, resolving issues, and debugging. AI models (such as GPT and Gemini) may assist with customer support inquiries, but PII is anonymized. Users may request exclusion from AI-based support by contacting us.
System & Diagnostic Data / Debug Logs
Non-personally identifiable data used for maintaining service functionality and debugging.
Examples: System performance metrics, timestamps, and error codes.
Processing Scope: Retained for 30 days for troubleshooting purposes.
Data Location: Your data remains within Google Workspace and is not transferred to our servers.
Security Measures: We implement encryption, access controls, and authentication protocols to safeguard data integrity.
Error Logging: Non-personally identifiable error logs are retained for 30 days for debugging and error reporting.
Licensing & Subscription Data: If you purchase a license, we securely store the explicitly provided data (see 4. Data Collection & Processing – User-Provided Data) within our Google Workspace account for invoicing and communication.
We only store licensing, subscription, and communication data. Under the GDPR, you have the right to:
Access Your Data – Request a copy of the data we store.
Rectify Inaccuracies – Correct or update incorrect or outdated information. However, changing the email associated with a license is not permitted.
Erase Data ("Right to be Forgotten") – Request permanent deletion of your data, subject to legal or contractual obligations.
Restrict Processing – Request limitations on how we process your data.
Data Portability – Obtain a structured, machine-readable copy (e.g., CSV or JSON format) of your data for reference.
Object to Processing – Opt out of certain processing activities, including direct marketing.
To exercise these rights, contact us at support@dawent.com. We will respond within the legally required timeframe and comply where legally permissible.
We retain user data only for as long as necessary to fulfill contractual, legal, and operational obligations.
Error Logs & Analytics
Retained for 30 days to enhance security, maintain functionality, and assist in debugging. Logs are automatically deleted afterward unless needed for ongoing issue resolution.
Licensing & Subscription Data
Active Users – Data is retained throughout the subscription period.
Inactive/Expired Subscriptions – Data is automatically deleted after 3 years, unless legally required for a longer period.
User Deletion Requests – Users may request deletion of their data, subject to legal and contractual limitations.
Support & Communication Data
Retained for the duration of the subscription + 3 years after the last interaction to ensure issue resolution and service continuity.
After this period, data is anonymized or securely deleted, unless legally required for a longer retention period.
Users may request data deletion where legally permissible.
When you uninstall the add-on, Google Workspace immediately revokes our add-on’s access to your Google Workspace data, meaning we can no longer process your data.
If you previously authorized third-party integrations, you may need to manually revoke access through the respective third-party provider’s settings.
Users may request deletion of stored data (as outlined in Section 4.2) by contacting us.
Some data may be retained to fulfill legal, contractual, or operational obligations.
Error logs and system diagnostic data are anonymized and do not contain PII.
Verified deletion requests are processed within 30 days, unless an extended retention period is legally required.
The data stored with us, (as outlined in [Section 4.2: Data Stored with Us]), is processed using Google’s global infrastructure, including data centers in the U.S., Europe, and Asia-Pacific. Where applicable, we rely on Standard Contractual Clauses (SCCs) to ensure GDPR-compliant data transfers outside the European Economic Area (EEA).
Google Workspace Services comply with GDPR and Data Processing Addendums (DPAs). For EU-based users, Google also offers data residency options to store certain data within the EEA. More details are available in Google’s GDPR Compliance Center.
If users authorize third-party integrations via our add-on, data may be transmitted to those services based on the permissions granted. Each third-party service operates under its own GDPR-compliant policies, and we recommend reviewing their privacy terms before enabling integrations.
For further details, refer to: Google’s GDPR Compliance Center
In the event of a security breach affecting personal data, we will:
Notify the relevant EU Data Protection Authority (DPA) within 72 hours, as required by GDPR.
Affected users will be informed via email, an in-app notification, or a public notice on our website, depending on the severity and legal requirements.
If individual notification is not feasible or not legally mandated, a public notice will be issued on our website outlining the nature of the breach and recommended actions.
We utilize GDPR-compliant third-party services, including:
Google Workspace Services (Google LLC) – as both the underlying platform and a sub-processor, where applicable, providing authentication, storage, and operational infrastructure for our apps.
ClickSend, MessageBird, Telesign, Textlocal, Twilio – SMS and notification services.
BL.INK, T.LY – URL shortening and link management services.
Klaviyo, Brevo, Mailchimp, HubSpot, Cyberimpact – Marketing and CRM integrations.
QuickBooks – Accounting, invoicing, and billing services.
We select GDPR-compliant providers, but we recommend users review each service’s privacy policies and terms to understand how their data is handled. Users who enable third-party integrations via our apps should review the respective privacy policies before authorizing data sharing.
Payment Processing
Payment transactions are handled exclusively by Stripe, PayPal, and Razorpay.
We do not store or process payment card details.
Our access is limited to subscription-related data (e.g., transaction ID, subscription status, and payment confirmation) necessary for managing licensing and billing.
For GDPR inquiries, contact: Data Protection Officer, Dawent, support@dawent.com