Whole Minds Reports Privacy Policy

Last Updated: October 4, 2025

This Privacy Policy explains how the Whole Minds Reports add-on (“Add-on”) handles information. We designed the Add-on so your settings and files stay securely within your Google account.

Information We Collect and Store

The Add-on stores only the settings and files you choose to save, using Google’s PropertiesService. These remain in your Google account; we (the developers) do not receive, view, or access your content.

Saved items may include:

  • User Information: Your name, credentials, supervisor’s name/credentials.
  • Custom Content: School list, custom report heading, custom introductory text.
  • Image URLs: Publicly accessible Google Drive links to images for your logo, signature, or other report graphics.

Temporary Cached Information

To enhance user experience and reduce redundant data entry, the Add-on may temporarily cache limited student-related details while you are working within a document.

Cached data may include:

  • Student’s First Name
  • Student’s Last Name
  • Date of Birth
  • School Name
  • Grade Level
  • Parent/Guardian Name
  • Teacher Name
  • Examination Date

We do not collect or cache any test scores, diagnoses, narrative text, or other report content.

How We Use Information

Your saved information is used only to generate and format reports inside Google Docs as you direct (for example, to populate headers, signature blocks, or insert your saved images).
We do not transmit or share your data outside Google Workspace services.
Processing occurs entirely within your Google account; nothing is sent to non-Google servers.

Use of Cached Information

Temporarily cached information is used exclusively for your convenience — to pre-populate form fields and maintain consistency within your active session.
This saves you from re-entering the same information repeatedly while preparing a report.
Cached data is not used for tracking, analytics, marketing, or any other purpose, and it is only accessible within your session.

To insert images, the Add-on uses Google’s UrlFetchApp service to retrieve image files from web URLs.
This includes both the Google Drive links you provide in the settings and pre-configured default images hosted at wholemindsinitiative.com.
This is the only time the Add-on connects to external services, and no document content or user data is transmitted externally.

Scopes, Access, and Google’s “Limited Use”

We request only the minimum OAuth scopes required for visible, user-facing features (listed in the Add-on popups/About page and on our website).
We do not sell data, serve ads, allow human reading of your content, or use data to train generalized AI or machine learning models.
We adhere fully to Google’s API “Limited Use” and Workspace user-data policies.

Data Storage and Retention

Permanent User Data

All saved settings and files remain in your Google account until you remove them.
You can delete at any time by:

  1. Deleting the “Whole Minds Reports Add-on Files” folder in Google Drive;
  2. Using the Add-on’s Delete Settings action (or manually clearing PropertiesService values); and
  3. Revoking access in your Google Account permissions, if desired.

Temporary Cached Data

Certain information (such as student and contextual details listed above) may be stored temporarily using Google Apps Script’s CacheService.
This cache is:

  • Stored securely within Google’s infrastructure;
  • Scoped to your Google user session and the specific document in use; and
  • Automatically deleted approximately six (6) hours after it is last written.

We, the developers, do not have access to this cached data.
It is never transmitted to our servers, and no copies are retained after expiration.

Data Sharing and Security

Information stored in Google’s PropertiesService or CacheService remains confined to your Google account and the Workspace environment.
It is not transmitted to, stored on, or accessed by our servers or any third-party systems.

All data is protected by Google’s standard Workspace encryption and authentication mechanisms.
You can revoke the Add-on’s access at any time in your Google Account settings.

Professional Responsibility

The Add-on is a productivity and formatting tool only.
It does not perform or substitute for professional judgment, clinical interpretation, or legal compliance review.

Users are solely responsible for:

  • Ensuring they are properly licensed, qualified, and authorized to generate and use any reports or materials created through the Add-on; and
  • Maintaining compliance with all applicable confidentiality, privacy, and professional regulations (including FERPA, HIPAA, and state laws).

We are not responsible for any misuse of the Add-on by individuals who are not licensed or otherwise qualified to create psychoeducational or clinical reports.

Security and Logging

We don’t log report content.
Any operational logs (if present) are limited to non-content metadata (e.g., timestamps or error codes) used solely for reliability and debugging.

Support communications: Never email live student or client data.
If you share materials for troubleshooting, please de-identify them first.

Regulatory Notes (FERPA, HIPAA, COPPA, GDPR, CPRA)

We do not receive or store student or client data; schools and professionals remain responsible for compliance with FERPA, HIPAA, COPPA, and other laws within their own environments.

HIPAA users: Compliance depends on your Google Workspace configuration and your Business Associate Agreement (BAA) with Google.
Apps Script and Workspace can be configured for HIPAA compliance under Google’s HIPAA program.
We are not your Business Associate and do not process PHI on our systems.

COPPA:
The Add-on is not directed toward children under 13, and we do not knowingly collect personal information from children.
If we learn that we have inadvertently collected such data, we will delete it immediately.

GDPR/CPRA:
Users may request clarification of how data is handled or request deletion guidance at any time.
We act as a “data processor” only to the extent that operations occur within your own Google Workspace account.

Third-Party Services

The Add-on operates solely within Google Docs, Google Drive, and Apps Script.
Your use of Google services is also governed by Google’s Privacy Policy.

Incident Notification

If we become aware of a security event in our systems that could affect the Add-on’s integrity or authorization, we will notify affected users promptly and provide next steps.

Changes

We may update this policy periodically and will post the new effective date at the top of this page.

Contact

Whole Minds Initiative
Operated in the United States
📧 wholemindsinitiative@gmail.com

See Our Terms of Service