Note that Google Drive does not provide a security model that keeps any data stored via an app (such as UpdraftPlus) separate from other data stored by the same app. i.e. It is not suitable for storing data that belongs to separate websites if administrators of those websites should not be able to access each other’s data. That is not an UpdraftPlus decision, that is the Google Drive security model; Google want you to instead use Google Cloud for commercial use. (Other commercial storage providers are available, of course).
Use of Google Drive with UpdraftPlus involves visiting our authentication server (website) as part of the authentication (OAuth) flow. Note that no backup data or other data from your WordPress site goes to our servers – this all remains on your server on which you are hosting WordPress. So, when you see the Google permission authorisation screen, it is asking you about what the plugin, running on your webserver, will be able to do.
The authentication procedure will cause:
- Your IP address to be logged in our webserver logs. No further processing of these logs is carried out. These logs are kept for 6 months in accordance with UK law, and then automatically deleted. We carry out no further processing on them. They are not shared with any third party.
- (If authentication succeeds) your Google account identifier to be stored in the authentication server’s database, so that the necessary authentication token can be given to your site if it requests it again. We carry out no further processing on them. They are not shared with any third party.
Posted in: Google Drive