Consider changing the wording in the Privacy Policy

[NoSubstitute]

Hi!

Currently the Privacy Policy says

"We collect your Google username and password to use the app"

Now, since you're using oauth that's not really true, is it? There should probably instead be some references to access tokens, and that that is what the user can revoke, further down in your instructions.

Since the implementation of EU's new data privacy law, GDPR, people are quite paranoid of losing their credentials. As well as you should want to be clear whether you personally ever have access to users credentials. If you can't ever initiate a Copy Folder, only the user can, then the user can sleep more calm.

[ericyd]

I think the language is fine as-is. It says we do not permanently store any information, and the next paragraph makes it clear that the UN/PW is used for Google auth. I don't even store an access token (its all handled through Google's native auth since its a google apps script app). I agree it could be worded a bit more clearly but nothing is immediately coming to mind so I'm going to leave

[NoSubstitute]

Thanks for the clarification. Even if you don't change the text in the policy, I can now use this response as a positive argument for using the script, as it explains the things that I felt was missing from the policy.