AttachDock Privacy Policy

1. Contact Information

AttachDock is operated by Wolf Real Estate Group Inc. dba AttachDock. If you have questions, requests, or concerns about this Privacy Policy, contact us using the details below.

• AttachDock
• PO Box 77818
• Corona, CA 92877-0127
• Email: support@attachdock.com

2. Summary

AttachDock helps users review Gmail attachments and save copies of selected attachments to Google Drive.

To provide the Service, AttachDock may access Gmail attachment information, Gmail message metadata, Google Drive folder information, Google account information, and related data authorized by you through Google OAuth.

We use this information to provide user-facing AttachDock features. We do not sell Google user data. We do not use Google user data for advertising. We do not use Google user data to determine credit-worthiness or for lending purposes.

Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Our use of information received from Google APIs will also adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

3. Information We Collect

The information we collect depends on how you use AttachDock. Some information is stored locally in your browser or Chrome extension storage. Some information is processed by AttachDock's hosted services for account, licensing, billing, contact, security, or support purposes.

4. Information You Provide Directly

• Name, email address, company name, and team size.
• Billing contact information.
• Contact form submissions, spam/abuse review signals, and support messages.
• Plan, seat, and account-management information.
• Screenshots, logs, or diagnostic information you choose to send for support.
• Any other information you voluntarily provide.

5. Google Account and OAuth Information

When you connect AttachDock to your Google account, we may receive or process your Google account email address, Google account identifier, OAuth authorization status, connected account context, and information about which Google account is associated with plan, seat, billing, or extension access.

Google OAuth sessions, including access tokens and refresh tokens where Google provides them, are stored in Chrome extension storage on your device. Access tokens may be transmitted to AttachDock's licensing service to verify identity, account status, mailbox links, seats, and entitlements.

6. Gmail Data

Depending on the features you use and permissions you authorize, AttachDock may access or process Gmail thread identifiers, message identifiers, sender, recipient, date, subject, snippet information, attachment names, attachment MIME types, attachment sizes, attachment identifiers, inline vs. non-inline indicators, and information needed to open or highlight source messages in Gmail.

Attachment content is processed when needed to preview, download, save to Drive, ZIP, attach files into a Gmail draft, or create Drive-link handoffs at your request. The ordinary attachment workflow is designed so attachment bytes are fetched and transmitted as needed to your browser, Google Drive, or Gmail compose surfaces, not stored on AttachDock servers.

7. Google Drive Data

Depending on the features you use and permissions you authorize, AttachDock may access or process Drive folder identifiers, folder names, folder paths or breadcrumb-style display information, Drive location metadata, Shared Drive information where your account has access, shared-with-me folder metadata, folder search results, folder color or shortcut metadata where available, files created by AttachDock when you save Gmail attachments to Drive, and information needed to create folders, choose folders, upload attachment copies, or apply Drive link sharing choices you select.

AttachDock currently requests Drive authorization broad enough to support its custom Drive folder picker, Shared Drive workflows, folder creation, file upload, and Drive-link sharing features. If this scope changes in the future, we will update this Policy and related disclosures.

Saved destination settings may be synced through AttachDock servers so your preferred Drive destinations can follow the same signed-in account across browsers or computers. These synced settings may include Drive folder identifiers, folder names, selected-destination state, and related folder metadata. Sensitive saved-destination payloads are encrypted before storage in our Cloudflare database, with keyed indexes used only for service operation and future destination-management features.

8. Extension, Device, and Local Settings Information

AttachDock may process browser type and version, extension or app version, operating system or platform, a random browser/profile or app install token, first-seen and last-seen extension or app timestamps, best-effort uninstall status, optional uninstall feedback, error messages, diagnostic logs, local extension settings, tray preferences, filter preferences, view preferences, archive/export preferences, saved destination information where supported, connected account context, cached plan or entitlement state, save history, duplicate-detection information where supported, and account mismatch or authorization state.

AttachDock may associate a signed-in account with the browser family used to access the extension, such as Chrome, Safari, Edge, Firefox, Opera, Atlas, or another compatible browser, and with the random install token for that browser/profile or Mac app install, so account access, support, compatibility, product planning, install counts, optional uninstall feedback, uninstall tracking where the browser supports it, and cross-browser subscription offers can work across authorized AttachDock apps. This browser/profile or app-install record does not include Gmail messages, attachment contents, attachment names, Drive file contents, browsing history, or raw email addresses in uninstall URLs.

Some user settings that were previously local-only may also be stored server-side for account sync, recovery, support, security, and product operation. Server-synced extension settings may include saved Drive destinations, tray preferences, file-type filter preferences, and archive/export preferences. AttachDock stores the encrypted settings payload server-side and keeps a local browser copy as a fallback cache.

Debug logs are stored locally only when debug mode or support tooling is enabled. If you choose to submit a support/debug report, the report may include extension version, browser user agent, platform, mailbox context, account connection status, license state, saved destination metadata, tray preferences, recent debug events, error messages, attachment counts, selected-thread counts, and your note. Debug reports should not contain attachment file contents unless you choose to send separate files or screenshots.

9. Billing and Subscription Information

If you purchase a paid plan, Stripe or another payment provider may collect and process payment and transaction information, including name, email address, billing address, payment method details, subscription status, transaction history, taxes, refunds, disputes, chargebacks, or invoice information.

We generally do not receive or store full credit card numbers. Payment providers process payment information under their own terms and privacy policies.

10. Website and Contact Information

When you visit our website, Cloudflare and other infrastructure providers may process IP address, browser and device information, pages requested, referring URL, approximate location derived from IP address, cookies or local storage needed to operate the site, contact form submissions, Cloudflare Turnstile verification data, spam/abuse review signals, security logs, and server logs. We store public contact-form attempts, including filtered spam attempts, so support staff can review delivery issues and abuse patterns; the contact-submission database stores a one-way IP hash rather than the raw IP address.

The public website loads Google Analytics 4 in consent mode with analytics storage denied by default. If you allow optional analytics cookies, we use Google Analytics 4 to understand site traffic, page views, device/browser context, referral sources, and which public website pages and calls to action are working. We do not use Google Analytics to inspect Gmail messages, Gmail attachments, Google Drive files, or Google OAuth data handled by the extension.

The current site does not enable Google Ads conversion tags or advertising cookies. If we add Google Ads or other advertising measurement later, we will update this Policy and the consent controls before enabling those tags in production.

11. How We Use Information

• Provide, operate, and maintain AttachDock.
• Authenticate users and connect authorized Google accounts.
• Display Gmail attachment information.
• Preview, download, ZIP, and save attachments at your request.
• Save copies of selected Gmail attachments to Google Drive.
• Attach selected files into Gmail compose or reply drafts where supported.
• Apply Drive link sharing choices you select for compose handoff workflows.
• Remember permitted settings and preferences.
• Provide billing, subscription, account, and seat management.
• Process purchases, renewals, cancellations, refunds, and invoices.
• Provide customer support.
• Investigate bugs, errors, abuse, and security issues.
• Improve product reliability, performance, user experience, and public website messaging.
• Comply with legal obligations and enforce our Terms.
• Communicate with you about service, security, billing, support, and product updates.

12. Google API Limited Use Disclosure

AttachDock's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. AttachDock's use and transfer of information received from Google APIs will also adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

• We use Google user data only to provide or improve user-facing features that are prominent in the Service.
• We do not sell Google user data.
• We do not use Google user data for advertising, retargeting, personalized advertising, or interest-based advertising.
• We do not transfer Google user data to data brokers, advertising platforms, or information resellers.
• We do not use Google user data to determine credit-worthiness or for lending purposes.
• We do not allow humans to read Google user data unless you give affirmative permission for support, it is necessary for security or abuse investigation, it is necessary to comply with law, or the data is aggregated and used for internal operations in accordance with applicable law.

13. How We Share Information

We may share information with service providers and third parties only as needed to provide, secure, support, bill, and improve the Service.

• Google, for Gmail, Drive, OAuth, Chrome, and related APIs.
• Stripe, for payment processing, subscription management, billing, invoices, taxes, refunds, disputes, and fraud prevention.
• Cloudflare, for hosting, security, Turnstile abuse checks, access controls, serverless functions, logs, and related infrastructure.
• Cloudflare and any analytics or tag-management providers we enable for public website traffic and conversion measurement.
• Email, support, logging, or infrastructure providers used to operate the Service.
• Professional advisors, such as attorneys, accountants, auditors, or security reviewers.
• Legal or governmental authorities when required or appropriate.
• Successors in a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction, subject to applicable law and Google API policy requirements.

We do not sell Google user data. We do not share Google user data with advertising platforms, data brokers, information resellers, or third parties for advertising or credit-worthiness purposes.

14. Local Extension Storage

AttachDock may store information locally in your browser or Chrome extension storage, including extension settings, tray preferences, file type filter preferences, view preferences, archive/export preferences, saved destination information where supported, connected account context, Google OAuth session information, cached plan or entitlement state, save history, duplicate-detection information where supported, and debug logs when debug mode is enabled.

Local extension data may be deleted by uninstalling the extension, clearing browser data, or using browser and extension controls. Some account, billing, server, or support records may remain in our systems or third-party systems as described in this Policy.

When server sync is available, deleting only local browser data may not remove synced account settings from AttachDock servers. You may contact us to request deletion of server-side account settings, subject to legal, security, billing, and operational retention requirements.

15. Cookies and Similar Technologies

Our website and service providers may use cookies, local storage, logs, and similar technologies to operate the website, maintain security, remember preferences, process checkout, detect abuse, understand site performance, and improve the Service. Stripe and other providers may use cookies or similar technologies as part of payment, checkout, fraud prevention, and billing services.

We use local storage to remember your website analytics choice. Google Analytics runs in consent mode with analytics storage denied unless you allow analytics in the cookie notice. Optional Google Analytics cookies are used only after you allow analytics. You can decline optional analytics and still use the website. You can also clear your browser data to reset your choice.

Analytics information helps us understand public site usage, such as page views, referral sources, and which plan or contact actions visitors choose. It is not used to read Gmail, Drive, or extension content.

16. Data Retention

We keep information for as long as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support legitimate business operations.

• Google user data is processed as needed to provide requested user-facing features. The ordinary workflow is designed so Gmail message bodies and attachment contents are not stored on AttachDock servers.
• Local extension settings are retained in your browser or extension storage until deleted, reset, or uninstalled.
• Server-synced settings, including encrypted saved-destination, tray preference, filter preference, and archive/export preference settings where enabled, are retained while needed to provide account sync, support, security, and product operation, unless deleted earlier where available or required.
• Account and billing records are retained while your account is active and as needed for tax, accounting, legal, billing, and dispute purposes.
• Support records and debug reports are retained as needed to provide support and maintain business records.
• Security and server logs are retained for a limited period unless needed for security, fraud prevention, troubleshooting, legal, or compliance purposes.

17. Security

We use reasonable technical, administrative, and organizational safeguards designed to protect information against unauthorized access, loss, misuse, alteration, or disclosure. However, no method of transmission, browser extension storage, cloud storage, or electronic processing is completely secure. You are responsible for securing your Google account, device, browser, passwords, and access to Gmail and Drive.

18. Your Choices and Controls

• Uninstall the AttachDock extension.
• Revoke AttachDock's Google OAuth access from your Google account settings.
• Delete or reset local extension data through Chrome or browser controls.
• Contact us to request deletion of server-synced account settings where available.
• Change extension settings.
• Change or cancel your subscription through billing tools where available.
• Contact us to request account deletion or support.
• Contact Stripe regarding payment information handled by Stripe.

Revoking Google access or deleting local extension data may prevent AttachDock from functioning.

19. Privacy Rights

Depending on your location and applicable law, you may have rights to know what personal information we collect, access personal information, correct inaccurate personal information, delete personal information, opt out of certain sales or sharing, limit certain uses of sensitive personal information, object to or restrict certain processing, receive a copy of certain information in portable format, appeal a denied request where applicable, and not be discriminated against for exercising privacy rights.

To submit a request, contact support@attachdock.com. We may need to verify your identity before fulfilling a request. We may decline requests where permitted by law, including where we cannot verify your identity, retaining information is required or permitted, or the request conflicts with security, legal, or operational obligations.

20. California Privacy Notice

This section applies to California residents and describes our practices for purposes of California privacy law to the extent applicable.

We do not sell personal information. We do not sell or share Google user data. We do not use Google user data for cross-context behavioral advertising. The current site does not use advertising cookies or Google Ads tags. We use sensitive personal information only as needed to provide the Service, maintain security, process billing, comply with law, and perform other permitted purposes.

21. Children, International Users, and Third-Party Services

AttachDock is not directed to children under 13, and we do not knowingly collect personal information from children under 13. AttachDock is operated from the United States. If you access the Service from outside the United States, your information may be processed in the United States or other locations where our service providers operate.

The Service may link to or integrate with third-party services, including Google, Stripe, Cloudflare, and Chrome. Their privacy practices are governed by their own privacy policies. We are not responsible for third-party privacy practices.

22. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted with a revised Last Updated date. If we make material changes, we may provide additional notice through the website, extension, email, or account notice where appropriate.