Security Policy Statement
We at GAT Labs Ltd. operate to the highest security standards, procedures and ethics.
As a company we respect your data privacy and so does our tool.
Our tool only accesses your Google metadata (file names, timestamps, ACLs, owner’s name, etc.)
We don’t access any file contents.
Those using the tool also can’t access other users’ data, unless they’re using the ‘Unlock‘ feature.
As a European company working in every market where Google Workspace is available, we operate under the strictest privacy regulations in the world, honouring and respecting your data privacy above all else.
How the tool works:
Our tool only ever accesses, analyses and stores your company’s metadata.
This metadata is directly accessed from Google Workspace via HTTPS (the same encryption standard you use to access Google Workspace).
The service runs on GCP (Google Cloud Platform) in North America. This facility completed multiple SAS70 Type II audits, and now publishes a Service Organization Controls (SOC 1, 2 and 3) report, published under both, the SSAE 16 and the ISAE 3402 professional standards.
In addition, GCP has achieved ISO 27001 certification and has been successfully validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS), HIPAA and more.
The Tool itself runs using a 2048-bit modulus RSA key, SHA-1 used for hashing, AES (256-bit) used for encryption, and is Verified by Comodo.
This ensures that the website you connect to is in fact who it says it is (generalaudittool.com), thus eliminating man in the middle attacks.
It also ensures that any transferred data is moved inside a HTTPS tunnel, from Google to the audit tool, and from the audit tool to your browser.
GAT Labs Ltd. believes all of the above is best practice!
- Can we scan every document? — Yes.
- Can we scan every email? — Yes.
- Does the tool access document contents? — No.
- Does the tool access email contents? — No.
- Do we allow Admins to see document contents? — No, unless authorization is obtained (via Unlock).
- Do we allow Admins to see email contents? — No, unless authorization is obtained (via Unlock).
- Why don’t we allow unsupervised access to contents? When Google sold you Google Workspace, the management team bought it based on the principle that your data is secure and that users, including Admin staff, can’t see other users’ or managers’ data or emails.
We’re extra cautious about not violating or undermining that understanding by introducing access to private data via an open back door.
We believe companies already have business procedures in place to properly conduct internal investigations. It’s important to us to honour those procedures and only allow access via proper workflow mechanisms (GAT Unlock).
We use UserTrust for our TLS/SSL Certificate.
We are developing our ISAF 3402 Certification.
One more layer of assurance?
While all of the above gives large organisations great confidence in our tool, we also offer one more level of assurance that your data will be protected.
Large organisations can run their own instance of the audit tool on their own cloud server.
This gives you full control over the runtime environment and complete control over who has access to the tool.
Cookies are small text files that are placed on your machine to help the site provide a better user experience.
In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics.
As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and/or other sites.
The most effective way to do so is by disabling cookies in your browser. We suggest consulting the Help section of your browser.
By using YouTube Audit you agree to the ‘YouTube Terms of Service’.
Note: Our API Client uses YouTube API Services.
Our Chrome extension GAT Shield Personal is a free marketplace extension that monitors and reports on your online activity in Chrome.
It’s designed to help you understand your browsing habits and Chrome environment.
The data it generates is not inspected, gathered or used by GAT Labs Limited.
GAT Labs Limited is an Irish registered company operating under Irish and European Union Data protection law (GDPR), which are the strictest in the world.