Privacy Policy

1. Introduction

DriveWidget ("we", "us", or "our"), operated by Sanheen Sethi, respects your privacy. This policy explains what data we collect, how we use it, and your rights regarding your information.

2. Data We Collect

Account Data: Email address, name, and password hash when you register.

Google OAuth Data: When you connect Google Drive, we receive an access token and refresh token to manage files on your behalf. We store these tokens securely and encrypted.

Usage Data: API request counts, widget views, and upload statistics for billing and analytics.

Payment Data: Payment processing is handled by Razorpay. We do not store your credit card or bank details. We only receive transaction confirmation and subscription status.

3. Data We Do NOT Collect

Uploaded Files: Files uploaded through DriveWidget go directly to the user's Google Drive. We do not store, read, or process the contents of uploaded files on our servers. Files pass through our servers only during the upload transfer and are not retained.

4. How We Use Your Data

• To provide and maintain the Service
• To authenticate you and manage your account
• To process payments and manage subscriptions
• To enforce usage limits per your subscription plan
• To send important service updates (not marketing)
• To improve the Service based on aggregate usage patterns

5. Google API Disclosure

DriveWidget's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only request the minimum scopes necessary to provide the Service (Google Drive file management).

6. Data Sharing

We do not sell, trade, or share your personal data with third parties except:

• Razorpay: For payment processing
• Google: For Drive integration (via OAuth)
• Legal requirements: If required by law or to protect our rights

7. Data Security

We use industry-standard security measures including HTTPS encryption, hashed passwords (bcrypt), encrypted OAuth tokens, and secure database access. However, no system is 100% secure, and we cannot guarantee absolute security.

8. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your data within 30 days. Google OAuth tokens are revoked upon account deletion or disconnection.

9. Cookies

We use essential cookies for authentication (session tokens). We do not use tracking cookies or third-party advertising cookies.

10. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and data
• Revoke Google Drive access at any time
• Export your data

11. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this policy at any time. We will notify users of material changes via email. Continued use after changes constitutes acceptance.

13. Contact

For privacy-related questions, contact us at sanheensethi37659@gmail.com.