Very cool - I like your idea to store all of the data using a Google Drive realtime document. But I'm not sure how you are able to handle authentication and permissions, e.g. limiting a field/model to only be visible to certain users. AFAIK read access to a document in Drive is all-or-nothing, and there doesn't seem to be a way to let a user only view a portion of the document. Are you only enforcing the access control in the client-side logic? If so, that's not even remotely secure....
By permission, we mean that each team's data is hosted on a single document, and when you add a member, they can see both the data in the app and also binary files associated with that data. We don't try to do differing levels of permissions not supported by google
