Trend Micro Cloud App Security ensures that your data is protected and used in a transparent manner while providing
understand what data we collect, why we collect it, and what we do with it.
What information does Cloud App Security use and how is it used?
USER GROUP DOMAIN AND LICENSE INFORMATION: We collect user, group and domain information from your G Suite domain.
The user information includes user's first and last names, user's display name, user's primary email address, and
which groups it belongs to. The group information includes group display name, and group id. The domain
information is all the domain names in your G Suite account. When a user tries to provision our product with G
Suite Account, we will take steps to verify the email address supplied to us to ensure it is accurate and it has
the supported G Suite License. We will save your users, groups and domain names into our database, so you can
choose which users and groups should be protected by our product. We will retain your information for as long as
your account is active, as needed to provide you services, to comply with our legal obligations, resolve disputes,
and enforce our agreements. If you wish to cancel our protection, you can remove your service account from our
product portal and clean all your information. We do not share, sell, trade, or rent your user, group and domain
information to third parties.
GOOGLE DRIVE FILE AND GMAIL EMAIL INFORMATION: Google Drive file or Gmail email that is collected by our products
is considered confidential. If you enable a policy to protect some users, we will watch, download and scan their
Google drive files and Gmail emails. We will not store or share this information. We will not view your files and
emails except as necessary to appropriately support the service or as required by law. We will not view this
information, except as necessary to appropriately support the service, for the purpose of diagnosing, supporting
or resolving any problems that might limit or disrupt the quality of our customer's service experience or as
required by law.
The efforts to implement privacy and data protection measures fall into the following areas:
Cloud App Security is designed by taking a "privacy by design" approach. "Privacy by design" is an approach to
projects that promotes privacy and data protection compliance from the start. Cloud App Security does not store
your data during scanning and stores quarantined objects within your own Google Drive and Gmail account. While in
transit either between users and our servers or our servers and Google, data is encrypted using HTTPS. At the same
time, cache data that Cloud App Security builds is just a hash value and cannot be converted back into original
To protect privacy during service operation, the Cloud App Security team applies mature operational practices,
including management console access control, operation monitoring and auditing.