PolicyBot in Google Docs
PolicyBot is the InPolicy reviewer for Google Docs. Share any doc with policybot@inpolicy.ai as a Commenter, and within about a minute it will:
- Drop an “I just received your share — reviewing” comment at the top within seconds, then update that same comment with the final summary when detection finishes.
- Add anchored comments on text that may violate a policy.
- Use Suggesting mode to propose fixes for redactions and rewrites you can accept with one click.
- Remove itself from the share list when it’s done — your security and privacy stay intact.
Sharing a doc with PolicyBot
Section titled “Sharing a doc with PolicyBot”- Open the Google Doc you want reviewed.
- Click Share in the top-right.
- Add
policybot@inpolicy.aias a Commenter. - Click Send.
That’s it — PolicyBot acknowledges the share within a few seconds and updates the same comment with the final summary within about a minute.
What the summary comment tells you
Section titled “What the summary comment tells you”Every reviewed doc gets one doc-top comment from PolicyBot. While the review is in flight the comment reads “I just received your share — reviewing this document now”; once detection completes it updates to one of the outcomes below. The comment stays in the same thread the whole time, so you never see two doc-top comments for one review.
| What we found | What the summary says |
|---|---|
| No InPolicy account for your company | PolicyBot didn’t find an account on your email’s domain and sends you to inpolicy.ai to sign up (the first user at every company is free). |
| Company has an account but you don’t | PolicyBot tells you the admin email to contact for access. |
| Your account exists but has no policies | PolicyBot tells you to reach out to help@inpolicy.ai to get a role on a Policy Area. |
| Reviewed, no violations found | PolicyBot confirms it ran against the policies you have access to and nothing crossed the confidence threshold. |
| Reviewed, violations found | PolicyBot lists each finding with policy name, severity, AI confidence, and a link to the policy, anchored to the relevant text below. |
What PolicyBot does after the review
Section titled “What PolicyBot does after the review”PolicyBot’s goal is to leave the doc cleanly: review done, comments posted, minimal lingering access. The cleanup behavior depends on how the doc was shared.
- Directly shared, Editor access. PolicyBot revokes its own permission via the Drive API as soon as the review finishes. No action needed on your end — the closing comment just notes it’s done.
- Directly shared, Commenter access. PolicyBot can’t programmatically revoke a Commenter-mode share, but it does move the doc out of its own view (Drive’s “Move to Trash” shortcut — works for the bot’s account, doesn’t affect yours). The closing comment asks you to remove PolicyBot from the sharing menu when convenient so the bot is fully off the file’s permission list. Until you do, the bot’s account no longer has a way to find the doc (no plaintext doc URLs stored on our side), so the lingering permission has no realistic discovery path.
- Folder share or shared-drive item. PolicyBot doesn’t review docs it only sees because you added it to a parent — only docs you directly share. It moves the doc out of its own view but leaves no comment. To fully revoke, remove PolicyBot from the parent folder or shared drive.
If you ever want to fully revoke PolicyBot’s access from any doc manually, the sharing menu (right click → Share → click “X” next to policybot@inpolicy.ai) is the universal answer.
Reading the per-violation comments
Section titled “Reading the per-violation comments”Each anchored comment ends with two lines that show the actual rule and the metadata, so you can size up the finding without leaving the doc:
WARNING: This passage discloses an internal product roadmap to an external recipient.
— “No internal product roadmaps may be shared with external parties without explicit VP approval.” High severity · 87% confidence · https://app.inpolicy.ai/policies/conf-roadmap-1
For Suggesting-mode fixes, the same two lines appear as a reply on the suggestion’s thread, since the suggestion diff is the explanation.
The fields:
- Quoted rule — the exact policy text that flagged the passage, so you can judge the call without clicking through.
- Severity — Minor, Low, Medium, High, or Critical. Set per policy by your admin or Policy Lead.
- Confidence — how sure PolicyBot’s model is, from 0–100%. Each policy has a configurable threshold; below it, PolicyBot stays silent.
- Policy link — opens the policy detail page in InPolicy so you can read the full policy, severity rationale, and any examples.
Asking for another review
Section titled “Asking for another review”When PolicyBot finishes, it removes the doc from its own view and asks you to share it again if you want another pass. Re-sharing busts our review cache, so the next review picks up your latest changes — even if the doc body hasn’t changed since last time.
Re-sharing won’t duplicate prior comments. Before posting, PolicyBot checks the doc for its own open comments and skips any whose anchored passage and policy match a comment that’s still live. Closed (resolved or deleted) comments don’t count — if a finding is still relevant, PolicyBot re-flags it. When every finding already has an open comment, the summary at the top of the doc will say so instead of adding redundant flags below.
Privacy
Section titled “Privacy”PolicyBot only sees the docs you explicitly share with it. It uses the same policy-evaluation infrastructure as the rest of InPolicy and does not store your doc contents past the review window. See Privacy & data handling for the full data-handling policy.