GOOGLE DRIVE PRIVACY POLICY

This document describes how Cloud Storage ("we", "us", "our", the "App") accesses, uses, stores, and shares Google user data when a user connects their Google Drive account through our Cloud Drives feature. It supplements our main Privacy Policy.

1. Who We Are

Cloud Storage is a cloud file storage platform available at https://cloudstorage.bar. We allow users to import files from third-party cloud storage providers (including Google Drive) into their Cloud Storage account.

2. Google API Services User Data Policy

Cloud Storage's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

This means we will not:

• Use Google user data to serve advertisements
• Allow humans to read Google user data unless we have your explicit consent, it is required for security purposes (e.g. investigating abuse), to comply with applicable law, or our use is for internal operations and the data has been aggregated and anonymized
• Transfer Google user data to third parties except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users
• Use Google user data for any purpose other than providing the user-facing features of the Cloud Storage Cloud Drives integration

3. Scopes Requested

When a user connects their Google Drive account, we request the following OAuth scope:

• https://www.googleapis.com/auth/drive — full read/write access to files in the user's Google Drive

Why this scope is needed: rclone (the underlying open-source library we use to interact with Google Drive) requires the full drive scope to reliably list, browse, and read files for import. We never modify, create, or delete files in the user's Google Drive — the scope is read-only in practice from the user's perspective. We do not write back to Google Drive.

4. What Google User Data We Access

Only files and folder metadata that the user explicitly browses or selects for import. Specifically:

• File and folder names, sizes, modification dates, and folder structure — fetched on demand when the user opens a folder in our Cloud Drives browser
• File contents — only when the user clicks "Import" on a specific file or folder. The file is streamed directly from Google Drive into the user's Cloud Storage storage. We do not bulk-scan, index, or pre-fetch files
• The user's Google account email address — used only as the display label for the connected drive

5. How We Store Google User Data

• OAuth tokens (access token + refresh token) are stored in our database, encrypted at rest, and used solely to make subsequent rclone API calls on the user's behalf
• File contents are streamed directly through our server and stored in the user's Cloud Storage account on our backend storage. After import, the file is treated like any other file the user uploaded directly. See the main Privacy Policy for how we handle stored files
• We do not retain the original Google Drive file IDs, paths, or metadata beyond the import operation
• We do not store browse-cache, file lists, or any Google data not actively being imported

6. Data Retention

• OAuth tokens are kept until the user disconnects the drive (via the Cloud Drives drawer in the app) or deletes their Cloud Storage account
• Imported files are kept according to the Cloud Storage main retention policy — the user controls them and can delete them at any time
• If the user revokes our app's access via their Google account permissions page, we lose access immediately and the stored tokens become non-functional

7. Sharing and Disclosure

We do not sell, share, or transfer Google user data to any third party. Specifically:

• We do not share Google user data with advertising networks, data brokers, or analytics providers
• We do not use Google user data to train AI/ML models
• The only "transfer" that occurs is the user-initiated copy of selected files from their Google Drive into their own Cloud Storage storage account
• We may disclose Google user data only when required by valid legal process (subpoena, court order) or to investigate abuse / security incidents, as permitted by the Google API Services User Data Policy

8. Security

OAuth tokens are stored encrypted. All connections to Google APIs use HTTPS. Access to our database is restricted to authorized personnel and audited. We follow industry-standard security practices and apply the Google API Services User Data Policy's security requirements.

9. How to Revoke Access and Delete Data

Users have multiple ways to remove our access to their Google Drive:

• In-app: open Cloud Drives in Cloud Storage, click the trash icon next to the connected Google Drive entry. This deletes the OAuth tokens from our database immediately
• From Google: visit https://myaccount.google.com/permissions, find Cloud Storage, and click "Remove Access". Our stored tokens will become invalid the next time we try to use them
• Full account deletion: deleting your Cloud Storage account removes all OAuth tokens and associated data
• By email: contact us using the address below to request manual deletion of any data we hold

10. Children's Privacy

Cloud Storage is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with information, please contact us so we can delete it.

11. Changes to This Policy

We may update this Google Drive Privacy Policy from time to time. Material changes will be reflected in the "last updated" date below. Continued use of the Google Drive integration after a change constitutes acceptance of the updated policy.

12. Contact

For questions about this policy, to request data deletion, or to report a security concern, please use the contact options on the main Cloud Storage website (https://cloudstorage.bar).

Last updated: 2026-04-07