Inkaverse Privacy Policy

Privacy policy for apps that access Google APIs

Inkaverse maintains several web apps that make it easier to work with Google APIs from R:

The apps are governed by common policies recorded here. These apps use internal resources owned by the “inkaverse” project on Google Cloud Platform. That is the name you will see in a consent screen. Exception: gmailr does NOT use any resources owned by inkaverse Package, due to special requirements around Gmail and its scopes.

Your use of Google APIs with these apps are subject to each API’s respective terms of service. See https://developers.google.com/terms/.

Privacy

Google account and user data

Accessing user data

The applications access Google resources from your local machine or web. Your machine communicates directly with the Google APIs.

The inkaverse API Packages project never receives your data or the permission to access your data. The owners of the project can only see anonymous, aggregated information about usage of tokens obtained through its OAuth client, such as which APIs and endpoints are being used.

The package includes functions that you can execute in order to read or modify your own data. This can only happen after you provide a token, which requires that you authenticate yourself as a specific Google user and authorize these actions.

The package can help you get a token by guiding you through the OAuth flow in the browser. There you must consent to allow the inkaverse API Packages to operate on your behalf. The OAuth consent screen will describe the scope of what is being authorized, e.g., it will name the target API(s) and whether you are authorizing “read only” or “read and write” access.

There are two ways to use these apps without authorizing the inkaverse API Packages: bring your own service account token or configure the package to use an OAuth client of your choice.

Scopes

Overview of the scopes requested by various inkaverse API Packages and their rationale:

  • Sheets (read/write): The googlesheets4 package used in the apps allows you to manage your spreadsheets and therefore the default scopes include read/write access. The googlesheets4 package makes it possible for you to get a token with more limited scope, e.g. read only.

Sharing user data

The package only communicate with Google APIs. No user data is shared with the owners of the inkaverse API Package or any other servers.

Storing user data

The package may store your credentials on your local machine, for later reuse by you. Use caution when using these packages on a shared machine.

By default, an OAuth token is cached in a local file, such as ~/.R/gargle/gargle-oauth. See the documentation for gargle::gargle_options() and gargle::credentials_user_oauth2() for information on how to control the location of the token cache or suppress token caching, globally or at the individual token level.

Policies for authors of packages or other applications

Do not use an API key or client ID from the inkaverse API Packages in an external package or tool. Per the Google User Data Policy https://developers.google.com/terms/api-services-user-data-policy, your application must accurately represent itself when authenticating to Google API services.

If you use the inkaverse package inside another package or application that executes its own logic — as opposed to code in the inkaverse API Packages or by the user — you must communicate this clearly to the user. Do not use credentials from the inkaverse API Package; instead, use credentials associated with your project or your user.