GOOGLE DRIVE PRIVACY POLICY

This document describes how Cloud Storage ("we", "us", "our", the "App") accesses, uses, stores, and shares Google user data when a user connects their Google Drive account through our Cloud Drives feature. It supplements our main Privacy Policy.

1. Who We Are

Cloud Storage is a cloud file storage platform available at https://cloudstorage.bar. We allow users to import files from third-party cloud storage providers (including Google Drive) into their Cloud Storage account.

2. Google API Services User Data Policy

Cloud Storage's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

This means we will not:

• Use Google user data to serve advertisements
• Allow humans to read Google user data unless we have your explicit consent, it is required for security purposes (e.g. investigating abuse), to comply with applicable law, or our use is for internal operations and the data has been aggregated and anonymized
• Transfer Google user data to third parties except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users
• Use Google user data for any purpose other than providing the user-facing features of the Cloud Storage Cloud Drives integration

3. Scopes Requested

When a user connects their Google Drive account, we request the following OAuth scope:

• https://www.googleapis.com/auth/drive.readonly — read-only access to view and download the user's Google Drive files

Why this scope is needed: We use the drive.readonly scope because users browse and import files (and folders) through our native file browser, which requires read access across their Drive in order to list folder contents. The scope is strictly read-only — we cannot create, modify, or delete any file in the user's Google Drive. We only read file metadata for folders the user navigates to and only download file contents for files or folders the user explicitly imports.

4. What Google User Data We Access

Only data needed to render our file browser and execute imports the user has explicitly initiated. Specifically:

• File and folder metadata (names, sizes, paths, MIME types) — fetched on demand for folders the user navigates to inside our file browser. Not retained after the request
• File contents — only when the user explicitly imports a specific file or folder. Files are streamed directly from Google Drive into the user's Cloud Storage storage. We do not bulk-scan, index, or pre-fetch files
• Google Workspace documents (Docs, Sheets, Slides) — when the user imports a Workspace document, we additionally call Google's export endpoint to convert it to PDF for storage. The original Workspace document in Google Drive is unchanged
• The user's Google account email address — fetched once during OAuth connection to label the connected drive. Not stored beyond the display name

5. How We Store Google User Data

• OAuth tokens (access token + refresh token) are stored in our database, encrypted at rest, and used solely to stream user-selected files from Google Drive on the user's behalf
• File contents are streamed directly through our server and stored in the user's Cloud Storage account on our backend storage. After import, the file is treated like any other file the user uploaded directly. See the main Privacy Policy for how we handle stored files
• We do not retain the original Google Drive file IDs, paths, or metadata beyond the import operation
• We do not store browse-cache, file lists, or any Google data not actively being imported

6. Data Retention

• OAuth tokens are kept until the user disconnects the drive (via the Cloud Drives drawer in the app) or deletes their Cloud Storage account
• Imported files are kept according to the Cloud Storage main retention policy — the user controls them and can delete them at any time
• If the user revokes our app's access via their Google account permissions page, we lose access immediately and the stored tokens become non-functional

7. Sharing and Disclosure

We do not sell, share, or transfer Google user data to any third party. Specifically:

• We do not share Google user data with advertising networks, data brokers, or analytics providers
• We do not use Google user data to train AI/ML models
• The only "transfer" that occurs is the user-initiated copy of selected files from their Google Drive into their own Cloud Storage storage account
• We may disclose Google user data only when required by valid legal process (subpoena, court order) or to investigate abuse / security incidents, as permitted by the Google API Services User Data Policy

8. Security

OAuth tokens are stored encrypted. All connections to Google APIs use HTTPS. Access to our database is restricted to authorized personnel and audited. We follow industry-standard security practices and apply the Google API Services User Data Policy's security requirements.

9. How to Revoke Access and Delete Data

Users have multiple ways to remove our access to their Google Drive:

• In-app: open Cloud Drives in Cloud Storage, click the trash icon next to the connected Google Drive entry. This deletes the OAuth tokens from our database immediately
• From Google: visit https://myaccount.google.com/permissions, find Cloud Storage, and click "Remove Access". Our stored tokens will become invalid the next time we try to use them
• Full account deletion: deleting your Cloud Storage account removes all OAuth tokens and associated data
• By email: contact us using the address below to request manual deletion of any data we hold

10. Children's Privacy

Cloud Storage is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with information, please contact us so we can delete it.

11. Changes to This Policy

We may update this Google Drive Privacy Policy from time to time. Material changes will be reflected in the "last updated" date below. Continued use of the Google Drive integration after a change constitutes acceptance of the updated policy.

12. Contact

For questions about this policy, to request data deletion, or to report a security concern, please use the contact options on the main Cloud Storage website (https://cloudstorage.bar).

Last updated: 2026-05-07