Privacy Policy
Last updated: April 8, 2026
Information We Collect
When you connect your Google Workspace account, Clearvew requests read-only OAuth 2.0 authorization scopes. We collect and store the OAuth access and refresh tokens issued by Google, your Google account email address, and metadata about the files and folders in your Google Drive — including file names, MIME types, sharing settings, permission lists, and last-modified timestamps. We do not access, read, download, or store the contents of any file. We also collect standard usage data such as IP addresses, browser type, and pages visited on our web application for security and analytics purposes.
How We Use Your Information
Drive metadata is used solely to generate risk reports and enable remediation actions on your behalf. OAuth tokens are used to make authorized API calls to Google Drive and the Google Admin SDK on your instruction. We use account and usage data to operate, maintain, and improve the service. We do not sell, rent, or share your personal data or Drive metadata with third parties for advertising or marketing purposes. Aggregated, de-identified statistics may be used internally to understand product usage trends.
Data Storage and Security
All data is stored in the United States on infrastructure provided by Amazon Web Services. OAuth tokens are encrypted at rest using AES-256 encryption and are never logged or exposed in plaintext outside of the encrypted datastore. Data in transit is protected with TLS 1.2 or higher. We implement access controls to limit which internal systems and personnel can access customer data, and we maintain an audit log of data access events.
Google API Usage
Clearvew's use of data received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Data obtained through Google APIs is used only to provide and improve the Clearvew service to the user who authorized access. We do not use Google user data for serving advertisements, and we do not allow humans to read your Google data unless you explicitly request support that requires it or we are required to do so by law.
Third-Party Services
We use a small number of third-party services to operate the platform, including cloud infrastructure (AWS), payment processing (Stripe), and error monitoring. Each sub-processor is bound by a data processing agreement and is not permitted to use customer data for any purpose other than performing services on our behalf. We do not use third-party analytics platforms that receive personally identifiable Drive data.
Data Retention
Scan results and Drive metadata are retained for the duration of your active subscription plus 30 days following cancellation or account deletion, after which they are permanently deleted. OAuth tokens are revoked and deleted immediately upon account disconnection or deletion. You may request earlier deletion at any time by contacting us.
Your Rights
You have the right to access the personal data we hold about you, request correction of inaccurate data, request deletion of your data, and revoke Google OAuth access at any time through your Google Account security settings. Revoking access will prevent future scans but does not automatically delete previously collected metadata — contact us to request full deletion. If you are located in the European Economic Area or the United Kingdom, you may have additional rights under the GDPR or UK GDPR.
Contact Us
If you have questions about this Privacy Policy or want to exercise your data rights, please contact us at hello@clearvew.io. We will respond to all privacy-related inquiries within 30 days.