Grackle Privacy and Security Policy
- Grackle will never share data without your permission
- We will never sell data to a third party
- We use industry standard SSL to ensure that data is encrypted and transmitted securely from end to end
- We make every effort to ensure consistency with the Family Educational Rights and Privacy Act (FERPA) policies
- We also comply with the Children’s Online Privacy Protection Act (COPPA)
- We recognize the users’ rights under the General Data Protection Regulation (GDPR)
The slightly Finer Print
We collect the following personal information:
- Contact Information such as name and email address
- Preferences Information, order history, marketing preferences
- We do not require or store any of your Google passwords
What we do not collect from you
We do not mine or save the information from your Google Account or Google Drive that is processed by GrackleDocs.
We also collect the following information
As is true of most Web sites or applications, we automatically gather information about your computer such as your IP address, browser type, referring/exit pages, and operating system.
We use that information to:
- Fulfill your orders
- Send you order confirmations
- Assess the needs of your business to determine suitable products
- Send you requested product or service information
- Send product updates or warranty information
- Respond to customer service requests
- Administer your account
- Send you a newsletter
- Respond to your questions and concerns
- Conduct research and analysis
We use a trusted third-party email campaign engine such as MailChimp for our newsletter, or marketing emails. You can opt out of such mailings at any time by following the unsubscribe link/instructions included in every such email.
We do not sell your personal information to third parties.
We may also disclose your personal information as required by law such as to comply with a subpoena, or similar legal process when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
If GrackleDocs is acquired by another corporation, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information, to any other third party with your prior consent to do so.
Cookies and other tracking technologies
Our Web pages contain electronic images known as Web beacons (sometimes called single-pixel gifs) and are used along with cookies to compile aggregated statistics to analyze how our site is used and may be used in some of our emails to let us know which emails and links have been opened by recipients. This allows us to gauge the effectiveness of our customer communications and marketing campaigns.
Our site may include links to other Web sites whose privacy practices may differ from those of GrackleDocs. If you submit personal information to any of those sites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any Web site you visit.
Additional Policy Information
We may update this privacy statement to reflect changes to our information practices. If we make any material changes we will notify you by e-mail (sent to the e-mail address specified in your account) or by means of a notice on this Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
The security of your personal information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.
All information flow, to and from our servers, are done over encrypted connections, using SSL.
We utilize third party payment providers as a means for making purchases on our site. Their privacy statement and security practices will apply to your information. We encourage you to read that privacy statement before providing your information.
G Suite Security
So, how does G Suite protect my data?
When you decide that you would like to store your data with G Suite, it is then protected in a number of different ways. This includes advanced phishing detection with the aid of machine learning, authentication with security key enforcement and also prevention of data leakage.
Due to G Suite being a 100% cloud-based system it means you can be protected from attacks such as Ransomware, viruses, and malware. There is no need to install a separate system for spam processing because Gmail uses Machine Learning to automatically filter any spam and to scan all emails for suspicious and dangerous content. The G Suite administrator can also control all attachments sent and received by your organisation so that nobody opens or sends anything that they shouldn’t.
2-Step Verification keeps your data secure
Using 2-Step Verification (2SV) provides users with a better option to secure their accounts. As well as 2SV over an encrypted connection, users can also block unauthorized access to their accounts with Google Prompt that delivers real-time prompts, telling the user when they have logged into a device.
This update comes through as a pop-up notification on the Google app. This allows users to answer “yes” or “no” when asked, “are you logging in?”
There are now new device rules for Mobile Management, which allows G Suite admins to define custom rules that create triggers for certain actions or events. For example, if something occurs on one of your company’s devices that’s been specified in a custom rule, the corresponding action that’s been set will automatically be carried out. Some of these rules include;
- Approve select mobile devices when the device is enrolled.
- Block access to corporate data if a specific app is installed.
- Block access to account/wipe the device if the user has more than 5 failed screen unlock attempts.
- Block access to/wipe the account if there is suspicious activity found on the device.
3rd party app control
Google can also protect your data against phishing attacks. Google provides 3rd party control with OAuth apps whitelisting. This gives your company extra control over 3rd party applications that have access to your data. It is now possible for admins to specifically select which apps can have access to which users G Suite data.
This keeps your data safe as it is ensuring that your users don’t accidentally grant access to apps that may be malicious.
Grackle Suite Add-on Security
Google Account Permissions
When installing Grackle Suite Add-Ons, a selection of the following permissions will be asked to continue.
View and manage Google Drive files and folders that you have opened or created with this app
- Grackle requires write access to the user’s Google Docment to help remediate accessibility requirements.
View and manage documents that this application has been installed in
- Grackle needs to access Google Docs in the user’s Google Drive in order to convert to tagged PDF
- We also upload and update PDF files to Google Drive and list folders on Google Drive in the user’s “Output Location” dialog box
Connect to an external service
- The Grackle Suite Add-Ons connect to our Grackle Google Cloud Server when a user chooses to convert a Google Doc to tagged PDF.
Allow this application to run when you are not present
- This is required to support functionality related to Cloning a document and setting the output location for PDFs that are generated. These processes run on behalf of the user and require this permission.
View and manage data associated with the application
- See the ‘Grackle Suite Information Retained’ section below
Display and run third-party web content in prompts and sidebars inside Google applications
- This permission is required for you to be able to open the Grackle sidebar in your Google Docs.
Grackle Suite Information Retained
- Email address
- First name, last name, picture, locale setting
- Title of a document at the time of conversion
- Refresh token
- While a user is Signed in, the refresh token is utilized by the Grackle Suite service to connect to the users Google Drive for document conversion processes
- Document ID, folder ID, and the output PDF’s file ID when uploaded to Google Drive
- This is stored in a database transaction log and is used by the administration console so users can view a history of all conversion jobs and easily locate the input and output files
- Title of a document at the time of conversion
- This is stored in a database transaction log and is used in the administration console so users can view a history of all document conversion jobs by name of document
Grackle Server requirements
- This requires full Drive access. The Grackle Service is utilized to generate PDF output and upload it to the user’s Google Drive. We are also reviewing this and hope to reduce the Full Drive access requirements.
Incident management and disaster recovery
We practice regular recovery drills and perform regular backups of all databases. In the event of an incident, we would contact your account owner, and work with you throughout resolution.
We’ve been around the block and we’ve seen a lot of companies come and go. Security isn’t just about technology, it’s about trust. We’ve worked hard to earn the trust of thousands of users worldwide. We’ll continue to work hard every day to maintain that trust. Longevity and stability is core to our mission at Grackle.
Email us. Call us. Send a carrier pigeon. Visit our contact page.