Privacy Policy

Introduction

At Vouchflow, we value the privacy and security of your organizational data. This policy outlines how we handle data when you use our application for Google Drive risk auditing and governance.

Data we process

Vouchflow operates as a governance and auditing layer for your Google Workspace domain. We process the following data to provide our services:

File metadata: File names, IDs, owner emails, and permission sets (public/domain/external).
Directory data: Organizational unit (OU) structure and manager relations for risk escalation.
Admin credentials: OAuth 2.0 tokens and Service Account keys provided during the authorization process.

Data storage & retention

Vouchflow maintains a database of identified risks to provide you with a historical overview and audit trail. This data is stored securely and is used exclusively for providing auditing services to your domain. You may reset or purge your risk data at any time via the admin dashboard.

Data security

All data transmitted between your environment and Vouchflow is protected by industry-standard TLS encryption. We utilize scoped API permissions, meaning we only request access to the specific data points required to identify and report on Drive exposures. We support Google's Cross-Account Protection (RISC) to terminate sessions immediately if a security threat is detected on your Google Account.

Third-party access

We do not sell, trade, or otherwise transfer your data to outside parties. Your data is used exclusively to facilitate the risk auditing and remediation workflows defined within the Vouchflow platform.