Talk To An Expert

Bytemonk Data Risk Management Platform Privacy Policy

1. Google User Data We Access

Depending on the integrations enabled by your organization, our application may request access to the following Google data types:

Gmail Integration

  • Email metadata (sender, recipient, subject, timestamps)
  • Email body text (read-only)
  • Attachments (read-only)

Google Drive Integration

  • File metadata (file name, mime type, owner, creation time)
  • File content (read-only)
  • Folder metadata

Google Workspace Admin Data (if applicable)

  • Domain-level configuration information
  • User and group metadata

We only request the minimum set of scopes necessary to perform security scanning and policy enforcement.

2. How We Use Google User Data

We use Google user data solely for the following security and compliance purposes:

Content Scanning & DLP Policy Enforcement:

Analyzing Gmail messages and Drive files to detect sensitive information such as PII, financial data, secrets, source code, or policy violations.

Real-Time Alerts & Incident Reporting:

Generating alerts for administrators when a data-loss event is detected.

Policy Decisioning:

Applying organization-configured rules (e.g., flag, quarantine, block, or log).

Audit Logging & Compliance:

Recording timestamped events for audit trails required by SOC2, ISO27001, or internal security standards.

We do not use Google user data for:

  • Advertising
  • User profiling
  • Marketing purposes
  • Selling or monetizing data

3. Data Storage & Retention

Temporary Processing

  • Gmail and Google Drive content is scanned in-memory or transiently processed.
  • File or email content is not permanently stored 

Stored Data (if enabled by admin settings)

We may store:

  • Incident summaries
  • Policy violation metadata
  • Extracted classification snippets (limited text around matched content)
  • Audit logs

All stored data is encrypted at rest and in transit using industry-standard protocols.

Your organization administrator controls:

  • Data retention period
  • Storage location (if self-hosted)
  • Deletion policies

4. Data Sharing

We never share Google user data with third parties except:

  • With your organization’s authorized administrators
     (for monitoring alerts, violations, and audit logs).
  • To comply with legal obligations
     (only when required by applicable law or valid legal process).

We do not sell, rent, or trade user data.

5. User Consent & Admin Authorization

Since this is an enterprise DLP tool, Google Workspace administrators may grant domain-wide access.
 End-users may see activity depending on the Workspace admin’s transparency settings.

We only operate on accounts authorized by your organization.

6. Data Security

We implement industry-standard security measures, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Strict role-based access control
  • Periodic vulnerability assessments
  • Continuous monitoring and threat detection
  • Least-privilege principle for all system components

7. Data Deletion

Upon request from your organization’s administrator:

  • All logs, incidents, and processed metadata can be permanently deleted.
  • Domain-wide access to Gmail/Drive can be revoked immediately.
  • Cached or temporary artifacts are purged automatically.

You can revoke our access at any time through Google Account Permissions or the Google Admin Console.

8. Compliance With Google Policies

Our application complies with:

  • Google API Services User Data Policy
  • Limited Use Requirements
  • OAuth Verification Requirements
  • Applicable data protection laws (GDPR, CCPA if applicable)

We use Google user data only for the features described above.

9. Contact Information

For security concerns, data deletion requests, or compliance questions:

Bytemonk Private Limited
 Email: privacy@bytemonk.co
 Website: https://bytemonk.co