Privacy Policy

Effective date: 2026-06-04 · Last updated: 2026-06-04

DriveSentinel (“the App,” “we,” “us,” “our”) is a Google Workspace add-on operated by an individual developer (“Operator”) whose contact email is gpswaraich@gmail.com. This Privacy Policy explains what information DriveSentinel handles and how.

This policy is written to comply with the Google API Services User Data Policy, including the Limited Use requirements.

1. Who we are

DriveSentinel is a sidebar add-on for Google Drive that helps an individual user manage who has access to the Google Drive files they own. The Operator is the sole controller of the add-on. There is no separate corporate entity, no employees, and no shared infrastructure.

2. What information DriveSentinel accesses

When you install and use DriveSentinel, the add-on may access the following information under your direction:

Your basic Google account email, used to display which account you are signed in as.
Metadata of Google Drive files and folders you own: file name, owner, last-updated date, and the list of people you have shared each item with (their email, role, and external/internal status). This is read in real time to render the audit, to perform revocations, and to schedule revocations.
Files shared with you, when you explicitly invoke the “Backup Shared Files” feature. In that case, the add-on copies those files into a new folder in your own Google Drive on your behalf.
Outbound notification emails sent on your behalf to recipients you choose when you opt into the “send warning email” option for scheduled revocations.
Lightweight local app state, stored privately to your Google account via the Apps Script PropertiesService: the list of contacts (“People”) you save inside the add-on, and the queue of scheduled revocation jobs you have created.

DriveSentinel does not access, read, or transmit the content of any Google Drive document, spreadsheet, presentation, or other file. Only metadata and permission lists are accessed for the listed features. The single exception is the “Backup Shared Files” feature, which uses Google's makeCopy API to copy a file from your shared-with-me area into your own Drive; the file content is never transmitted outside of Google's own infrastructure.

3. How the information is used

DriveSentinel uses the accessed information solely to:

Display the current state of who has access to your Drive files (the Audit feature).
Remove specified people's access to your files when you instruct it (the Revoke feature).
Schedule future revocations and execute them on the date you set (the Smart Revoke feature).
Copy your shared-with-me files into your own Drive (the Backup feature).
Optionally send a notification email to recipients you specify, warning them of an upcoming revocation date.

All processing happens inside Google's Apps Script runtime under your own Google account's authorization. No information is sent to the Operator's servers; the Operator does not operate any servers.

4. How the information is shared

DriveSentinel does not transfer, sell, lend, or share any of your data with any third party, including the Operator. The only outbound communication the add-on can produce is the optional notification email you explicitly opt into, sent via Google's MailApp service to recipients you yourself specify.

5. Google API Services User Data Policy — Limited Use

DriveSentinel's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

We only use access to read or modify the data the user expressly asks us to.
We do not use the data for serving advertisements.
We do not transfer the data except as necessary to provide or improve the user-facing features the user invoked. In practice this means: no transfer occurs at all, because all processing is in Apps Script under the user's own authorization.
Humans (including the Operator) do not read user data, except (a) when the user explicitly requests support and shares specific data for that support request, (b) for security reasons such as investigating abuse, or (c) to comply with applicable law.

6. Data retention

DriveSentinel does not retain any of your data on Operator-controlled systems because no such systems exist. The only data persisted by the add-on is stored inside Google's own PropertiesService keyed to your own Google account:

Your saved “People” list (names and emails you grouped yourself).
Your scheduled revocation queue (target email, revoke date, file IDs).

You can delete this stored state at any time by uninstalling the add-on from your Google account, or by deleting individual entries from inside the add-on UI.

7. Your rights

You can at any time:

Revoke DriveSentinel's access to your Google account via myaccount.google.com/permissions.
Uninstall the add-on via Google Drive → Extensions menu, or via the Workspace Marketplace add-on management page.
Delete your saved People list and any scheduled jobs from inside the add-on UI.
Contact the Operator at gpswaraich@gmail.com with questions about your data.

If you reside in the EEA, UK, California, or another jurisdiction that grants rights of access, correction, deletion, or portability over personal data, you may exercise those rights by emailing the Operator at the address above.

8. Children

DriveSentinel is not directed at children under 13 (or under 16 in the EEA). The Operator does not knowingly collect personal information from children.

9. Security

The Operator does not operate servers and does not store user data outside of Google's own infrastructure. All add-on logic executes inside Google Apps Script under your own Google account credentials. The Operator therefore relies on Google's security controls for stored data. The Operator is responsible for maintaining the integrity of the add-on source code, which is published only through the Google Workspace Marketplace and is not modifiable by third parties.

10. Changes to this policy

If this policy materially changes, the Operator will update the “Last updated” date above and, where appropriate, notify users via the add-on's homepage or via the email associated with their Google account.

11. Contact

Operator contact: gpswaraich@gmail.com

For DSAR-style requests (access / correction / deletion), email the Operator at the address above with the subject line “DriveSentinel Privacy Request.”