Privacy Policy
2026-04-12-e15769e
The short version: ShareGuard is a pass-through proxy. We never read, copy, cache, or store the contents of your Google Workspace files. Your data stays in Google. We log metadata about actions (who did what, when) for auditing purposes only.
1. Who We Are
ShareGuard is operated by Synapsium Labs ("we," "us," "our"). ShareGuard provides secure, audited access to Google Workspace files for AI tools. Our service acts as an infrastructure-layer proxy between AI clients (such as Claude, built by Anthropic) and Google Workspace APIs.
For privacy questions, contact us at privacy@synapsiumlabs.io.
2. What Data We Collect
2.1 Account Information
When you sign up, we collect:
- Email address — from Google Workspace sign-in via Firebase Authentication
- Display name — from your Google account profile
- Organization domain — to associate you with your company's ShareGuard account
2.2 Google Workspace Access Credentials
When you connect your Google Workspace account, we receive an OAuth refresh token scoped to drive.file. This token is:
- Stored encrypted in Google Cloud Secret Manager (not in our database)
- Scoped to only files you explicitly share with ShareGuard via Google's file picker
- Used only to make API calls to Google on your behalf, in real-time, as a pass-through
- Never used to bulk-download, index, or scan your files
2.3 Audit Log Data
We log metadata about every action taken through ShareGuard:
- Who performed the action (user email)
- What action was taken (e.g., "read file," "create document")
- Which file was involved (file ID and name, not contents)
- When the action occurred
- Which AI client initiated the request
- The permission evaluation chain (why access was allowed or denied)
- IP address and session information
We never log file contents. Audit logs contain only metadata — file names, IDs, actions, and timestamps. The actual content of your documents, spreadsheets, and presentations is never stored, cached, or logged by ShareGuard.
2.4 Usage and Technical Data
- Browser type and version (User-Agent)
- IP address
- Pages visited within the ShareGuard dashboard
- API request timing and error rates (for performance monitoring)
2.5 Billing Information
Payment processing is handled entirely by Stripe. We never receive, process, or store credit card numbers or bank account details. We receive only:
- Subscription status (active, trial, canceled)
- Invoice amounts and payment dates
- The last four digits of your payment method (for display only)
3. What We Do NOT Collect or Store
| Data Type | Collected? | Explanation |
|---|---|---|
| File contents (documents, sheets, slides) | No | Pure pass-through proxy — content flows directly between the AI client and Google APIs |
| File thumbnails or previews | No | Generated by Google, served directly to the client |
| Google Drive file listings beyond shared files | No | drive.file scope limits access to explicitly shared files only |
| Google Workspace passwords | No | Authentication is via Google OAuth — we never see your password |
| Credit card numbers | No | Handled entirely by Stripe |
4. How We Use Your Data
- Account management — to identify you, associate you with your organization, and enforce permissions
- Audit logging — to provide your organization with a record of AI interactions with Google Workspace
- Security enforcement — to evaluate permission policies, detect anomalies, and enforce access controls
- SIEM delivery — if your organization configures it, we deliver audit events to your external security tools (Splunk, Datadog, or webhook endpoints you specify)
- Transactional email — to send you account-related notifications (invitations, security alerts, billing notices)
- Service improvement — to monitor performance, fix bugs, and improve reliability
5. How We Share Your Data
We do not sell your data. We share data only in these circumstances:
- With Google — API calls to Google Workspace on your behalf (this is the core function of the service)
- With your organization's admins — audit logs, usage statistics, and permission configurations are visible to your organization's ShareGuard administrators
- With your SIEM provider — if your organization configures audit log delivery, events are sent to the endpoint your admin specifies
- With Stripe — billing and subscription management
- With Postmark — transactional email delivery (email addresses and message content only)
- With law enforcement — only when required by valid legal process
6. Subprocessors
| Subprocessor | Purpose | Data Processed |
|---|---|---|
| Google Cloud Platform | Infrastructure (compute, database, secrets, monitoring) | All service data |
| Firebase / Identity Platform | Authentication | Email, display name, auth tokens |
| Stripe | Payment processing | Billing information |
| Postmark | Transactional email | Email addresses, notification content |
| Splunk / Customer SIEM | Audit log delivery (customer-configured) | Audit event metadata |
7. Data Retention
- Account data — retained while your account is active, deleted within 30 days of account closure
- OAuth tokens — stored in Secret Manager, deleted when you disconnect your Workspace or your account is closed
- Audit logs — retained for the duration of your subscription plus 90 days
- SIEM delivery records — transient, purged within 48 hours of successful delivery
- Email outbox — sent emails purged after 7 days
- File content — never retained (pass-through only)
8. Data Security
We implement the following security measures:
- All data encrypted in transit (TLS) and at rest (Google Cloud default encryption)
- OAuth tokens stored in Google Cloud Secret Manager, not in the database
- IAM-based database authentication (no shared passwords)
- Cloud Armor WAF with rate limiting and attack protection
- Per-user OAuth scoping — each user's token can only access their own files
- HMAC-SHA256 signatures on audit events for tamper detection
- Automated session expiration and cleanup
- RISC (Real-time Identity Security) integration with Google for account compromise detection
9. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access your personal data — available via the ShareGuard dashboard and audit log
- Delete your account and associated data — contact your organization admin or privacy@synapsiumlabs.io
- Export your audit logs — available as CSV export from the dashboard
- Revoke Google Workspace access — disconnect via the dashboard or directly in Google Account settings
- Object to processing — contact us and we will accommodate where legally required
10. Google API Services User Data Policy
ShareGuard's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- We only use Google Workspace data to provide and improve the ShareGuard service
- We do not use Google Workspace data for advertising
- We do not sell Google Workspace data to third parties
- We do not use Google Workspace data for purposes unrelated to ShareGuard's core functionality
- Human access to Google Workspace data is limited to debugging and support, and only when necessary
11. Children's Privacy
ShareGuard is a business tool. We do not knowingly collect data from children under 13 (or the applicable age in your jurisdiction). If you believe a child has provided us with personal information, please contact us.
12. International Data Transfers
ShareGuard infrastructure is hosted on Google Cloud Platform in the United States (us-central1). If you are located outside the United States, your data will be transferred to and processed in the United States. We rely on Google Cloud's compliance certifications and contractual protections for these transfers.
13. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of material changes by email or through the ShareGuard dashboard. Continued use of the service after changes constitutes acceptance. Previous versions are archived at:
14. Contact
For privacy questions, data requests, or concerns:
- Email: privacy@synapsiumlabs.io
- Synapsium Labs, Atlanta, GA, United States