What is the privacy policy for use of your Google Drive app?

This privacy policy is published by the creators of UpdraftPlus, Updraft WP Software Ltd (UK) (please see the footer of this page for company registration number). It applies only if you are using our built-in app for authentication. If you configure UpdraftPlus to use your own app, then it does not apply, since in that case no data comes to any of our servers (and so no policy for handling that data is needed). Also you may want to note Google’s own terms and conditions (which forbid use of consumer Google Drive accounts for commercial purposes).

Note that Google Drive does not provide a security model that keeps any data stored via an app (such as UpdraftPlus) separate from other data stored by the same app. i.e. It is not suitable for storing data that belongs to separate websites if administrators of those websites should not be able to access each other’s data. That is not an UpdraftPlus decision, that is the Google Drive security model; Google want you to instead use Google Cloud for commercial use. (Other commercial storage providers are available, of course).

Use of Google Drive with UpdraftPlus involves visiting our authentication server (website) as part of the authentication (OAuth) flow. Note that no backup data or other data from your WordPress site goes to our servers – this all remains on your server on which you are hosting WordPress. So, when you see the Google permission authorisation screen, it is asking you about what the plugin, running on your webserver, will be able to do.

The authentication procedure will cause:

  • Your IP address to be logged in our webserver logs. No further processing of these logs is carried out. These logs are kept for 6 months in accordance with UK law, and then automatically deleted. We carry out no further processing on them. They are not shared with any third party.
  • (If authentication succeeds) your Google account identifier to be stored in the authentication server’s database, so that the necessary authentication token can be given to your site if it requests it again. We carry out no further processing on them. They are not shared with any third party.

No other data is sent or implicitly gathered by any of our servers in the process of using Google Drive. Any changes to this privacy policy in future will be notified of on this page.

Posted in: Google Drive