OS Automation HQ ("we", "the service") provides scheduled email and spreadsheet automation services for small business clients. This policy describes what data the service accesses, why it accesses it, where it is stored, and how long it is retained.
When a client authorizes the service through Google OAuth, the service requests these scopes and uses them only as described:
gmail.readonly - read message metadata (sender, subject, date) and message IDs, scoped by sent-mail and label queries, to determine whether a follow-up email is needed and to detect payment notification messages.gmail.compose - create draft emails in the client's own Gmail Drafts folder. The service never sends mail.gmail.settings.basic - read the client's configured Gmail signature so generated drafts include it.gmail.modify - apply labels (such as "Team") to incoming messages whose sender matches a client-configured rule, and optionally archive the labeled message from the client's main inbox. The service never permanently deletes mail.spreadsheets - read the specific Google Sheet the client has identified as their client list, by spreadsheet ID, and append payment-log rows to a separate Google Sheet that the client has shared with the service for that purpose. The service does not access any other spreadsheet.The service does not request access to Google Drive at large, contacts, calendar, or any other Google product.
Email body content is read into function memory only during execution and is never written to any persistent store. No email body, no email subject contents, and no contact data are saved to logs, databases, files, repositories, or third-party systems on the OS Automation HQ side.
Audit logs in Google Cloud Logging contain metadata only: function name, run timestamp, success or failure status, counts of drafts created or messages processed, and Gmail message IDs for items needing client attention. No human-readable email content is logged.
OAuth tokens are stored in Google Secret Manager within the OS Automation HQ Google Cloud project, scoped per client, and accessed only by the per-client service account that runs that client's cloud functions.
The service does not sell, rent, or share client data with third parties. The only third party that processes client data is Google (the same provider hosting the client's Gmail and Sheets), via the Cloud Functions, Secret Manager, and Cloud Logging services within the OS Automation HQ Google Cloud project.
A client may revoke OS Automation HQ's access at any time by visiting https://myaccount.google.com/permissions and removing the OS Automation HQ application from their list of authorized apps. Revocation takes effect immediately.
Questions about this policy or about data the service has accessed for you can be directed to:
Updates will be posted at this URL with a revised "Last updated" date. Material changes that broaden the scope of data accessed will be communicated to active clients by email before taking effect.