Privacy Policy for WorkflowOS Chrome Extension
Last updated: September 24, 2025
This Chrome Extension (“WorkflowOS”) is developed to help users integrate Gmail and Drive with WorkflowOS. We value your privacy and want you to understand how we handle your data.
- Google account data: Your email address and profile information, obtained only with your consent via Google OAuth.
- Gmail access: Read, send, and manage emails if you grant access through Gmail API scopes.
- Google Drive access: Read and manage files if you grant access through Drive API scopes.
- Local storage: We store authentication tokens and user preferences using Chrome’s
storage API.
How We Use Your Data
- Authenticate you via Google OAuth (
chrome.identity).
- Fetch your Gmail/Drive data to show insights in the extension.
- Improve your workflow experience in WorkflowOS.
Authentication Method
WorkflowOS uses Google OAuth 2.0 to authenticate your account.
- Due to Google’s restrictions, Chrome Extensions cannot directly receive long-lived refresh tokens.
- Therefore, WorkflowOS securely performs authentication via a backend web application flow.
- The backend exchanges the authorization code for an access token and refresh token.
- Tokens are only used to access your Gmail and Drive data on your behalf and are never shared with third parties.
- Access tokens may be refreshed automatically, but refresh tokens are securely stored and used only for the purpose of maintaining your authenticated session.
All communication between the Chrome Extension, our backend, and Google’s servers is encrypted using HTTPS.
What We Do NOT Do
- We do not sell, share, or transfer your data to third parties.
- We do not use your data for advertising, credit scoring, or unrelated purposes.
Data Retention
- Tokens are stored locally on your device.
- You may clear extension storage or remove the extension at any time to delete all data.
If you have any questions, contact us at support@workflowos.com.