Privacy Policy

1. What this add-on does

Brixeon Report Phishing is a Gmail add-on that allows authorized users to report suspicious or simulated phishing emails from Gmail to their organization’s Brixeon deployment or related Brixeon-managed reporting service.

Google’s verification guidance expects a privacy policy to be publicly visible and hosted on the same domain as the application home page, and expects the home page to describe the app’s functionality and link to the privacy policy.

2. Information we access

Depending on the add-on workflow and deployment configuration, the add-on may access limited Gmail message context necessary to:

• Display the add-on within Gmail for the currently opened message.
• Identify the message being reported.
• Read only the information required to create and submit the report action.
• Display success or error feedback to the user.

The add-on is intended to request only the permissions needed for its stated security-reporting purpose, consistent with Google’s guidance to request necessary scopes only.

3. How we use information

• To allow a user to report a suspicious or simulated phishing message.
• To send report data to an approved Brixeon HTTPS endpoint.
• To support phishing analysis, awareness workflows, reporting metrics, or incident triage within the organization.
• To maintain service reliability, troubleshoot issues, and improve the security-reporting workflow.

4. How information is shared

Information submitted through the add-on may be shared with the organization operating the Brixeon environment, its authorized administrators, and service providers that support the operation of the reporting service. We do not state here that information is sold, and this policy is intended for a controlled organizational security workflow.

Information may also be disclosed when required by applicable law, regulation, legal process, or to protect the rights, safety, security, or integrity of users, organizations, or services.

5. Data retention

Report-related information may be retained for as long as necessary to operate the service, support organizational reporting, meet contractual or legal obligations, resolve disputes, enforce agreements, or maintain security logs and audit records.

Retention periods can vary depending on the organization’s deployment, administrator settings, applicable policies, and legal requirements.

6. Security measures

• Use of HTTPS for network communication with approved endpoints.
• Limiting access to authorized personnel and organizational administrators where appropriate.
• Reasonable administrative, technical, and organizational measures intended to protect data against unauthorized access, misuse, or disclosure.

No method of transmission or storage is completely secure, but we aim to apply appropriate safeguards for the service and its intended use.

7. Google Workspace and API policy compliance

Developers using Google Workspace data are expected to follow Google API Services and Workspace data policies, including transparency around data use and appropriate scope requests.

8. Organization administrators

If this add-on is deployed by your employer, school, or organization, that organization may administer the service, manage user access, configure reporting behavior, and receive report-related information according to its own internal policies.

9. International use

Depending on hosting and organizational deployment choices, information may be processed in countries other than the user’s country of residence. By using the service where permitted, organizations and users acknowledge that processing may occur in relevant service locations.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we may revise the effective date above and publish the updated version on the same domain as the app home page.

11. Contact

For privacy, support, or security questions about Brixeon Report Phishing, contact info@brixeon.com.