Privacy Policy

Last updated: March 23, 2026

Overview

CertifyAll ("we", "our", "the add-on") is a Google Workspace Marketplace add-on that generates PDF certificates from Google Forms responses and Google Slides templates. We are committed to protecting your privacy and being transparent about what data we access.

Data we access

CertifyAll accesses the following data through Google's APIs, only when you actively use the add-on:

• Google Forms: We read the current form's structure (questions, titles) and individual responses (answers, scores, email addresses) to generate certificates.
• Google Slides: We read your selected Slides template to detect placeholders. We create temporary copies of the template to generate individual certificates.
• Google Drive: We save generated certificate PDFs to a "CertifyAll Certificates" folder in your Drive. Temporary files are deleted after PDF generation.
• Email: We send certificate PDFs and result notification emails to form respondents on your behalf using your Google account.
• Account email: We use your email address to identify your account for usage tracking and license validation.

Data we store

CertifyAll stores the following data using Google Apps Script's built-in PropertiesService (stored on Google's servers, within your Google account):

• Configuration: Your template ID, placeholder mappings, passing score threshold, and email template preferences.
• Usage counter: The number of certificates generated in the current month.
• License key: If you upgrade to Pro, your license key is stored to validate your subscription.

Data we do NOT store

• We do not store form responses, student data, or quiz scores on any external server.
• We do not store certificate content or PDFs outside of your Google Drive.
• We do not have our own database or servers. All data stays within your Google account.
• We do not sell, share, or transfer your data to any third party.

Third-party services

CertifyAll uses Polar.sh for payment processing and license key validation (Pro plan only). When you upgrade to Pro:

• Your payment is processed by Polar.sh. We do not see or store your payment details (credit card, billing address).
• We send your license key to Polar's API for validation. Polar receives only the license key string and our organization ID - no personal data.

Polar.sh's privacy policy: https://polar.sh/legal/privacy

Data security and protection

CertifyAll takes the security of your data seriously. We implement the following protection mechanisms for all data the add-on processes:

• Encryption in transit: All communication between the add-on and Google services (Forms, Slides, Drive, Gmail) is performed over HTTPS using TLS 1.2 or higher. The single external API call to Polar.sh for license validation also uses HTTPS/TLS.
• Encryption at rest: All data stored by the add-on (configuration, license keys, usage counters) is held in Google Apps Script PropertiesService, which is encrypted at rest by Google's infrastructure.
• No external storage: CertifyAll does not operate any external servers or databases. We have no backend infrastructure that could be breached. Form responses, certificate PDFs, and template content remain entirely within the user's own Google Workspace account.
• Least-privilege access: The add-on uses the narrowest OAuth scopes possible. The drive.file scope (per-file access) is used so the add-on can only read files the user explicitly selects via Google Picker - it cannot access any other files in the user's Drive.
• Ephemeral processing: Temporary files created during certificate generation are automatically deleted from Drive immediately after the PDF is exported. The add-on does not retain copies of generated certificates outside of the user's "CertifyAll Certificates" Drive folder.
• License key handling: Pro license keys are stored in PropertiesService scoped to the individual user. License keys are never logged, exposed in URLs, or shared with any party other than the Polar.sh validation API.
• Authentication: All access to user data uses OAuth 2.0 tokens managed by Google Apps Script. The add-on never sees, stores, or transmits user passwords.
• Code review: CertifyAll's complete source code is reviewed by Google during the Workspace Marketplace verification process before publication.
• Compliance: CertifyAll's data handling adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Data retention

Configuration and usage data are stored in Google's PropertiesService as long as the add-on is installed. If you uninstall the add-on, Google may delete this data. Certificate PDFs in your Drive remain until you delete them.

Your rights

You can:

• Revoke access at any time by uninstalling the add-on or removing it from your Google account permissions.
• Delete your data by removing the "CertifyAll Certificates" folder from your Drive and uninstalling the add-on.
• Request information about your data by contacting us at support@certifyall.app.

Google API Services disclosure

CertifyAll's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Changes to this policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date.

Contact

If you have questions about this privacy policy, contact us at support@certifyall.app.