Privacy Policy

Last updated: May 4, 2026

This Privacy Policy explains how Form to Slack (“we”, “us”, the “Service”) collects, uses, stores, and shares information when you use our website at googleformtoslack.libraryofapps.com and our Google Forms add-on (the “Add-on”).

The Service is operated by the team at libraryofapps.com. If you have any questions about this policy, contact support@libraryofapps.com.

1. What we collect

a. Account data

When you create an account on the dashboard we collect your email address, a hashed password, and (optionally) your name. We do not store your password in plaintext.

b. Add-on data

When you install or open the Google Forms Add-on, we collect:

  • Your Google account email address — accessed via the userinfo.email OAuth scope, which Google will ask you to consent to. We use this to identify your installation, attribute usage, and contact you about the Service.
  • The form’s ID, title, and the titles of its questions (“form metadata”). We use this to power the dashboard, template editor, and routing rules.
  • Which mode you chose (“Relay” via our backend, or “Direct” straight to Slack), and whether a webhook is configured.

We do not collect form responses through the registration ping. Form responses only reach our servers if you choose Relay Mode (see below).

c. Form submissions (Relay Mode only)

In Relay Mode, each form submission is forwarded from Google to our server, transformed into a Slack message, and delivered to your Slack workspace. We may temporarily process the submission contents in memory to perform routing, formatting, and digest batching.

Submission contents are only stored at restif you have explicitly enabled the “Store submissions” option in the dashboard. You can disable this at any time, and you can delete stored submissions from the dashboard. In Direct Mode, submission contents never reach our servers.

d. Billing data

If you subscribe to a paid plan, billing is handled by our payment provider (Creem). We store the customer ID, subscription ID, product ID, billing cycle, and renewal/cancellation timestamps. We do not store your card or bank details.

e. Operational data

We log standard request metadata (timestamps, status codes, IP addresses, user-agent strings) for security, abuse prevention, and debugging. We do not use third-party advertising trackers.

2. How we use your data

  • To operate the Service: deliver Slack notifications, enforce plan limits, and surface usage in the dashboard.
  • To contact you about the Service: account notices, plan-limit warnings, billing receipts, and security alerts.
  • To improve the Service and diagnose problems.
  • To occasionally send product updates. You can opt out of marketing email at any time; transactional email cannot be disabled while you have an account.

We do not sell your personal data, and we do not share submission contents with third parties except as needed to deliver them to the Slack channel you configured.

3. Google API Services User Data Policy

The Add-on’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only request the minimum scopes needed (Forms read, Apps Script triggers, external requests, and your email address).
  • We do not use Google user data for advertising.
  • We do not allow humans to read Google user data unless we have your consent, it is necessary for security, to comply with law, or for operations where the data has been aggregated and anonymised.
  • We do not transfer Google user data to third parties except as necessary to provide or improve the Service, or to comply with applicable law.

4. Where data is stored

Data is stored on managed cloud infrastructure (MongoDB Atlas, Vercel). Infrastructure regions may vary. By using the Service you acknowledge that your data may be transferred to and processed in countries other than the one you reside in.

5. Retention

  • Account records are kept while your account is active.
  • Add-on registration records are kept while the Add-on is installed and for up to 24 months after, for analytics and re-engagement.
  • Stored submissions are kept until you delete them or delete the connection.
  • Operational logs are kept for up to 90 days.

6. Your rights

Depending on where you live you may have rights to access, correct, export, or delete your personal data (including under GDPR, UK GDPR, and CCPA). You can exercise these rights directly from your dashboard:

  • Export your data — download a full JSON copy of your account, connections, and stored submissions via GET /api/user/export (available when logged in).
  • Delete your account — permanently erase your account and all associated data via DELETE /api/user/delete. This cannot be undone.

You can also email support@libraryofapps.com for any data request. EU/UK users may lodge a complaint with their local data protection authority.

You can uninstall the Add-on at any time at myaccount.google.com/permissions. Uninstalling revokes our Google OAuth access immediately.

7. Security

Passwords are hashed with a modern algorithm. Data in transit is encrypted with TLS. Webhooks are never logged in plaintext beyond what is necessary for debugging delivery failures. We restrict employee access to production data on a need-to-know basis.

8. Children

The Service is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children.

9. Changes to this policy

We may update this policy from time to time. Material changes will be announced on the dashboard or by email. The “Last updated” date at the top of this page reflects the most recent revision.

10. Contact

Questions, requests, or privacy concerns: support@libraryofapps.com.