FormChime Privacy Policy
Last updated: 2 April 2026
This policy explains what FormChime accesses, why it needs that access, and how the current Marketplace-oriented deployment is constrained. FormChime is built to keep user data inside Google’s environment wherever possible, with narrowly scoped external calls only for approved premium features.
What data we access
FormChime may access the following data when you use the add-on:
- Google Form structure — form title, question titles, question types, quiz settings, and file-upload fields.
- Form submission responses — the submitted answers used to populate notification templates.
- Uploaded file references — file identifiers for responses submitted through Google Forms file-upload questions.
- Google Drive files you explicitly reference — only when you configure premium file attachments using approved Drive file URLs.
- Your Google account email address — used to identify the form owner and send notifications from your Google account.
- Notification configuration — recipients, templates, sender settings, routing conditions, attachment settings, and delivery preferences.
- Optional premium integration data — webhook destinations for approved providers and phone numbers/message templates for Twilio SMS.
- Licence information — signed entitlement material stored in your Google account to determine whether premium-only features are enabled.
Why we access it
| Data type | Purpose |
|---|---|
| Form structure | Build placeholder lists, detect quiz state, and understand whether file uploads exist |
| Form responses | Populate email, SMS, and approved webhook templates when a response is submitted |
| Uploaded file references | Attach uploaded files to notification emails when you enable that premium feature |
| Approved Drive file URLs | Attach the files you nominate to outgoing notifications |
| Your Google account email address | Identify the form owner and send notification emails through Gmail |
| Notification configuration | Store and evaluate the rules you configure for each form |
| Optional premium integration data | Deliver provider-specific chat notifications and Twilio SMS |
| Licence information | Verify premium access and fail safely back to the free tier if verification fails |
What OAuth scopes we request and why
| Scope | Type | Purpose | What happens if revoked |
|---|---|---|---|
forms.currentonly | Non-sensitive | Read the current form’s structure, question metadata, and response context | FormChime cannot detect fields or process submissions correctly |
gmail.send | Sensitive | Send notification emails from your Google account | Email notifications stop working |
script.external_request | Non-sensitive | Make approved outbound requests for provider-specific webhooks, Twilio SMS, and supporting APIs | Premium chat and SMS features stop working |
script.container.ui | Non-sensitive | Render the FormChime interface inside Google Forms | The add-on UI cannot open |
script.scriptapp | Non-sensitive | Create and inspect the installable form-submit trigger used by FormChime | Automatic notifications cannot be set up or checked |
drive.file | Sensitive | Create temporary files needed for PDF generation | PDF attachments stop working |
drive.readonly | Sensitive | Read uploaded files and approved Drive files for attachments | Attachment features stop working |
How data is processed
FormChime runs as a Google Apps Script add-on attached to a Google Form. When a form response is submitted:
- Google runs the installable form-submit trigger for the form owner.
- FormChime reads the response and the saved notification rules for that form.
- FormChime evaluates conditions, premium access, and delivery limits on the server side.
- FormChime sends the configured email notification through Gmail.
- If the rule is premium-enabled, FormChime may also send an approved provider webhook notification or a Twilio SMS.
- FormChime records delivery status in a bounded log stored in Google’s PropertiesService.
Most processing happens entirely inside Google’s infrastructure. External calls are limited to provider-specific webhook destinations, Twilio SMS, and supporting APIs required by the current premium feature set.
What data is stored and where
- Notification rules, delivery logs, and daily counters are stored in Google’s PropertiesService for the current form or user.
- First-run state and signed premium entitlements are stored in Google user properties, not in Gallium Technologies infrastructure.
- The signing secret used to verify premium entitlements is stored in Apps Script script properties controlled by Gallium Technologies.
- Gallium Technologies does not run a general-purpose application database for FormChime user data.
What data is shared
Your data is never sold, rented, or shared for advertising.
- Google processes form data, UI rendering, trigger execution, email sending, and PropertiesService storage because FormChime runs inside Google Workspace.
- Twilio receives phone numbers and SMS message content only if you configure the premium SMS feature. See Twilio’s privacy policy.
- Slack, Discord, or Google Chat receive the message content you choose to send when you configure those provider-specific webhook notifications.
- Stripe is expected to process billing data once self-serve checkout is introduced. At the time of this update, FormChime’s premium access is enforced through signed entitlements rather than a finished public checkout flow.
Generic arbitrary webhook destinations are intentionally disabled in the current deployment posture.
Data retention and deletion
- Uninstall the add-on from Google Workspace Marketplace to stop FormChime from running on your forms.
- Revoke permissions at myaccount.google.com/permissions to remove OAuth access.
- Delete or replace notification rules inside the add-on if you no longer want configuration stored for a form.
- Gallium Technologies does not retain a separate copy of your form responses after uninstall because FormChime is designed to process them within Google’s environment.
Your rights
You have rights over your personal data regardless of where you are located. Depending on your jurisdiction, these may include the right to:
- Access your personal data and obtain a copy of it.
- Correct inaccurate or incomplete personal data.
- Delete your personal data (also known as the ‘right to be forgotten’).
- Restrict or object to certain processing of your data.
- Data portability — receive your data in a structured, machine-readable format.
- Withdraw consent at any time where processing is based on consent.
- Opt out of sale — we do not sell your personal data to any third party.
These rights are provided under frameworks including the Australian Privacy Principles, the EU/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), among others.
To exercise any of these rights, contact us at privacy@galliumtech.dev. We will respond within 30 days, or sooner if required by applicable law.
Legal basis for processing
If you are in the EU, EEA, or UK, we process your personal data on the following legal bases under GDPR:
| Processing activity | Lawful basis |
|---|---|
| Accessing form structure to list placeholders and configure rules | Contract performance — necessary to deliver the service you installed |
| Reading submission responses to populate notifications | Contract performance — core functionality you configured |
| Sending email notifications via Gmail | Contract performance — the primary purpose of FormChime |
| Sending provider-specific webhook or SMS notifications when enabled | Contract performance — an optional feature you explicitly configured |
| Verifying signed premium entitlement state | Legitimate interest — preventing unauthorised premium access and preserving fail-secure behaviour |
International data transfers
FormChime runs primarily on Google’s infrastructure. Google’s Data Processing Terms include Standard Contractual Clauses for transfers of personal data outside the EU/EEA.
If you enable Twilio SMS, message content and recipient phone numbers are sent to Twilio for delivery. If you enable Slack, Discord, or Google Chat notifications, the message content you configure is sent to that provider’s webhook endpoint.
Stripe will process payment data in accordance with its own privacy policy once public billing flows are introduced. See Stripe’s privacy policy.
Data breaches
In the event of a personal data breach:
- We will notify affected users without undue delay.
- We will notify the Office of the Australian Information Commissioner (OAIC) within 30 days where required under the Notifiable Data Breaches scheme.
- For users in the EU/EEA or UK, we will notify the relevant supervisory authority within 72 hours where required under GDPR.
- We will provide details of the breach, likely consequences, and the measures taken.
Contact the OAIC: oaic.gov.au Contact the UK ICO: ico.org.uk
Contact
For privacy enquiries or to exercise your rights under any applicable privacy law:
Email: privacy@galliumtech.dev
Gallium Technologies Pty Ltd Australia