-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #26 from dekart-xyz/cloud-security-faq
Cloud security FAQ
- Loading branch information
Showing
7 changed files
with
92 additions
and
45 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| --- | ||
| title: "Security Considerations" | ||
| description: "Why Dekart Cloud is Secure" | ||
| date: 2021-02-22T07:48:05+01:00 | ||
| lastmod: 2021-02-22T07:48:05+01:00 | ||
| draft: false | ||
| menu: | ||
| docs: | ||
| parent: "cloud" | ||
| images: [] | ||
| --- | ||
|
|
||
| <p class="lead text-left"><a href="/">Dekart Cloud</a> is designed to make your cybersecurity and legal teams happy. We achieve it by never storing tokens, and query results in Dekart Cloud backend.</p> | ||
|
|
||
| <!-- * **Passthrough Authentication**: Short-lived Google OAuth token is passed from your browser to Google APIs and never stored on Dekart Cloud backend. | ||
| * **No User Data Storage**: Query results are stored on Google Cloud Storage bucket provided by you. | ||
| * **Compliance Friendly**: We comply with [Google API Services User Data Policy](https://cloud.google.com/terms/services) and verified by Google's Trust & Safety team. --> | ||
|
|
||
| ### What permissions am I granting to Dekart, and why are they necessary? | ||
|
|
||
| You are granting Dekart the following scopes: | ||
| * `https://www.googleapis.com/auth/bigquery` this scope grants Dekart the ability to manage user data in Google BigQuery, encompassing actions like running queries, managing datasets, and configuring settings. | ||
| * `https://www.googleapis.com/auth/devstorage.read_write` this scope allows Dekart to read and write user data in Google Cloud Storage, enabling it to manage files and potentially other data storage elements. | ||
|
|
||
| These permissions are necessary for Dekart to run queries and store results in your Google Cloud Storage bucket. | ||
|
|
||
| ### How will my data be used and protected? | ||
|
|
||
| SQL queries and their results are stored in Google Cloud Storage bucket *provided by you!* We never store tokens, and query results in Dekart Cloud backend. Nobody at Dekart can access your BigQuery data or Google Cloud Storage bucket. | ||
|
|
||
| ### Can I revoke Dekart's access if I change my mind? | ||
|
|
||
| Yes, you can revoke Dekart's access to your Google Cloud resources by signing out of Dekart Cloud. This will remove Dekart's access to your Google Cloud resources and prevent Dekart from running queries or storing results in your Google Cloud Storage bucket. | ||
|
|
||
| ### Does Dekart comply with data protection regulations? | ||
|
|
||
| We are committed to upholding the principles of GDPR and ensuring that your data rights are respected. We also comply with [Google API Services User Data Policy](https://cloud.google.com/terms/services) and verified by Google's Trust & Safety team. | ||
|
|
||
| ### What support is available if I have issues or questions about data access? | ||
|
|
||
| If you have any questions or issues about data access, please contact us via email at [[email protected]](mailto:[email protected]) or via [Slack](https://slack.dekart.xyz/). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -9,27 +9,42 @@ images: [] | |
|
|
||
| # Dekart Cloud Privacy Policy | ||
|
|
||
| Effective Date: 2024-02-21 | ||
| Effective Date: 2024-03-10 | ||
|
|
||
| Welcome to Dekart Cloud. This Privacy Policy describes how Dekart XYZ UG (haftungsbeschränkt) ("Dekart Cloud," "we," "us," or "our") collects, uses, and shares information about you through our digital platforms and services. By accessing or using our services, you agree to the collection and use of information in accordance with this policy. | ||
| This Privacy Policy outlines how Dekart XYZ UG (haftungsbeschränkt) (“Dekart Cloud,” “we,” “us,” or “our”) manages your data in compliance with the General Data Protection Regulation (GDPR) and other relevant laws. By accessing or using our services, you acknowledge that you have read this policy and understand your rights. | ||
|
|
||
|
|
||
| ## Compliance with Google API Services User Data Policy | ||
| ## Information We Collect and Process | ||
|
|
||
| Our application's use and transfer to any other application of information received from Google APIs comply with the [Google API Services User Data Policy](https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specific_api_scopes), including the Limited Use requirements. We ensure that the handling of data received through Google APIs is done with the utmost care and respect for your privacy and data security. | ||
| Personal Information: We collect your email address solely for authorization, communication, and service delivery purposes. The lawful basis for processing this data is to fulfill our contractual obligations to you. | ||
| Metadata: We gather metadata such as report names, data warehouse usage, and map configurations to enhance our services. This data is processed on the basis of legitimate interests in improving and personalizing our offerings. | ||
|
|
||
| Nobody at Dekart Cloud has access to your data and results of your queries. | ||
|
|
||
| ## Information We Collect | ||
| Payment Information: Payments are processed by our third-party provider, Stripe. We do not store payment details. | ||
| Your Data Protection Rights | ||
|
|
||
| Personal Information: We collect your email address for authorization purposes and to communicate with you. We also collect metadata about the reports, data warehouse jobs (like id, bites processed), and map configurations and report names you create, including the names of the data warehouses used and bucket names. We do not store SQL queries, data caches, or access tokens. | ||
| You have the right to access, rectify, erase, and port your data, and to restrict or object to its processing. You can withdraw consent at any time, where applicable. To exercise these rights, please contact us at [email protected]. | ||
|
|
||
| Nobody at Dekart Cloud has access to your data or warehouse credentials. | ||
| ### Compliance with Google API Services User Data Policy | ||
|
|
||
| Payment Information: Payment processing is handled by our third-party service provider, Stripe. We do not store your payment data. | ||
| Our application's use and transfer to any other application of information received from Google APIs comply with the [Google API Services User Data Policy](https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specific_api_scopes), including the Limited Use requirements. We ensure that the handling of data received through Google APIs is done with the utmost care and respect for your privacy and data security. | ||
|
|
||
| ## How We Collect Information | ||
| ### How We Collect Information | ||
|
|
||
| We collect information directly from you when you sign up via Google OAuth and when you use our services. Metadata is automatically generated by our backend systems hosted on Google Cloud and stored in a Cloud SQL database. | ||
|
|
||
|
|
||
| ## Security Measures | ||
|
|
||
| We employ robust security practices to protect your data, including encryption and restricted access. We commit to notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. | ||
|
|
||
| Our infrastructure implements state-of-the-art security practices, including network security, credential storage, and two-factor authentication for data access. | ||
|
|
||
| ## Data Sharing and Transfers | ||
|
|
||
| Your data is hosted within the EU and is not transferred internationally without adequate protections. We use third-party services that comply with GDPR and provide necessary safeguards. | ||
|
|
||
| ## Use of Your Information | ||
|
|
||
| Your information is used to provide our services, communicate with you, and for marketing purposes. We strive to improve our offerings based on the data we collect. | ||
|
|
@@ -38,40 +53,23 @@ Your information is used to provide our services, communicate with you, and for | |
|
|
||
| Access to your information is limited to Dekart XYZ shareholders. We may share your information with third parties in compliance with legal obligations or to provide you with our services. | ||
|
|
||
| ## Protection of Your Information | ||
| ## Retention of Data | ||
|
|
||
| We prioritize the security of your data. Our infrastructure on Google Cloud implements state-of-the-art security practices, including network security, credential storage, and two-factor authentication for data access. | ||
|
|
||
| ## Your Rights | ||
|
|
||
| You have the right to access, correct, or request the deletion of your personal data. To exercise these rights, please contact us at [email protected]. We adhere to standard GDPR rights regarding personal data. | ||
| Data is kept for as long as necessary to provide our services, and is securely deleted after one year of inactivity or upon your request, whichever comes first. | ||
|
|
||
| ## Cookies and Tracking Technologies | ||
|
|
||
| Dekart Cloud does not use cookies or similar tracking technologies. | ||
|
|
||
| ## Data Retention | ||
|
|
||
| Your information is retained for as long as necessary to provide our services. After the termination of services, data is deleted after one year or upon your request. | ||
|
|
||
| ## Changes to This Privacy Policy | ||
|
|
||
| We reserve the right to update our Privacy Policy. Updates will be published on our website at this URL. | ||
|
|
||
| ## Contact Information | ||
|
|
||
| For privacy-related inquiries, please contact [email protected]. | ||
|
|
||
| ## International Data Compliance | ||
|
|
||
| Dekart Cloud complies with international data protection laws, including GDPR and CCPA, as applicable to our operations as a Germany-based company. | ||
|
|
||
| ## International Data Transfer | ||
| ## Commitment to Compliance | ||
|
|
||
| Data is hosted in the EU/Frankfurt. We use third-party services like Mailchimp, Gmail, and Slack for communication, ensuring compliance with international data protection standards. | ||
| We are committed to upholding the principles of GDPR and ensuring that your data rights are respected. | ||
|
|
||
| ## Third-Party Services | ||
| ## Contact Us | ||
|
|
||
| We integrate services such as Plausible Analytics and Google OAuth, which adhere to privacy standards affecting user data. | ||
| For any questions about this policy or our privacy practices, contact our Data Protection Officer at [email protected]. | ||
|
|
||
| This Privacy Policy provides a comprehensive overview of our data practices. For more detailed information or if you have questions, please contact us directly. | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,2 @@ | ||
| <p><small>Posted {{ .PublishDate.Format "January 2, 2006" }} by {{ if .Params.contributors -}}{{ range $index, $contributor := .Params.contributors }}{{ if gt $index 0 }} and {{ end }}<a class="stretched-link position-relative" href="{{ "/contributors/" | absURL }}{{ . | urlize }}/">{{ . }}</a>{{ end -}}{{ end -}} ‐ <strong>{{ .ReadingTime -}} min read</strong></small><p> | ||
| <!-- <p><small>Posted {{ .PublishDate.Format "January 2, 2006" }} by {{ if .Params.contributors -}}{{ range $index, $contributor := .Params.contributors }}{{ if gt $index 0 }} and {{ end }}<a class="stretched-link position-relative" href="{{ "/contributors/" | absURL }}{{ . | urlize }}/">{{ . }}</a>{{ end -}}{{ end -}} ‐ <strong>{{ .ReadingTime -}} min read</strong></small><p> --> | ||
| <p><small>by {{ if .Params.contributors -}}{{ range $index, $contributor := .Params.contributors }}{{ if gt $index 0 }} and {{ end }}<a class="stretched-link position-relative" href="{{ "/contributors/" | absURL }}{{ . | urlize }}/">{{ . }}</a>{{ end -}}{{ end -}} ‐ <strong>{{ .ReadingTime -}} min read</strong></small><p> |