Skip to Content


This Privacy Policy explains how we access, use, store, share, and delete user data obtained through Google account authorization. We only process Google user data within the scope of your explicit authorization and comply with the Google API Services User Data Policy and related terms.


## 1. Accessed Data


We only access Google user data within the scope of user authorization. Based on the current application authorization scenarios, this may include:


1. Basic identity information: Google account unique identifier, name, email address, avatar, language information.

2. Login authentication information: OAuth authorization tokens, token expiration time, refresh tokens (if returned by the authorization process).

3. Business data actively triggered by the user within the scope of authorization (such as future additions of Google API functions, limited to the explicit authorization scope).


We will not access unauthorized data, nor will we collect Google user data bypassing the authorization mechanism in any way.


## 2. Data Use


Google user data is used only for the following purposes:


1. User identity verification and login (e.g., account login, session establishment, security risk control).

2. Providing product features and services actively requested by the user.

3. Ensuring service security and troubleshooting (e.g., fraud prevention, anti-abuse, error log localization).

4. Fulfilling legal and regulatory requirements.


We will not sell Google user data to any third party.


## 3. Data Sharing


We only share Google user data in the following necessary scenarios:


1. **Cloud infrastructure and security service providers**: Solely for the purposes of hosting, encryption, monitoring, backup, etc., processed based on the principle of minimum necessity.

2. **Statutory requirements**: Disclosed under the legal and regulatory requirements, judicial orders, or lawful requests from regulatory authorities.

3. **With explicit user consent**: Shared in scenarios explicitly authorized or directed by the user.


Except for the situations mentioned above, we will not share Google user data with irrelevant third parties.


## 4. Storage & Protection


We employ industry-standard security measures to protect user data, including but not limited to:


1. Transmission encryption (HTTPS/TLS).

2. Storage encryption and access control (least privilege, role isolation).

3. Log auditing, anomaly detection, and access tracking.

4. Regular security updates and vulnerability remediation.


## 5. Retention & Deletion


1. We only retain Google user data for the period necessary to fulfill our business purposes.

2. After a user cancels their account, revokes authorization, or submits a deletion request, we will delete or anonymize the relevant data within a reasonable period (unless otherwise required by laws and regulations).

3. Users can request data deletion through the following method:

- Send an email to: support-it@xthings.com

- Suggested email subject: `Data Deletion Request`, and attach the account email address and necessary identity information.


## 6. User Rights


Users may exercise their rights to access, correct, delete, and withdraw authorization in accordance with the law. After revoking Google authorization, we will stop processing data based on that authorization (except for content required to be retained by laws and regulations).


## 7. AI/ML Usage Instructions


Unless we obtain separate and explicit consent from the user, we will not use user data obtained through the Google Workspace API to train, fine-tune, or improve any generalized AI/ML models.


## 8. Policy Updates


If there are material changes to this policy, we will notify users through an in-site announcement or other reasonable means and update the effective date.


## 9. Contact Us


If you have any questions about this policy, please contact us at: support-it@xthings.com