What information does Cloud App Security use and how is it used?
USER GROUP DOMAIN AND LICENSE INFORMATION: We collect user, group and domain information from your G Suite domain. The user information includes user's first and last names, user's display name, user's primary email address, and which groups it belongs to. The group information includes group display name, and group id. The domain information is all the domain names in your G Suite account. When a user tries to provision our product with G Suite Account, we will take steps to verify the email address supplied to us to ensure it is accurate and it has the supported G Suite License. We will save your users, groups and domain names into our database, so you can choose which users and groups should be protected by our product. We will retain your information for as long as your account is active, as needed to provide you services, to comply with our legal obligations, resolve disputes, and enforce our agreements. If you wish to cancel our protection, you can remove your service account from our product portal and clean all your information. We do not share, sell, trade, or rent your user, group and domain information to third parties.
GOOGLE DRIVE FILE AND GMAIL EMAIL INFORMATION: Google Drive file or Gmail email that is collected by our products is considered confidential. If you enable a policy to protect some users, we will watch, download and scan their Google drive files and Gmail emails. We will not store or share this information. We will not view your files and emails except as necessary to appropriately support the service or as required by law. We will not view this information, except as necessary to appropriately support the service, for the purpose of diagnosing, supporting or resolving any problems that might limit or disrupt the quality of our customer's service experience or as required by law.
The efforts to implement privacy and data protection measures fall into the following areas:
Cloud App Security is designed by taking a "privacy by design" approach. "Privacy by design" is an approach to projects that promotes privacy and data protection compliance from the start. Cloud App Security does not store your data during scanning and stores quarantined objects within your own Google Drive and Gmail account. While in transit either between users and our servers or our servers and Google, data is encrypted using HTTPS. At the same time, cache data that Cloud App Security builds is just a hash value and cannot be converted back into original files.
To protect privacy during service operation, the Cloud App Security team applies mature operational practices, including management console access control, operation monitoring and auditing.