Southern Node Privacy Policy

Last Updated: March 2026

Southern Node ("we", "us", or "our") respects your privacy and is committed to protecting the data of your organization. This Privacy Policy explains how we collect, use, and handle data when you use our Google Workspace Security Scanner. This policy complies with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth).

1. Information We Collect and Access

To perform the security audit, our application requests read-only OAuth access to specific Google Workspace administrative APIs. Specifically, we request the following scopes:

  • openid
  • https://www.googleapis.com/auth/userinfo.email
  • https://www.googleapis.com/auth/userinfo.profile
  • https://www.googleapis.com/auth/admin.directory.user.readonly
  • https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly
  • https://www.googleapis.com/auth/admin.reports.audit.readonly
  • https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly

When you authorize our application, we also collect the email address provided during the Stripe checkout process to deliver your final report and tax invoice.

2. How We Use Your Information

The Google Workspace data accessed via the OAuth scopes is used strictly for a single, transient purpose: to analyze your environment's security posture and generate a point-in-time PDF security report. We do not use this data for marketing, profiling, or any other unauthorized purpose.

3. Data Retention and Zero-Standing Privileges

We operate on a strict "Zero-Standing Privileges" architecture.

  • No Storage: We do not store, log, or persist your Google Workspace directory data, user lists, or role configurations in any database.
  • Token Revocation: The OAuth access and refresh tokens granted to our application are programmatically and permanently revoked the exact moment your PDF report is generated and dispatched. Southern Node retains absolutely no ongoing access to your Google Workspace environment.

4. Third-Party Sharing

We do not sell or rent your data. Your email address and payment details are processed securely by our authorized payment gateway, Stripe, strictly for the purpose of payment processing and receipt generation.

5. Google API Services User Data Policy

Southern Node's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

6. Contact Us

If you have questions about this Privacy Policy or wish to request information regarding your data, please contact us at: hello@southernnode.com.au.