This privacy policy explains how GSM MailMerge (“GSM”) handles Google user data. GSM is a Google Apps Script application that runs entirely within the user’s Google environment – Google Sheets and Gmail.

HOW DATA IS USED

GSM accesses Google user data strictly to provide its mail merge functionality:

  • Reading and updating Gmail drafts labeled “GSM-Template”
  • Sending emails on behalf of the user
  • Reading from and writing to Google Sheets used for mail merge operations
  • When the optional “Process replies …” function is used: scanning the inbox for replies, delivery failures, or unsubscribe responses, limited strictly to the time since the last GSM usage and never earlier than the installation date

If such messages are found, GSM adds labels like “GSM-Failed” to help the user identify campaign responses.

GSM never deletes, moves, or alters Gmail messages.

DATA STORAGE AND RETENTION

GSM follows a strict data minimization approach.

Gmail messages, email bodies, attachments, and Google Sheets content are processed only during execution and are not stored beyond the runtime required to perform the requested action.

The only data stored persistently is minimal operational metadata:

  • GSM installation date
  • Total number of sent campaigns and emails (displayed in the “License” dialog)
  • Application settings defined in the main sending dialog

All stored data resides exclusively within the user’s own Google Workspace account.

Upon uninstallation of GSM, all stored GSM data is automatically deleted. No Google user data remains in the user’s account after removal of the application.

DATA DELETION

GSM does not delete Gmail messages or Google Sheets content.

The only exception is the optional email verification dialog, which may allow the user to remove duplicate email entries from their own spreadsheet. This action is always explicitly user-initiated and limited to the active Google Sheet.

DATA PROTECTION MECHANISMS

GSM implements security-by-design principles to protect the confidentiality and integrity of Google user data.

All data processed by GSM remains within Google’s secure infrastructure and is protected by Google Workspace security mechanisms, including encryption in transit and at rest, access controls, and account-based authorization.

GSM does not operate external servers, does not use third-party APIs or libraries, and does not transmit data outside of the user’s Google Workspace environment.

Security procedures are in place to ensure that Google user data is accessed only for the intended functionality and only for the duration required to perform the requested action.

COOKIES AND TRACKING

GSM does not use cookies.

THIRD-PARTY DISCLOSURE

GSM does not sell, trade, share, or transfer personal data to third parties.
 No Google user data is disclosed outside of the user’s Google Workspace account.

CHILDREN’S INFORMATION

GSM is not intended for use by children under the age of 13.

COMPLIANCE

GSM adheres to core data protection principles, including:

  • Data minimization – only data strictly required for functionality is accessed
  • Purpose limitation – data is used solely for mail merge operations
  • User control – users retain full ownership and control of their data

GSM is designed to be compliant with the General Data Protection Regulation (GDPR/DSGVO).