Privacy Policy
Effective date: (set on publish)
Placeholder. This page is the structural shell. The actual policy content is being finalized by the operator and will be published before the public launch.
What we collect
When you sign in with Google, we receive your email address, name, and profile photo URL. We request the drive.file OAuth scope, which limits our access to only the files our app creates or opens for you — we cannot see any other file in your Google Drive.
How we use it
We use your Google identity to coordinate audit-project workflows (task assignment, status transitions, comments) and to upload evidence files into a folder structure inside your own Google Drive. The files themselves never leave your Drive — they are never copied to our servers.
How we store it
User profile data and project workflow state lives in our Supabase Postgres database with row-level security enforcing per-engagement isolation. OAuth refresh tokens are encrypted at rest using AES-256-GCM with a key managed separately from the database.
Data minimisation — “your data, your Drive”
Joujik Mutualwork is architected to keep per-engagement data inside the engagement’s Google Drive, not on our servers. What we hold server-side is limited to:
- Identity — your Google email, your encrypted OAuth refresh token (AES-256-GCM at rest), and the row in
usersmapping you to a home organisation. - Project pointers — for each engagement, the Google Drive folder ID, the framework chosen, the audit deadline, and which user-id owns the Drive (drive_owner). No content, just lookups.
- Membership — who can access which project, with which role. Used by RLS + the app to gate every read/write.
- Static framework catalogues — the ISO 27001, SOC 2, GDPR, and Israeli Privacy Law clause lists. Public reference data, no customer content.
What we do not hold (after the M2 metadata migration completes — currently in flight): customer-profile data, per-task comments, per-task notes, the audit log of actions performed in your project. All of these will live in a hidden.joujik/ folder inside the engagement’s Drive. You can browse those JSON files yourself any time. Today (pre-migration), some of this metadata still lives in our database; it will move out incrementally.
Sharing
We do not sell, rent, or share your OAuth tokens, file content, or identifying information with any third party. Aggregated, anonymized usage metrics may be reviewed internally for product improvement.
Your rights
You can revoke our access at any time from your Google Account permissions page. You can request a copy of your stored data or its deletion by emailing us at the address below.
Contact
For privacy questions, contact: (operator: add email).