Privacy Policy

TwilioBox — Google Workspace Addon

Last updated: March 24, 2026

What This Policy Covers

This Privacy Policy applies exclusively to the TwilioBox Google Workspace addon published by Makeinfo ("we", "us", or "our"). It explains what Google account data the addon accesses, why it accesses it, and how that data is handled. This policy does not cover the Makeinfo website or other Makeinfo products, which have their own privacy notices.

Google OAuth Scopes and Data We Access

When you install TwilioBox from the Google Workspace Marketplace, you are asked to grant the following permissions (OAuth scopes). Below we explain exactly what each scope allows and why we need it.

1. Your email address (userinfo.email)

What it accesses: Your Google account email address.
Why we need it: We use your email address solely to identify your session and associate usage with your account (e.g., to enforce free-tier limits and license validation). We do not use it for marketing, and we do not share it with third parties.

2. Google Sheets data (spreadsheets)

What it accesses: The content of the active Google Spreadsheet — specifically the cells containing phone numbers and messages you wish to send via SMS.
Why we need it: To read the phone numbers and message content from your spreadsheet and to write delivery status results (Sent / Failed / Pending) back into the designated status column.
Important: We only process cells you explicitly select or configure for SMS sending. We do not read, store, or transmit any other spreadsheet content. Phone numbers and messages are sent to Twilio's API in real time and are not retained on our servers after the message is dispatched.

3. Addon UI rendering (script.container.ui)

What it accesses: The ability to display a sidebar or dialog inside Google Sheets.
Why we need it: To show the TwilioBox control panel within the Google Sheets interface, where you configure your Twilio credentials, select recipients, and manage SMS sending. This scope does not expose any of your data to us — it only controls how the UI is rendered in your browser.

4. External network requests (script.external_request)

What it accesses: The ability to make outbound HTTPS calls from Google Apps Script to external services.
Why we need it: To send SMS messages through the Twilio API on your behalf using the API credentials you provide. Only the phone number and message content are transmitted — no other personally identifiable information is included in these requests. All calls are made over HTTPS.

Twilio API Credentials

TwilioBox requires you to provide your own Twilio Account SID and Auth Token. These credentials are:

  • Stored securely within your Google Apps Script PropertiesService (user-scoped storage).
  • Never transmitted to Makeinfo servers. Your Twilio credentials are sent directly from Google Apps Script to Twilio's API.
  • Only accessible within your Google account session.

How We Use Your Information

  • To send SMS messages to the phone numbers you specify, using the Twilio API.
  • To write delivery status results back to your Google Sheet.
  • To identify your account for license validation and free-tier usage tracking.

We never sell, rent, or share your data with third parties for marketing or advertising purposes.

Data We Do NOT Store

  • We do not store the contents of your spreadsheet.
  • We do not retain phone numbers or message content after SMS messages are sent.
  • We do not store your Twilio API credentials on our servers.
  • We do not build profiles from the phone numbers or contacts you message.

Third-Party Services

The addon relies on the following third-party services:

  • Google APIs — Sheets API and Apps Script runtime, governed by Google's Privacy Policy.
  • Twilio API — SMS messaging service. Messages are sent using your own Twilio account and are governed by Twilio's Privacy Policy. You are responsible for your Twilio account's compliance with applicable regulations (TCPA, 10DLC, etc.).
  • Paddle — Payment processing for license purchases, governed by Paddle's Privacy Policy.

Data Security

  • All communication between the addon and external services uses HTTPS/TLS encryption.
  • Twilio API credentials are stored in Google's user-scoped PropertiesService, isolated to your account.
  • We do not maintain persistent storage of phone numbers or messages.
  • Access to backend services is restricted to authenticated, authorized personnel only.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Correction — ask us to correct inaccurate data.
  • Deletion — request that we delete your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to certain types of processing.
  • Withdrawal of consent — uninstall the addon at any time to revoke all granted permissions.

You can revoke the addon's access at any time via your Google Account permissions page.

Children's Privacy

TwilioBox is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently received such information, we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Continued use of the addon after changes are posted constitutes your acceptance of the revised policy.

Contact Us

If you have questions or requests regarding this Privacy Policy, please contact us:

Email: [email protected]

Product: TwilioBox — Google Workspace Addon