Privacy Policy | ChromeFlow

1. Introduction

At ChromeFlow (including our tools ChromeFlow, VouchFlow, ChromeNexus, and ClassFlow), we value the privacy and security of your organizational data. This policy outlines how we handle data across our suite of automation and security tools. We are committed to transparency regarding our use of Google Workspace data.

2. Google User Data Disclosure

Our use and transfer of information received from Google APIs to any other app will adhere to the Google API Service User Data Policy, including the Limited Use requirements. We do not share, sell, or trade your Google user data with third-party AI models, advertising networks, or data brokers.

3. Data We Process & How We Use It

Depending on the service(s) you use, we access the following data:

Device & Directory Metadata (ChromeFlow/ChromeNexus): Serial numbers, Device IDs, and Organizational Unit (OU) paths to automate device management.
Audit & Permission Metadata (VouchFlow): File names, IDs, owner emails, and permission sets to identify security risks. We never read or store the actual content of your files.
User Activity: Authenticated email addresses associated with device login events to route devices or alert managers.

4. Data Storage & Retention

ChromeFlow: Operates as a real-time bridge. We do not store sensitive directory data permanently; we only maintain transient logs of movement actions for your audit history.

VouchFlow: Stores identified risk metadata in a secure, tenant-isolated database to provide historical audit trails.

Control: You may purge your data at any time via the administrative dashboard, which immediately deletes all records associated with your domain.

5. Security

All data transmitted is protected by industry-standard TLS encryption. We utilize scoped API permissions and support Google’s Cross-Account Protection (RISC) to ensure maximum security.

6. Contact Us

Questions? Contact us at privacy@chromeflow.app.