Privacy Policy

Last updated: 2025-09-13

IMPORTANT: This application is an internal tooling utility intended for authorized Home Depot personnel. If you are not an authorized user, disconnect immediately. This policy documents how limited personal and operational data are handled strictly for internal business purposes.

1. Purpose of the Application

The Facility Upload Generator ("Application") streamlines generation of facility setup artifacts (XML, SQL, validation data) using vendor inputs and reference tables in Google BigQuery. It is not a consumer-facing product and does not monetize or share data externally.

2. Data We Collect

2.1 Authentication Data

When you sign in via Google (Firebase Authentication with Google Identity), we receive:

Corporate email address
Display name (if provided by Google)
Firebase Authentication UID
Custom claim: mapped LDAP identifier (if available)

No passwords are stored by this Application; authentication is delegated to Google Identity and Firebase.

2.2 Operational Input Data

The Excel file you upload or process may contain vendor identifiers (e.g., PVendor, MVendor numbers), address details, and scheduling/contact data. These are used transiently in the browser session to produce outputs. The Application does not intentionally persist the uploaded file or parsed data on a backend database.

2.3 Reference Data Queries

BigQuery tables (e.g., vendor master, facility, postal geodata) are queried read-only to validate and derive structured outputs. Query parameters may include vendor numbers, state codes, facility identifiers, and postal codes.

2.4 Automatically Logged Data

Backend Cloud Functions log:

Timestamps and function invocation metadata
User email (for authorization checks)
Error messages and warning diagnostics
Session validation outcomes (e.g., expired, missing claims)

Logs are retained under standard project logging retention and are accessible only to authorized administrators.

3. How Data Is Used

Authorization: Restrict access to approved corporate email domains and whitelisted accounts.
Session Security: Enforce timed session expiration and version-based invalidation via custom claims.
Validation: Cross-check vendor codes and facility sequencing for accuracy.
Generation: Produce XML and SQL scripts for internal system provisioning.
Diagnostics: Improve reliability via aggregated error/warning analysis.

No data is sold, rented, or shared with third parties outside corporate infrastructure.

4. Cookies & Local Storage

The Application relies on Firebase Authentication which may use secure cookies or internal storage mechanisms for session handling. The Application itself does not set additional tracking cookies, analytics beacons, or marketing tags.

5. Data Retention

Uploaded File Content: Processed in-memory within the browser; not persisted server-side.
Generated Outputs: Displayed to the user; persistence (e.g., copying to internal systems) is user-driven.
Authentication & Access Logs: Retained per platform defaults (e.g., Cloud Logging retention) for audit and security review.

6. Data Sharing & Disclosure

Data is only accessible within the corporate network / authorized Google Cloud IAM principals. No external processors are engaged beyond standard Google Cloud platform services.

7. Security Measures

Email domain + explicit allowlist enforcement
Custom session claims with max age & version invalidation
Read-only BigQuery access pattern
Centralized logging for anomaly detection
No long-term storage of uploaded file contents

8. User Choices & Responsibilities

Do not upload non-required personal data.
Log out or close browser when finished.
Report suspected unauthorized access or data inconsistency.

9. Third-Party Services

The Application uses:

Firebase Authentication (Google Identity)
Google Cloud Functions (2nd gen / Cloud Run)
Google BigQuery (read-only queries)

All fall under internal corporate compliance and Google Cloud contractual terms.

10. International Data Considerations

Data may be processed in US-based Google Cloud regions. No intentional geo-replication outside configured regions beyond standard provider redundancy.

11. Changes to This Policy

Material updates will revise the “Last Updated” date. Internal users should review periodically if operational scope expands.

12. Contact

For privacy or security inquiries, contact: mwkeller@gmail.com

If escalation is needed, refer to the internal security/compliance portal.

13. Summary

This Application minimizes data handling by performing transformation and validation in a controlled environment without persisting sensitive operational inputs server-side. Access is restricted and governed by corporate IAM and security policies.