1. Scope of this policy

This Privacy Policy describes how DriveMate, a Salesforce AppExchange application provided by PRAXXY ("DriveMate", "we", "our", or "us"), accesses, uses, stores, shares, retains, and deletes Google user data when a customer connects DriveMate to Google Drive and Google Workspace through Google APIs.

DriveMate Advanced uses customer-authorized OAuth configured inside the customer's Salesforce organization. The Google account authorized for DriveMate may be an individual user account or an integration account controlled by the customer. DriveMate does not use a PRAXXY central Google account, service account, or Google Workspace domain-wide delegation to access customer Drive data. DriveMate's access is always limited to the files and folders that the customer-authorized Google account already has permission to access.

For PRAXXY's general website and corporate privacy practices, see the PRAXXY Privacy Policy. In the event of any conflict between that policy and this one with respect to Google user data, this DriveMate Privacy Policy controls.

2. Limited Use commitment

DriveMate's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

In particular, DriveMate does not:

Transfer or sell Google user data to third parties, including advertising platforms, data brokers, or any information resellers.
Use Google user data for advertising, ad personalization, audience-building, or retargeting purposes.
Use Google user data for lending, credit scoring, or any credit-decisioning purposes.
Use Google user data to create, train, or improve any artificial-intelligence or machine-learning model.
Allow humans to read Google user data, unless (a) we have obtained the user's affirmative agreement to view specific files or other data, (b) it is necessary for security purposes (for example, investigating a bug or abuse), (c) it is necessary to comply with applicable law, or (d) the data is aggregated and used for internal operations in a form that is no longer associated with an identifiable user.

3. Data Accessed

With customer authorization, DriveMate requests the following OAuth scopes from Google:

openid — to identify the Google account that has been authorized to act with DriveMate from inside Salesforce.
https://www.googleapis.com/auth/drive — to access files and folders in Google Drive, including Google Docs and Google Sheets, that the authorized Google account already has permission to access.

Under these scopes, DriveMate may access:

Google Drive files and folders the authorized account can already access, including their metadata (name, owner, parents, MIME type, timestamps, sharing state, custom properties).
File content, when a user action or a Salesforce automation requires DriveMate to read, write, upload, download, copy, move, rename, update metadata for, send to trash, restore, or permanently delete that file.
Google Docs and Google Sheets content, when generating documents from templates or when an automation reads or updates the document.
The basic profile information returned by openid — typically the authorized account's Google user ID and email address — used to identify the account inside DriveMate.

DriveMate does not access Gmail, Calendar, Contacts, Chat, Meet, YouTube, Photos, or any other Google service outside the Drive scope listed above. DriveMate does not request offline or domain-wide access beyond what these scopes provide.

4. Data Usage

DriveMate uses Google user data only to provide and improve the user-facing features the customer has invoked or configured in Salesforce. Specifically:

File and folder management. Creating, listing, searching, opening, moving, copying, renaming, sending to trash, restoring, and permanently deleting Drive files and folders from Salesforce.
Uploads and downloads. Transferring files between Salesforce records and Google Drive at the user's or automation's request.
Metadata updates. Reading and writing file properties such as name, parents, sharing state, and custom properties needed by the customer's configuration.
Document generation. Generating Google Docs and Google Sheets from customer-defined templates, including merge fields, formulas, record tables, rollups, conditional sections, and formula functions.
Salesforce automation. Executing the Drive operations above when invoked by Salesforce Flows or Apex automations that the customer has configured to call DriveMate.
Operational logging. Recording inside the customer's Salesforce organization which actions were performed, by which user, against which Drive object, and whether they succeeded — so the customer can audit and troubleshoot.

DriveMate does not use Google user data for any other purpose. Specifically, DriveMate does not aggregate Google user data across customers, profile end users, target advertising, or feed AI/ML training pipelines.

5. Data Sharing

DriveMate does not transfer or sell Google user data to third parties, including advertising platforms, data brokers, information resellers, or any party that would use that data to create, train, or improve artificial-intelligence or machine-learning models.

Google user data accessed through DriveMate flows directly between three parties:

Google, which serves the Drive API requests under the customer-authorized OAuth token.
The customer's Salesforce organization, where the DriveMate managed package runs and where the customer's own data resides.
End users authorized by the customer inside Salesforce, who invoke DriveMate features through the user interface or through configured automations.

DriveMate does not route Google user data to any other third-party sub-processor. Where PRAXXY uses sub-processors for its own corporate operations (for example, support tooling and analytics on the praxxy.com website), those sub-processors do not receive Google user data. The sub-processor list disclosed in the general PRAXXY Privacy Policy applies to website and marketing data only.

DriveMate may disclose Google user data only when required by law (for example, a valid court order, subpoena, or other legal process) and only to the extent strictly required to comply. We will, where legally permitted, notify the affected customer before any such disclosure.

6. Data Storage and Protection

6.1 Where Google user data is stored

DriveMate is architected so that Google Drive file content remains in Google's systems. DriveMate reads and writes that content in transit only as required to execute the user action or configured automation that requested it, and does not maintain a separate PRAXXY-operated copy of Drive file content.

The information DriveMate persists is stored inside the customer's own Salesforce organization, including:

The Google account identifier (user ID and email) for the customer-authorized integration account, so DriveMate knows which OAuth token to use.
References to Drive files and folders (file IDs, names, parents) needed to link Salesforce records to specific Drive content.
Customer configuration (folder mappings, template definitions, automation settings).
Operational logs of DriveMate actions performed in that org.

This data is subject to the data-residency, encryption, access-control, and backup guarantees that Salesforce provides to the customer for that organization. PRAXXY does not maintain a separate central database of customer Google user data.

6.2 How it is protected

Encryption in transit. All calls between DriveMate, Salesforce, and Google APIs use TLS (HTTPS).
Encryption at rest. Data persisted inside the customer's Salesforce org is encrypted at rest by the Salesforce platform.
OAuth tokens. The OAuth refresh and access tokens used to call Google APIs are stored in protected Salesforce metadata (named credentials / auth providers), are not exposed to end users, and can be invalidated at any time by the customer.
Access controls. Which Salesforce users can invoke DriveMate features is controlled by Salesforce profiles and permission sets, configured by the customer. PRAXXY personnel do not have routine access to customer Salesforce orgs.
Least privilege. DriveMate requests only the Google OAuth scopes listed in Section 3, and operates only against files the authorized Google account already has permission to access.
Secure development. DriveMate is distributed as a Salesforce-reviewed managed package through the AppExchange and follows the AppExchange security review program's requirements.

7. Data Retention and Deletion

7.1 Retention

Because DriveMate does not store Google Drive file content outside of Google, there is no PRAXXY-side retention period for Drive file content — once a DriveMate operation completes, no PRAXXY-controlled copy of that content remains.

The Google account identifier, file references, configuration, and operational logs stored inside the customer's Salesforce organization are retained for as long as the customer continues to use DriveMate in that organization, or for any longer period the customer chooses to keep that data for their own audit, compliance, or business purposes. The customer controls retention of this data through their Salesforce administration tools.

7.2 How to revoke access

The authorized Google user (or a Google Workspace administrator) can revoke DriveMate's access at any time from the Google Account permissions page. Revoking access immediately stops DriveMate from making any further calls to Google APIs through that account.

A Salesforce administrator can also disconnect or uninstall DriveMate from within Salesforce. Uninstalling the DriveMate managed package removes its access from that Salesforce organization.

7.3 How to request deletion of Google user data

PRAXXY does not operate any central database or server-side store of Google user data accessed through DriveMate. DriveMate runs entirely inside the customer's Salesforce organization and accesses Google Drive directly under the customer-authorized OAuth token. As a result, every piece of Google user data that DriveMate touches lives in one of two places, each fully under your control:

Drive files and folders — These remain in Google's systems. To delete them, delete the file in Google Drive, or ask your Google Workspace administrator to do so. PRAXXY holds no copy and cannot delete files in your Google Drive on your behalf.
DriveMate configuration, file references, and operational logs stored inside your Salesforce organization — These remain in your Salesforce org under your Salesforce administrator's control. To delete them, have your Salesforce administrator delete the relevant DriveMate records, or uninstall the DriveMate managed package — which removes DriveMate's custom objects and the data they contain from that organization.

If, despite the above, you believe PRAXXY itself holds Google user data about you in connection with DriveMate — for example, because you shared file information with PRAXXY support in an email — send a deletion request to infopraxxy.com with the subject line "DriveMate data deletion request" and a description of the data and the Google account or Salesforce organization involved. We will respond within 30 days in accordance with applicable data-protection law.

Deletion stops future use of the affected data. It does not reverse actions already taken on Google Drive files by previous, properly authorized DriveMate operations.

8. Children

DriveMate is a business-to-business Salesforce AppExchange application and is not directed to individuals under 16. DriveMate does not knowingly accept Google user data belonging to a child.

9. Changes to this policy

PRAXXY may update this policy to reflect changes in DriveMate, in the Google APIs it consumes, or in applicable law. Material changes will be reflected by updating the "Last Updated" date at the top of this page, and, where appropriate, by notifying customers through the channels published on the PRAXXY website or in the DriveMate documentation.

10. Contact

Questions about how DriveMate handles Google user data, or requests under this policy, can be sent to infopraxxy.com.