The only data we currently collect when you sign in with your gmail is:
The ability to make new google forms and access only the ones that we have made. We will NOT be able to access anything else on your google drive. You can revoke this access at any time.
We use your email to send you only emails such as when you sign up for a paid plan, and they will always have an option to unsubscribe. Otherwise, we do not use this information for anything at all.
What happens to the text you input?
The Fine Print:
Information we collect.
We collect information about you when you use our Service, including:
Personal Information: We may collect personal information such as your name, email address, which you provide when you sign in with Google.
User Content: We may collect information that you provide when you use the Service, such as text you paste in, questions you select or do not select, and any other user-generated content.
Usage Information: We may collect information about how you use the Service, such as the pages you visit, the links you click, and other actions you take while using the Service.
Device Information: We may collect information about the devices you use to access the Service, such as the type of device, operating system, and browser you use.
Miscellaneous Information: We may collect other information not specifically enumerated here, such as your IP address, location data, and other technical information about your use of the Service.
How We Use Your Information
We may use the information we collect about you to:
Provide, operate, and improve the Service
Respond to your requests and inquiries
Send you updates, newsletters, and other communications related to the Service
Monitor and analyze usage of the Service
Detect, prevent, and address technical issues and security vulnerabilities
Comply with legal obligations and enforce our policies
How We Share Your Information
We may share your information with:
Service Providers: We may share your information with third-party service providers who help us operate the Service, such as hosting providers, payment processors, and analytics providers.
Business Partners: We may share your information with business partners who offer products or services that may be of interest to you.
Legal Authorities: We may share your information with law enforcement agencies, courts, or other legal authorities if we are required to do so by law or if we believe that such disclosure is necessary to protect our rights, property, or safety, or the rights, property, or safety of others.
We are committed to safeguarding your information and employ appropriate technical and organizational measures to prevent unauthorized access, disclosure, or alteration of data. These measures include encryption (in-transit & at-rest), access controls, regular security audits, and yearly employee trainings. We strive to maintain industry-standard security practices to protect the privacy of user data.
Secrets (database credentials etc.) are encrypted and stored in GitHub, and are NOT present in the source code.
The Google API is used to allow exports to Google Forms, Google Docs, and Google Slides. We will only be able to create new files, and update files we created. We will NOT be able to access anything else on your google drive. We store your Google API tokens securely in an encrypted database. You can revoke this access at any time.
Compliance with FERPA & COPPA
We are fully committed to complying with the Family Educational Rights and Privacy Act (FERPA) and Children's Online Privacy Protection Rule (COPPA), as we understand the importance of protecting student data. Our webapp does not collect, store, or use any personally identifiable information (PII) of students or any other sensitive educational records. We prioritize the privacy and confidentiality of student data in accordance with FERPA and COPPA requirements.
Our Service is not intended for use by children under the age of 13, and we do not ask for or store personal information from children under the age of 13.
Microsoft uses and enables the use of industry-standard encrypted transport protocols, such as Transport Layer Security (TLS) and Internet Protocol Security (IPsec). All secrets such as encryption keys are properly secured in a secrets manager. All data is stored at a Microsoft data center on the east coast of the US. Microsoft defends your data through clearly defined and well-established response policies and processes, strong contractual commitments, and if necessary, the courts. All communication between users and our service is SSL encrypted according to industry best practices.
Important notes from the API policy: "OpenAI will not use data submitted by customers via our API to train or improve our models, unless you explicitly decide to share your data with us for this purpose."
For more: https://openai.com/enterprise-privacy
For all financial transaction information we use Stripe. Stripe will not sell, retain, use or disclose Personal Data for any purpose other than for the specific purposes of performing the Services and to comply with Law. Stripe implements and maintains a written information security program and a data security incident management program that addresses how Stripe will manage a data security incident involving the accidental or unlawful destruction, loss, alteration or unauthorized disclosure of, or access to, Personal Data. For more: https://stripe.com/privacy
Browserless.io is used to fetch the contents of web pages for generating user content. URL’s users enter into The Service may be transmitted to browserless. For more: https://www.browserless.io/privacy-policy/
We use Google OAuth to authenticate users' identities, and comply with their security recommendations. We do not process or store any plain-text client information and store tokens securely in an encrypted database. We never commit secrets, including Google OAuth secrets, to any code repositories. All secrets are stored in an encrypted secrets manager. When we no longer need access to a user's account or no longer need access to permissions that a user previously granted, their tokens are revoked. After the tokens are revoked, they are deleted permanently from the system.
Google Analytics collects the following information to help us better understand our users: number of users, session statistics, approximate geolocation, browser and device information, and number of purchases.
Sentry collects Software bugs (errors), page loads, and API calls in order to to help us identify and fix bugs and improve performance: