WP Cloud Plugins is a set of cloud plugins that provide innovative, beautiful cloud integrations for WordPress.

Privacy Policy

Use-your-Drive | Google Drive plugin for WordPress

Your privacy is very important to us. At WP Cloud Plugins we have a few fundamental principles that we follow:

      • We don’t ask you for personal information unless we truly need it.
      • We don’t share your personal information with anyone except to comply with the law, develop our products, or protect our rights.
      • We don’t store personal information on our servers.

    IMPORTANT: This privacy policy only applies if you are using our built-in app for authentication of Application plugin with your Google Drive account. If you configure the Application to use your own app, then it does not apply, since in that case all the Application data and communication is handled directly your own server.

    This privacy policy governs your use of Use-your-Drive | Google Drive plugin for WordPress (“Application”). Our privacy policy is structured as follows:

    Table of Content

        1. Information about us as controllers of your data
        2. The rights of users and data subjects
        3. Information about the data processing

      1. Information about us as controllers of your data

      The party responsible for this application (the “controller”) for purposes of data protection law is:

      Florisdeleeuw.nl
      De Genestetlaan
      2741AE Waddinxveen
      The Netherlands.
      [email protected]

      2. The rights of users and data subjects

      With regard to the data processing to be described in more detail below, users and data subjects have the right

          • to confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR);
          • to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);
          • to the immediate deletion of data concerning them (cf. also Art. 17 DSGVO), or, alternatively, if further processing is necessary as stipulated in Art. 17 Para. 3 GDPR, to restrict said processing per Art. 18 GDPR;
          • to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Art. 20 GDPR);
          • to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Art. 77 GDPR).

        In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 Para. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.

        Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controller’s future processing of their data pursuant to Art. 6 Para. 1 lit. f) GDPR.

        3. Information about the data

        Server data

        For technical reasons, the following data sent by your internet browser to us or to our server provider will be collected. These server log files record:

            • the type and version of your browser,
            • operating system,
            • the date and time of your visit,
            • the IP address from which you visited our site.
            • the short lived authorization code generated by the OAuth flow,
            • the application license code

          The data thus collected will be temporarily stored, but not in association with any other of your data. We carry out no processing on this information, except for the license code which is validated. None of the information is or will be transferred or shared with any third party.

          The basis for this storage is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website.

          The data will be deleted within no more than seven days, unless continued storage is required for evidentiary purposes. In which case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.

          Plugin authorization flow (OAuth)

          Use of the Application involves visiting our authentication server (website) as part of the authentication (OAuth) flow to provide the Application access to the Google Drive API. The Application obtains the following information when you use the built-in app for authentication and link the Application with your Google Drive Account:

              • Your WordPress website address.
              • Your Application license code
              • A short lived authorization code returned by the OAuth flow.

            This information is obtained and used after you decide to grant the Application the requested access via the Google OAuth consent screen. After giving the consent, you will be redirected to the server of wpcloudplugins.com which will redirect you back to your own site where the authorization process is finalized.
            This redirect via the server of wpcloudplugins.com is required for any easy plugin setup where you don’t need to create your own Google App which also allows you to set your own Authorized redirect URI.

            On your own server, the short lived authorization code will be exchanged for the actually access token and refresh token which are stored, encrypted, on your server. The authorization code can only be used once and will immediately become inactive after it has been exchanged for the access token or within minutes if it is not used.

            IMPORTANT: When you use the Application, all other communications are strictly between your server and the cloud storage service servers. The communication is encrypted and the communication will not go through WP Cloud Plugins servers. We do not have access to, collect or transfer your personal data.

            Google Permissions for OAuth

            In order for the Application to work seamlessly, several permissions are granted by users during the standard oAuth authorization flow. Please see their privacy policies for further details.

            The use and transfer of information received from Google APIs to this application is subject to the Google API Services User Data Policy, including the Limited Use requirements. 

            We do not have access to, collect or transfer your personal data. All user data is only received via your own server and stored on your own server.

                • (optional) Google Drive – Application Folder
                  scope: https://www.googleapis.com/auth/drive.file

                  Allow the Application to see, download, edit, create and delete only specific Google Drive files you use with this plugin. We ask for `see` permission so that you can view the files through the plugin modules. The `create` permission is required for letting uploading new content to your cloud account. The other permissions are needed so that you can manage your files on your cloud account. This includes downloading, renaming, editing, deleting and sharing those plugin specific files via the plugin modules. The plugin is not able to access any content on your Google Drive which is not uploaded via the plugin.
                  >>> Google Drive Privacy Policy and Terms of Use

                • (optional) Google Drive – Read-only
                  scope: https://www.googleapis.com/auth/drive.readonly

                  Allow the Application to see and download all of your Google Drive files and files shared with you. We ask for `see` permission so that you can list the files through the plugin modules, the `download` permission allows your users to downloads files from your Google Drive.
                  >>> Google Drive Privacy Policy and Terms of Use

                • (optional) Google Drive 
                  scope: https://www.googleapis.com/auth/drive

                  Allow the Application to see, download, edit, create and delete all of your Google Drive files and files shared with you. We ask for `see` permission so that you can view the files through the plugin modules. The `create` permission is required for letting uploading new content to your cloud account. The other permissions are needed so that you can manage your files on your cloud account. This includes renaming, editing, deleting and sharing your files via the plugin modules.
                  >>> Google Drive Privacy Policy and Terms of Use

                • Google User Profile
                  scope: https://www.googleapis.com/auth/userinfo.profile,

                  This permission is used by the Application to allow for locale detection and for showing your name and profile picture for easy account identification in the Application dashboard.
                  >>> Google Privacy Policy.

                • Google User Email
                  scope: https://www.googleapis.com/auth/userinfo.email

                  This permission is used by the Application to allow for locale detection and for showing your email for easy account identification in the Application dashboard.
                  >>> Google Privacy Policy.

              Do third parties see and/or have access to information obtained by the Application?

              We will share your information with third parties only in the ways that are described in this privacy statement:

                  • as required by law, such as to comply with a subpoena, or similar legal process;
                  • when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;

                Children

                We do not use the Application to knowingly solicit data from or market to children under the age of 18. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at [email protected]. We will delete such information from our files within a reasonable time.

                Security

                We are concerned about safeguarding the confidentiality of your information. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. For example, we limit access to this information to authorized employees who need to know that information in order to operate, develop or improve our Application. Please be aware that, although we endeavor to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.

                Changes

                This Privacy Policy may be updated from time to time for any reason. We will notify you of any changes to our Privacy Policy by posting the new Privacy Policy on this page. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes.

                Your Consent

                By using the Application, you are consenting to our processing of your information as set forth in this Privacy Policy now and as amended by us. “Processing,” means using or touching information in any way, including, but not limited to, collecting, storing, deleting, using, combining and disclosing information in ways needed to ensure the proper functionality of the Application and as described in this Privacy Policy.

                Contact us

                If you have any questions regarding privacy while using the Application, or have questions about our practices, please contact us via email at [email protected]

                Last revision: November 15, 2023