The General Data Protection Regulation (GDPR) is aimed at giving citizens throughout the European Union (EU) control over their personal data. GDPR applies to you if you are a European Union citizen or, as a business, if your email subscribers are EU citizens, or you deal with any kind of personal data of EU citizens.
How Document Studio enables you to comply with EU's GDPR policies
As a customer, you operate as the data controller and we are considered a data processor. You have the responsibility for ensuring that the personal data of subjects you are collecting is being processed lawfully and, similar to controllers, processors, that processes personal data on behalf of a data controller, are expected to comply with the GDPR.
With GDPR, you must have explicit consent from your email subscribers that they would like to receive emails from you. It is recommended that you use double opt-in to align with GDPR compliance requirements. For EU individuals who are already on your marketing lists, you may need to contact them by email asking them to confirm their consent.
You should include a visible unsubscribe link in your marketing emails that your subscribers can click to instantly unsubscribe from all your future communications.
Data Storage and Processing
All your customer’s data is stored in your Google account, inside Google Sheets, Docs, Gmail, Google Drive or Google Forms and not on our servers. Document Studio reads the data directly from your data source and perform the necessary actions (like sending emails, generating documents, saving emails) without transferring any personal data.
The email messages are not stored on our servers. If you choose to attach Google Drive files in your emails, the content of the files are not stored on our servers. Your form submissions are not stored on our servers.
We store and process user data in Google Cloud database (us-east) and its servers are located in the United States (East) data center. We use Google's Stackdriver logging tool for error tracking and debugging errors. It includes stack traces, error messages and the logs do not include any PII data.
We use PayPal, Stripe, and Paddle to manage your payments. The payment processors only provide the customer's email address and, in case of PayPal, the shipping address for generating invoice. We do not have access to any banking or credit card information of our customers.
We do not transfer, sell, make copies, or share any of your data processed by Document Studio to third party services or companies. We only store data that is absolutely necessary for our add-ons to function.
You can use download and export all your program's configuration and logs in Google Sheets. This allows for easier migration to other services.
Data Erasure (Right to be forgotten)
Document Studio offers a deactivate/reset option that will permanently delete the user's data from the database. You can also contact us to submit a deletion requires and, in compliance towards GDPR, we'll permanently delete all your data.
If you uninstall a Google Addon, or revoke access to the addon from your Google Account, the add-on will not be able to access any of your data and will instantly stop functioning.
Our Google Addons use your own Gmail account to send emails. You can feed your customer profile data directly into our Google Add-ons - through Google Sheets and Google Forms - to send marketing emails, transaction emails and form notifications. Our tools only facilitate your compliance to GDPR, your sending practice is key to complying with GDPR.
If you have any questions, please send us an email at