Privacy Policy - Security Survey Assistant
This Privacy Policy is meant to help you understand what information we collect and why, how data is classified and how you can delete it.
About Security Survey Assistant
Security Survey Assistant is an add-on for Google Sheets designed to streamline the process of answering security questionnaires by leveraging a knowledge base. This add-on assists in:
Retrieving and analyzing data from security questionnaires in Google Sheets.
Automatically filling out security questionnaires with the appropriate information.
Uploading completed forms to enrich the knowledge base.
Creating and updating a Google Sheet to manage and update the knowledge base.
This add-on integrates with your Google account and accesses data stored within it. When installing the add-on from the Google Workspace Marketplace, you will be prompted to authorize various accesses to your Google account. These authorizations are solely used to perform the services requested by the add-on.
Our App's use of information received, and App's transfer of information to any other app received from Google APIs will adhere to Google API User Data Policy, including the Limited Use Requirements.
Data usage and storage
Security Survey Assistant stores and processes the following data to provide its services:
User Identification: Email address and username are used to identify you as a user of the add-on.
Survey Data: Content from security survey, including questions and answers, is processed to fill out the forms and update the knowledge base.
Knowledge Base: Data from uploaded forms and manually entered information is stored to improve the accuracy and efficiency of future questionnaire responses.
All data processing primarily occurs within Google Apps Script, ensuring that your data remains secure and within the Google ecosystem. Data that needs to be stored externally is kept within Google Apps Script Properties, ensuring that your data does not leave Google's servers.
Data classification
Confidential Data: Only accessible by the user. Includes all questionnaire responses and knowledge base entries.
Sensitive Data: Required for the add-on's functionality and not shared outside of this scope. Includes email addresses and profile information.
Shareable Data: May be shared with specific personnel for support and troubleshooting purposes.
Public Data: Includes information published on the Security Survey Assistant website.
Private Data: Maintained and backed up by the user.
Data Access
When you install Mergo on your Google account, you are asked to accept the following authorizations:
Why does Security Survey Assistant need those access scopes?
Google Sheets:
Reading and Writing Data: Some functions need to read from and write to Google Sheets.
Creating and Managing Sheets: a function create new spreadsheets and set them up with initial data.
Updating Data: a function updates the hash values and file IDs in the Google Sheets.
External service (openai):
Interacting with OpenAI API: Some Functions make HTTP requests to the OpenAI API to manage files and assistants.
Fetching Data from External Sources: Any function that requires interaction with services outside of Google Apps Script's ecosystem.
Third-party web content in prompts and sidebars:
Creating Custom Menus and Dialogs: Some Functions use this scope to interact with the user via custom menus and dialogs.
Displaying Alerts and Prompts: Functions that prompt users for input or display alerts.
AI Interactions
Security Survey Assistant utilizes ChatGPT-4o to provide intelligent and tailored responses to user survey questions. User survey questions are securely retrieved from a dedicated survey spreadsheet and then processed by the ChatGPT-4o system, which draws upon a custom knowledge base created by the user to generate responses that address the context and intent behind each question. This helps to collect valuable user insights while maintaining privacy and data security standards.
Specific Information about AI Models
Third-Party AI Models Utilized:
Security Survey Assistant utilizes the OpenAI GPT-4 model for processing questions and generating responses.
1) Data Shared with These Models
The data shared includes:
Questions retrieved from a spreadsheet.
Content from a "knowledge base" spreadsheet, which is used to enhance responses.
Data from user-uploaded spreadsheets used to update the knowledge base.
2) Purpose of Sharing Data with AI Models
The purpose of sharing this data with the AI models is to:
Generate accurate and relevant responses to user questions based on the knowledge base.
Analyze spreadsheets to extract relevant questions for further processing.
3) How Models Use This Data
The AI models use the data to:
Match questions to the most relevant information in the knowledge base and generate responses accordingly.
Analyze and extract questions from uploaded spreadsheets to update the knowledge base.
4) Impact on Users
The impact on users includes:
Receiving accurate and contextually relevant answers to their queries.
Enhanced functionality for managing and updating the knowledge base with new data.
5) User Control and Opt-Out Options
Users can control data sharing through:
Uploading and updating their own data in the knowledge base.
Opting out of data sharing by not uploading new spreadsheets or updating the knowledge base.
6) Ensuring Responsible and Ethical Use of Data
To ensure responsible and ethical use of data:
Data is processed securely within the app.
Access to the data is restricted and controlled to prevent unauthorized use.
Changes to this Privacy Policy
This Privacy Policy is subject to occasional revision, and we reserve the right to modify this Privacy Policy relating to Security Survey Assistant at any time, effective upon posting of an updated version of this Privacy Policy.