Security Policy Statement

OVERVIEW

At GAT Labs Ltd. we operate to the highest security standards, procedures and ethics. As a company we respect your privacy and more importantly our tool respects the privacy of your data. Our tool only accesses your Google metadata (file names, timestamps, ACLs, owner’s name, etc.)

Our tool does not access any file contents. Those using the tool can not access other user’s data unless using the ‘Unlock‘ feature.

While we work in every market where Google Workspace is available, as a European company we work under the strictest privacy regulations in the world and we honour and respect your data privacy above all else.

How the tool works

The tool only ever accesses, analyses and stores your company’s metadata. This metadata is accessed directly from Google Workspace via HTTPS, the same encryption standard that you use to access Google Workspace.

The service is run on GCP (Google Cloud Platform) in North America. This facility completed multiple SAS70 Type II audits, and now publishes a Service Organization Controls (SOC 1, 2 and 3) report, published under both the SSAE 16 and the ISAE 3402 professional standards. In addition, GCP has achieved ISO 27001 certification and has been successfully validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS), HIPAA and more.

GAT Labs has recently been certified SOC2 Type II compliant. Read more information here.

See https://cloud.google.com/security/compliance

The Tool itself runs using a 2048-bit modulus RSA key,  SHA-256 used for hashing, AES (256-bit) used for encryption. This ensures the site you connect to is who it says it is (generalaudittool.com), thus eliminating man in the middle attacks. It also ensures that any data transferred is moved inside a HTTPS tunnel, from Google to the audit tool and from the audit tool to your browser.

GAT Labs Ltd. believes all of the above is best practice

Can we scan every document? – yes.
Can we scan every email? – yes.
Does the tool access document contents? – no.
Does the tool access email contents? – no.
Do we allow Admins to see document contents? – no, unless authorization is obtained (via Unlock).
Do we allow Admins to see email contents? – no, unless authorization is obtained (via Unlock).
Why don’t we allow unsupervised access to the contents? When Google sold you Google Workspace the management team bought it on the principle that the data was secure and that users, including Admin staff, could not see other user’s or manager’s data or emails.
We are not about to violate or undermine that understanding by introducing access to private data via an open back door.

We believe companies already have business procedures in place to properly conduct internal investigations. It is up to us to honour those procedures and to only allow access via proper workflow mechanisms (GAT Unlock).

Certification

We use UserTrust for our TLS/SSL Certificate.
We are ISAE 3402 certified.
We are developing our ISAF 3402 Certification

One more layer of assurance

While all of the above is a comfort to large organisations we offer one more level of assurance that their data will be protected. Large organisations can run their own instance of the audit tool on their own cloud server. Here they have full control over the runtime environment and complete control over who has access to the tool.

This site uses cookies –

Small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser.

—

By using YouTube Audit you are agreeing to the YouTube Terms of Service

Note, that our API Client uses YouTube API Services. For more information about Google Privacy Policy follow the link: http://www.google.com/policies/privacy

GAT Shield Personal Privacy policy

Note : This privacy policy applies exclusively applies to the Google Chrome Marketplace App GAT Shield Personal.

The Chrome extension GAT Shield Personal is a free marketplace extension which monitors and reports your on-line activity in Chrome. It is designed to help assist you in understanding your browsing habits and your Chrome environment. The data it generates is not inspected, gathered or used by GAT Labs Limited. GAT Labs Limited is an Irish registered company operating under Irish and European Union Data protection law (GDPR) which are the strictest in the world.