appscriptly Privacy Policy

Last updated 28 June 2026

appscriptly is a Google Workspace automation tool that creates, edits, and manages your Google Docs, Sheets, Slides, and Drive files, manages your Google Calendar events, Google Tasks, Google Forms (and reads the responses people submit to them), and your Google Contacts, sends and labels email through Gmail when you ask, and installs Apps Script automations, all on your behalf and at your explicit direction. appscriptly's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Google data we access (and nothing more)

Email and account id (openid, userinfo.email) to identify your account and store authorization per user; Docs (documents), Sheets (spreadsheets), and Slides (presentations) to create and edit what you ask; Drive files created by or opened with appscriptly (drive.file), a per-file scope (appscriptly cannot see, read, or search the rest of your Drive); Apps Script projects and deployments (script.projects, script.deployments) to install the automations you request, and their execution history (script.processes, read-only) so you can see which automations ran; Google Calendar (calendar) to create, edit, and read the events and calendars you ask us to manage; Google Forms (forms.body to create and edit forms, forms.responses.readonly to read submitted responses); Google Tasks (tasks) to create and manage your task lists and tasks; Contacts (contacts to create, edit, and read your contacts, contacts.other.readonly to read your auto-saved other contacts); and Gmail for sending and labels only (gmail.send to send messages you compose, gmail.labels to manage label names). appscriptly Gmail access is send-and-label only: it cannot read, search, or modify the messages in your mailbox, and it does not request gmail.readonly, gmail.modify, or any full-mailbox scope. All of this data transits only during the specific tool call you trigger; it is never copied or warehoused. The only data appscriptly stores is your encrypted OAuth token and account id.

What appscriptly does not access

appscriptly does NOT request or access: the rest of your Drive (only files you create or open with appscriptly, via the per-file drive.file scope); the contents of your Gmail mailbox (no reading, searching, or modifying messages; sending and label management only); or any scope on Google restricted-scope list. appscriptly requests sensitive scopes only, so it requires no CASA security assessment.

Calendar, Tasks, Forms, Contacts, and Gmail (the data we handle for these services)

Calendar. What we access: the events on the calendars you ask about (title, time, location, description, attendees) and your calendar list, through the calendar scope. How we use it: only to perform the action you request (for example, list your upcoming events, create or reschedule an event, or check free and busy times). Storage: appscriptly does not copy or warehouse your events; they stay in your Google Calendar. Sharing: not shared, not sold. Retention: nothing event-related is retained by appscriptly after the request completes.

Tasks. What we access: your task lists and the tasks in them (title, notes, due date, completion status), through the tasks scope. How we use it: only to create, update, complete, delete, or list tasks as you direct. Storage: tasks stay in Google Tasks; appscriptly does not copy or warehouse them. Sharing: not shared, not sold. Retention: nothing task-related is retained by appscriptly after the request completes.

Forms and form responses. What we access: the forms you ask appscriptly to build or edit (questions, titles, descriptions) through the forms.body scope, and the responses people submit to your forms through the read-only forms.responses.readonly scope. How we use it: only to create and edit forms and to read and summarize their responses for you. The response scope is read-only, so appscriptly cannot alter or delete responses. Storage: forms and responses stay in your Google account; appscriptly does not copy or warehouse them. Sharing: not shared, not sold. Retention: nothing form-related or response-related is retained by appscriptly after the request completes.

Contacts. What we access: your contacts (names, email addresses, phone numbers, organization) through the contacts scope, and your auto-saved other contacts (read-only) through the contacts.other.readonly scope. How we use it: only to list, search, create, update, or delete contacts as you direct, and to read other contacts you ask to reference. Storage: contacts stay in Google Contacts; appscriptly does not copy or warehouse them. Sharing: not shared, not sold. Retention: nothing contact-related is retained by appscriptly after the request completes.

Gmail (send and labels only). What we access: appscriptly can send a message you compose through the gmail.send scope, and create, list, and delete Gmail labels through the gmail.labels scope. How we use it: only to send a message when you ask and to manage label names. appscriptly cannot read, search, or modify the messages in your mailbox; it does not request gmail.readonly, gmail.modify, or any full-mailbox scope. Storage: appscriptly does not copy or warehouse your email. Sharing: not shared, not sold. Retention: nothing mailbox-related is retained by appscriptly after the request completes.

How we use it

Solely to perform the specific automation you request. No advertising, profiling, machine learning or AI model training, or unrelated use. No human reads your data except for security, legal compliance, or with your explicit consent.

Storage and retention

Your content lives in YOUR Google account; we do not copy or warehouse it. That includes your Docs, Sheets, Slides, Drive files, calendar events, tasks, forms, form responses, contacts, and email. The only Google-derived data appscriptly stores is your encrypted OAuth token and your account id, on a private persistent volume, retained until you revoke access or after a period of inactivity.

Sharing

No sale; no sharing except strictly necessary sub-processors (hosting, error monitoring).

Revoking access

Run gdocs_reset_authorization, or go to Google Account, then Security, then Third-party apps, then appscriptly, then Remove access.

Security

Tokens encrypted at rest, HTTPS only, and the narrowest scopes that work (for example drive.file rather than broad Drive, gmail.send rather than full Gmail, and read-only forms.responses.readonly rather than a broader responses scope).

Contact

Questions about this policy or your data: [email protected].