This Privacy Policy explains how [ENTITY] (“EeeQ7”, “we”, “us”) handles information
when you use Index (the “Service”) at index.eq7.in.
Index is a private tool that connects to your Google account, builds a searchable index of your
files, and lets you search them. Access is controlled by an administrator, who may grant access to
specific people or enable open access for anyone with a Google account.
1. Information we access
- Account identity. When you sign in with Google we receive your email address,
basic profile (name) and Google account identifier, used only to authenticate you and match you
to your granted access.
- Google Drive data (read-only). If you connect Google Drive, we request the
drive.readonly scope. We read file and folder metadata — such as names, types,
sizes, owners, modified dates, parent folders and links — to build your searchable index. We access
file content only as needed to serve read-only operations you initiate. We never create,
modify, or delete anything in your Drive.
2. How we use it
- To build and maintain a personal, searchable index of the files you connect.
- To display those results back to you, and only to you, inside the Service.
- To keep your index reasonably fresh via background synchronization.
We do not use your Google data for advertising, and we do not sell it.
Google Limited Use disclosure. Index’s use and transfer of information received from
Google APIs to any other app will adhere to the
Google
API Services User Data Policy, including the Limited Use requirements. We do not transfer or sell
this data, do not use it for personalized advertising, and do not allow humans to read it except with
your explicit consent, for security/abuse or legal reasons, or where the data has been aggregated and
anonymized. Google user data is never used to train generalized AI/ML models.
3. Storage and security
- Indexed metadata is stored in our database on our hosting provider, isolated per user.
- OAuth refresh tokens are encrypted at rest and never leave our server; we use them
only to refresh short-lived access tokens for synchronization.
- All traffic is served over HTTPS. Access to the Service requires a Google sign-in and an
administrator-granted permission.
4. Data retention and deletion
- Disconnect a service inside Index to immediately delete its stored tokens and its
local index from our systems.
- When an administrator removes your access, your connections and indexed data are deleted.
- You can revoke Index’s access at any time from your Google Account at
myaccount.google.com/permissions.
5. Sharing
We do not share your Google data with third parties, except infrastructure providers strictly necessary
to operate the Service (e.g. hosting), or where required by law. We never sell your data.
6. Children
The Service is not directed to children under 13 (or the equivalent minimum age in your jurisdiction).
7. Changes
We may update this policy; material changes will be reflected by the “Last updated” date above and,
where appropriate, communicated to you.
8. Contact
Questions or data requests: [CONTACT_EMAIL].