GDPR Compliance & Data Protection Policy

This document applies exclusively to DAWENT Service Apps, including usage-based and subscription-based cloud applications and APIs. It does not cover DAWENT’s other product lines.

Effective Date: August 01, 2025

1. Introduction

Dawent ("we," "us," or "our") respects your privacy and is committed to protecting personal data in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This policy explains how Dawent’s Google Workspace apps access, process, and safeguard user data.

This policy applies to any individual ("you," "your," or "user") whose personal data is processed in the context of our operations within the European Economic Area (EEA), regardless of nationality.

For the purpose of this document, "Google Workspace Services" refers to the suite of productivity and collaboration tools provided by Google LLC ("Google"), as defined and updated by Google from time to time.

Dawent provides proprietary apps that extend or enhance Google Workspace. These apps supplement Google’s core services and do not replace or replicate their functionality. We provide tools that interoperate with Google Workspace under Google’s platform permissions and policies.

2. Roles & Responsibilities

You as a Data Controller

When using Dawent apps, you act as the Data Controller. This means:

• You determine which Google Workspace data is accessed and processed.

• You control the permissions granted to our apps via OAuth.

• You are responsible for complying with applicable data protection regulations for the data you manage.

Dawent as Data Processor and Data Controller

Data Processor:

• Dawent processes Google Workspace data strictly within your account and only as permitted by Google Workspace's API policies.

• Data access is limited to the OAuth scopes you explicitly authorize.

• No Google Workspace data is stored, transferred, or retained outside of your account.

Data Controller:

• Dawent acts as a controller for data explicitly provided by you, such as:

  • Support requests or inquiries containing personally identifiable information (PII).

  • Optional service-related transactional information (e.g., service evaluation or paid credits if applicable).

• We never store or process payment card details; all payments are handled exclusively by third-party processors.

Third-Party Services

• Dawent may use third-party services (sub-processors) to facilitate app functionality.

• Users must explicitly authorize data sharing before enabling third-party integrations.

• Each third-party service operates under its own GDPR-compliant policies.
  
  

3. Legal Basis for Data Processing

Contractual Necessity (Article 6(1)(b)):

• Processing Google Workspace data is necessary to provide the services you requested.

• Any service-related transactional information (e.g., service credits or evaluation records) is processed as part of contractual obligations.

Legitimate Interest (Article 6(1)(f)):

• Non-personally identifiable technical and diagnostic data is processed to maintain functionality, enhance security, and resolve errors.

Consent:

• You provide explicit consent before enabling third-party integrations that transmit your data outside Google Workspace.

Cookies & Tracking:

• Our website uses Google cookies to provide services and analyze traffic.

• You may accept or reject cookies and manage or disable them through your browser settings.

4. Data Collection & Processing

4.1 Data Not Stored by Dawent

• Google Workspace Service Data: Processed directly within Google Workspace; not stored on Dawent servers.

• Payment Data (if applicable): Processed by third-party payment providers; Dawent only accesses transaction confirmation details, not card information.

4.2 Data Stored by Dawent

• User-Provided Data (PII): Collected during support requests or service inquiries.

• Support & Communication Data: Emails, chat messages, and troubleshooting information. AI tools (GPT or Gemini) may assist with anonymized support interactions.

• System & Diagnostic Data: Non-personally identifiable performance metrics and error logs, retained for 30 days.
  
  

5. Data Storage & Security

• Data Location: Your data remains within Google Workspace and authorized third-party processors.

• Security Measures: Encryption, access controls, and authentication protocols are implemented.

• Error Logs: Retained for 30 days for debugging and error reporting.
  
  

6. User Rights Under GDPR

You have the right to:

• Access your data.

• Rectify inaccuracies.

• Erase data where legally permissible.

• Restrict Processing.

• Data Portability.

• Object to certain processing activities.

To exercise these rights, contact: support@dawent.com.

7. Data Retention & Deletion

• Error Logs: 30 days.

• User-Provided & Support Data: Retained for the duration of active service + 3 years.

• Uninstallation: Revokes app access to your Google Workspace data. Third-party integrations may require manual revocation.

• Deletion Requests: Processed within 30 days, unless legal obligations require extended retention.
  
  

8. Data Transfers Outside the EU

• Data is processed using Google’s global infrastructure, including data centers in the U.S., Europe, and Asia-Pacific.

• Standard Contractual Clauses (SCCs) are used for GDPR-compliant transfers.

• Third-party integrations transmit data only with explicit user authorization.
  
  

9. Data Breach Notification

In the event of a personal data breach:

• Relevant EU Data Protection Authorities (DPAs) will be notified within 72 hours.

• Affected users will be informed via email, in-app notice, or website announcement as required.
  
  

10. Third-Party Services & Sub-Processors

• Google Workspace Services – authentication, storage, infrastructure.

• Payment Processing: Stripe, PayPal, Razorpay.

We never store payment card details; access is limited to transaction confirmation for service management.

11. Contact Information

Data Protection Officer, Dawent
Email: support@dawent.com