Skip to content
Gallium Technologies Gallium Technologies
    • FormChime
    • ApproveKit
    • HeyDB
  • About
  • Team
  • Docs
  • Blog
  • Support
  • Products

    • FormChime
    • ApproveKit
    • HeyDB
  • About
  • Team
  • Docs
  • Blog
  • Support
  1. Home
  2. FormChime Privacy Policy

FormChime Privacy Policy

Last updated: 2 April 2026

This policy explains what FormChime accesses, why it needs that access, and how the current Marketplace-oriented deployment is constrained. FormChime is built to keep user data inside Google’s environment wherever possible, with narrowly scoped external calls only for approved premium features.

What data we access

FormChime may access the following data when you use the add-on:

  • Google Form structure — form title, question titles, question types, quiz settings, and file-upload fields.
  • Form submission responses — the submitted answers used to populate notification templates.
  • Uploaded file references — file identifiers for responses submitted through Google Forms file-upload questions.
  • Google Drive files you explicitly reference — only when you configure premium file attachments using approved Drive file URLs.
  • Your Google account email address — used to identify the form owner and send notifications from your Google account.
  • Notification configuration — recipients, templates, sender settings, routing conditions, attachment settings, and delivery preferences.
  • Optional premium integration data — webhook destinations for approved providers and phone numbers/message templates for Twilio SMS.
  • Licence information — signed entitlement material stored in your Google account to determine whether premium-only features are enabled.

Why we access it

Data typePurpose
Form structureBuild placeholder lists, detect quiz state, and understand whether file uploads exist
Form responsesPopulate email, SMS, and approved webhook templates when a response is submitted
Uploaded file referencesAttach uploaded files to notification emails when you enable that premium feature
Approved Drive file URLsAttach the files you nominate to outgoing notifications
Your Google account email addressIdentify the form owner and send notification emails through Gmail
Notification configurationStore and evaluate the rules you configure for each form
Optional premium integration dataDeliver provider-specific chat notifications and Twilio SMS
Licence informationVerify premium access and fail safely back to the free tier if verification fails

What OAuth scopes we request and why

ScopeTypePurposeWhat happens if revoked
forms.currentonlyNon-sensitiveRead the current form’s structure, question metadata, and response contextFormChime cannot detect fields or process submissions correctly
gmail.sendSensitiveSend notification emails from your Google accountEmail notifications stop working
script.external_requestNon-sensitiveMake approved outbound requests for provider-specific webhooks, Twilio SMS, and supporting APIsPremium chat and SMS features stop working
script.container.uiNon-sensitiveRender the FormChime interface inside Google FormsThe add-on UI cannot open
script.scriptappNon-sensitiveCreate and inspect the installable form-submit trigger used by FormChimeAutomatic notifications cannot be set up or checked
drive.fileSensitiveCreate temporary files needed for PDF generationPDF attachments stop working
drive.readonlySensitiveRead uploaded files and approved Drive files for attachmentsAttachment features stop working

How data is processed

FormChime runs as a Google Apps Script add-on attached to a Google Form. When a form response is submitted:

  1. Google runs the installable form-submit trigger for the form owner.
  2. FormChime reads the response and the saved notification rules for that form.
  3. FormChime evaluates conditions, premium access, and delivery limits on the server side.
  4. FormChime sends the configured email notification through Gmail.
  5. If the rule is premium-enabled, FormChime may also send an approved provider webhook notification or a Twilio SMS.
  6. FormChime records delivery status in a bounded log stored in Google’s PropertiesService.

Most processing happens entirely inside Google’s infrastructure. External calls are limited to provider-specific webhook destinations, Twilio SMS, and supporting APIs required by the current premium feature set.

What data is stored and where

  • Notification rules, delivery logs, and daily counters are stored in Google’s PropertiesService for the current form or user.
  • First-run state and signed premium entitlements are stored in Google user properties, not in Gallium Technologies infrastructure.
  • The signing secret used to verify premium entitlements is stored in Apps Script script properties controlled by Gallium Technologies.
  • Gallium Technologies does not run a general-purpose application database for FormChime user data.

What data is shared

Your data is never sold, rented, or shared for advertising.

  • Google processes form data, UI rendering, trigger execution, email sending, and PropertiesService storage because FormChime runs inside Google Workspace.
  • Twilio receives phone numbers and SMS message content only if you configure the premium SMS feature. See Twilio’s privacy policy.
  • Slack, Discord, or Google Chat receive the message content you choose to send when you configure those provider-specific webhook notifications.
  • Stripe is expected to process billing data once self-serve checkout is introduced. At the time of this update, FormChime’s premium access is enforced through signed entitlements rather than a finished public checkout flow.

Generic arbitrary webhook destinations are intentionally disabled in the current deployment posture.

Data retention and deletion

  • Uninstall the add-on from Google Workspace Marketplace to stop FormChime from running on your forms.
  • Revoke permissions at myaccount.google.com/permissions to remove OAuth access.
  • Delete or replace notification rules inside the add-on if you no longer want configuration stored for a form.
  • Gallium Technologies does not retain a separate copy of your form responses after uninstall because FormChime is designed to process them within Google’s environment.

Your rights

You have rights over your personal data regardless of where you are located. Depending on your jurisdiction, these may include the right to:

  • Access your personal data and obtain a copy of it.
  • Correct inaccurate or incomplete personal data.
  • Delete your personal data (also known as the ‘right to be forgotten’).
  • Restrict or object to certain processing of your data.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent at any time where processing is based on consent.
  • Opt out of sale — we do not sell your personal data to any third party.

These rights are provided under frameworks including the Australian Privacy Principles, the EU/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), among others.

To exercise any of these rights, contact us at privacy@galliumtech.dev. We will respond within 30 days, or sooner if required by applicable law.

Legal basis for processing

If you are in the EU, EEA, or UK, we process your personal data on the following legal bases under GDPR:

Processing activityLawful basis
Accessing form structure to list placeholders and configure rulesContract performance — necessary to deliver the service you installed
Reading submission responses to populate notificationsContract performance — core functionality you configured
Sending email notifications via GmailContract performance — the primary purpose of FormChime
Sending provider-specific webhook or SMS notifications when enabledContract performance — an optional feature you explicitly configured
Verifying signed premium entitlement stateLegitimate interest — preventing unauthorised premium access and preserving fail-secure behaviour

International data transfers

FormChime runs primarily on Google’s infrastructure. Google’s Data Processing Terms include Standard Contractual Clauses for transfers of personal data outside the EU/EEA.

If you enable Twilio SMS, message content and recipient phone numbers are sent to Twilio for delivery. If you enable Slack, Discord, or Google Chat notifications, the message content you configure is sent to that provider’s webhook endpoint.

Stripe will process payment data in accordance with its own privacy policy once public billing flows are introduced. See Stripe’s privacy policy.

Data breaches

In the event of a personal data breach:

  • We will notify affected users without undue delay.
  • We will notify the Office of the Australian Information Commissioner (OAIC) within 30 days where required under the Notifiable Data Breaches scheme.
  • For users in the EU/EEA or UK, we will notify the relevant supervisory authority within 72 hours where required under GDPR.
  • We will provide details of the breach, likely consequences, and the measures taken.

Contact the OAIC: oaic.gov.au Contact the UK ICO: ico.org.uk

Contact

For privacy enquiries or to exercise your rights under any applicable privacy law:

Email: privacy@galliumtech.dev

Gallium Technologies Pty Ltd Australia

Gallium Technologies Gallium Technologies

Google Workspace add-ons that do one thing well.

Company

  • About
  • Team
  • Blog
  • Support
  • Documentation

Products

  • FormChime
  • ApproveKit
  • HeyDB

Legal

  • Terms of Service
  • FormChime Privacy
  • ApproveKit Privacy
  • HeyDB Privacy

© 2026 Gallium Technologies Pty Ltd

Made with ❤️love in Australia