Product Technical FAQ's

Why does GAT+ require a domain-wide install for all OUs?
GAT+ requiresto be installed domain-wide. The main reason why GAT+ must cover every user is not just for billing, but also technical. To do a proper audit of all aspects of the Google Workspace environment, you must audit every user to see how they interact with other users. This is necessary for proper email auditing, proper collaboration measurement, and depending on the version of Google Workspace that you have, it is necessary for proper Drive audits, in particular where visitor events are recorded.
No, GAT+ only has access to metadata.
Yes, see our security policy statement:
Yes. GAT only requires metadata. We build our exposure profile based purely on the metadata. GAT never retrieves file contents for auditing. We believe the risk in extracting file contents from the secure ‘shredded’ environment of Google’s servers to any third-party software is too great for companies serious about security, so we don’t do it. Some of the most security-sensitive government customers in the US and the UK use GAT precisely because we don’t extract file contents.
No customer data is ever stored on local equipment or media. Google is responsible for this.
GAT is the very first Google Workspace security tool provider to offer ‘lock and key’ access to Google Workspace files and emails. Ever aware that end-user security is paramount, this feature set goes much further than any of our competitors, not only does it allow for full file management, but it is the only tool to give silent views of all files and emails (Admins and Security Officers won’t appear as ‘Viewers’ of the files or emails), while at the same time, it executes in a secure way that deeply protects end user’s rights. We carefully designed the solution to require both a lock and key for access. Managers, C level executives, and security officers can also relax knowing you cannot download GAT and have unrestricted access to sensitive financial files or snoop on HR emails. Google Workspace Admin staff using GAT can report that they have the most functional security tool in the marketplace, yet with the highest security standards available.
The Tool itself runs using a 2048-bit modulus RSA key, SHA256 is used for hashing, and AES (256-bit) is used for encryption. It is Verified by Comodo. This ensures the site you connect to is who it says it is (, thus eliminating man-in-the-middle attacks. It also ensures that any data transferred is moved inside an HTTPS tunnel, from Google to the audit tool and from the audit tool to your browser.
In the event of a customer data breach, we have a declared policy of customer notification. The response to any specific incident will depend on the nature of the incident and is not defined in specific terms.
For business continuity of our cloud services, we are dependent on GCP business continuity.
Our privacy policy is stated as complete non-disclosure of customer data and automatically implemented ‘right to be forgotten’ of customer data after 30 days since last use. This policy predates GDPR. There is no access to customer data by any staff other than development engineers. Customer data is never removed from GCP.
Yes, we are based in Ireland. We state so clearly on our website. Yes, our services are run 100% from GCP in North America. It is our view that data is transferred out of the EU and its protection is covered by Google under the EU/US data protection umbrella agreement. We as a data processor are covered directly by EU law.
We process and store metadata.

Customers’ metadata is stored in GCP (Google Cloud platform). 
Customers can choose between 3 Geographical Areas for their data to be stored, UK, US and EU (US by default)

1. GCP in America, Council Bluffs, Iowa
In Europe in the Frankfurt, Germany
3.In the UK, London, England

Data at rest is encrypted with the AES-256 algorithm.
Data in transit is encrypted with TLS.
Engineers responsible for the production environment and Support engineers can have access to their metadata.
This metadata is accessed directly from Google Workspace via HTTPS, the same encryption standard that you use to access Google Workspace.
You can request or send the SLA to we will get back to you as soon as possible. Downtime is reported on our Status Page if it happens.

6 months from the point of installation, max available from the API 180 days.
Drive event scan is related to all actions taken on files and folders (view/edits/download etc).
Drive events logs are kept indefinitely, once GAT+ is installed – as long as the tool is installed we keep Drive event logs.

Event data is only retained by Google for 180 days.
When you install the tool, it indexes back the last 28 days’ email. We do this to provide seed statistics for tables, etc., going forward it indexes all emails for all time until you remove the tool.
All the collected data will be deleted in 30 days.

It depends on the size of your domain, we calculate 30 minutes per 1 million records. You can check the scan status under 
GAT+ > Configuration > General > Tasks

At least once per day, and every time you access the tool in any given area a new scan will be scheduled to run in the background.
It has the same lifetime than the scan data, after 30 days of inactivity when the license As long as the tool is installed – Admin logs are kept, if the tool is removed after 30 days the data is removed automatically.

Meet the powerful GAT Suite

The most powerful toolset yet developed for Google Workspace.