SignatureSatori is designed as Google Workspace Marketplace application. We adhere to set of best practices of secure enterprise application development defined by Google.
We use OAuth 2.0 for Google Workspace authentication and authorization.
This means we do not have access to your passwords or other security credentials.
The list below contains all scopes we use for API access to customer data. We also specify for what exact purpose we need it and as you can see, we often use only a small part of the granted access level.
View customer related information
View details (e.g., contact email, organization title, etc) of the customer.
General information about your company like domain and address is used for initial setup.
View group subscriptions on your domain
View details (e.g., memberships and roles) of group subscriptions in your domain
We currently don't load any Group related data, but we plan to add functionality allowing signature assignment based on Group membership (currently we do it only based on OUs which we get from provisioning scope).
View groups on your domain
View details (e.g., name, members) and metadata (e.g., login details) of groups on your domain
Same as the previous scope.
View organizational units on your domain
View metadata (e.g., name and description) of organizational units
We import OU as Groups in SignatureSatori.
View and manage the provisioning of users on your domain
Provision and delete users on your domain, view and modify details (e.g., name, address, and phone number) and metadata (e.g., login details) of users on your domain
We use it just for read-only access to the list of your users, user details, and OU membership. However, we plan to offer a functionality to sync user information back to Google Workspace Directory (which requires modifying user details).
View user schemas on your domain
View details (e.g., custom field names and types) of user schemas on your domain
To load user contact information that is saved in custom schemas.
Manage your basic mail settings
View primary email address, view and manage primary Reply-To, display name and signature, view and manage vacation responder settings, view and manage filters, view and manage POP settings, view and manage IMAP settings, view forwarding settings, view mail delegates with access to your account, view "Send mail as" aliases
We use it to load existing Send as addresses which are used with the following scope to set signatures.
Manage your sensitive mail settings, including who can manage your mail
Start and stop forwarding all your mail to another address Create, update, and delete forwarding addresses, grant and revoke access to your account by mail delegates, create, update, and delete "Send mail as" aliases
This is required for signature set-up. We need to update Send as addresses (we either update all or selected when Send As mode is activated) to change signatures.
View your email address
View the email address associated with your account
User identification.
View your basic profile info
View your full name, profile picture and profile URL View any publicly available information on your Google+ profile (if you have one or create one in the future)
To load profile pictures for users.
Our application is built with the single purpose to allow customers centrally manage email signatures for their user base.
Architecture:
The application is completely hosted on Google Cloud Platform (Multiple Google Compute Engine instances for backend and frontend, Google Cloud SQL as a database and Google Cloud Storage to store and serve images. Access to the application via HTTPS (HTTP over SSL), so that data is encrypted during transport to and from the application. Database and Compute engine instances are available only from our company's VPN.
The application is provided by AppSatori s.r.o.
Based in Prague, Czech Republic (EU). Founded in 2011. Google Cloud Premier Partner.
Main scopes are Google Development, Consultations, and Training.