Merge pull request #26 from dekart-xyz/cloud-security-faq

Cloud security FAQ

Author: delfrrr

Diff for: config/_default/menus.toml

@@ -16,6 +16,12 @@
   identifier = "configuration"
   url = "/docs/configuration/"
 
+[[docs]]
+  name = "Dekart Cloud"
+  weight = 3
+  identifier = "cloud"
+  url = "/docs/cloud/"
+
 [[docs]]
   name = "About"
   weight = 1

Diff for: config/_default/params.toml

@@ -3,7 +3,7 @@
 ## Homepage
 title = "Dekart"
 titleSeparator = "-"
-titleAddition = "Maps for your Data Platform"
+titleAddition = "Advanced WebGL Geospatial Analytics"
 description = "Open-source WebGL-powered map visualization and spatial analytics for modern data warehouses."
 
 ## Open Graph + Twitter Cards

Diff for: content/_index.md

@@ -1,5 +1,5 @@
 ---
-title : "Maps for your Data Platform."
+title : "Advanced WebGL Geospatial Analytics"
 description: "Open-source WebGL-powered map visualization and spatial analytics for modern data warehouses."
 lead: "Open-source, lightweight alternative to CARTO and Foursquare Studio for data scientists, analysts and engineers."
 date: 2020-10-06T08:47:36+00:00

Diff for: content/docs/cloud/cloud-security-faq.md

@@ -0,0 +1,43 @@
+---
+title: "Security Considerations"
+description: "Why Dekart Cloud is Secure"
+date: 2021-02-22T07:48:05+01:00
+lastmod: 2021-02-22T07:48:05+01:00
+draft: false
+menu:
+  docs:
+    parent: "cloud"
+images: []
+---
+
+<p class="lead text-left"><a href="/">Dekart Cloud</a> is designed to make your cybersecurity and legal teams happy. We achieve it by never storing tokens, and query results in Dekart Cloud backend.</p>
+
+<!-- * **Passthrough Authentication**: Short-lived Google OAuth token is passed from your browser to Google APIs and never stored on Dekart Cloud backend.
+
+* **No User Data Storage**: Query results are stored on Google Cloud Storage bucket provided by you.
+
+* **Compliance Friendly**: We comply with [Google API Services User Data Policy](https://cloud.google.com/terms/services) and verified by Google's Trust & Safety team. -->
+
+### What permissions am I granting to Dekart, and why are they necessary?
+
+You are granting Dekart the following scopes:
+ * `https://www.googleapis.com/auth/bigquery` this scope grants Dekart the ability to manage user data in Google BigQuery, encompassing actions like running queries, managing datasets, and configuring settings.
+ * `https://www.googleapis.com/auth/devstorage.read_write` this scope allows Dekart to read and write user data in Google Cloud Storage, enabling it to manage files and potentially other data storage elements.
+
+These permissions are necessary for Dekart to run queries and store results in your Google Cloud Storage bucket.
+
+### How will my data be used and protected?
+
+SQL queries and their results are stored in Google Cloud Storage bucket *provided by you!* We never store tokens, and query results in Dekart Cloud backend. Nobody at Dekart can access your BigQuery data or Google Cloud Storage bucket.
+
+### Can I revoke Dekart's access if I change my mind?
+
+Yes, you can revoke Dekart's access to your Google Cloud resources by signing out of Dekart Cloud. This will remove Dekart's access to your Google Cloud resources and prevent Dekart from running queries or storing results in your Google Cloud Storage bucket.
+
+### Does Dekart comply with data protection regulations?
+
+We are committed to upholding the principles of GDPR and ensuring that your data rights are respected. We also comply with [Google API Services User Data Policy](https://cloud.google.com/terms/services) and verified by Google's Trust & Safety team.
+
+### What support is available if I have issues or questions about data access?
+
+If you have any questions or issues about data access, please contact us via email at [[email protected]](mailto:[email protected]) or via [Slack](https://slack.dekart.xyz/).

Diff for: content/legal/privacy.md

@@ -9,27 +9,42 @@ images: []
 
 # Dekart Cloud Privacy Policy
 
-Effective Date: 2024-02-21
+Effective Date: 2024-03-10
 
-Welcome to Dekart Cloud. This Privacy Policy describes how Dekart XYZ UG (haftungsbeschränkt) ("Dekart Cloud," "we," "us," or "our") collects, uses, and shares information about you through our digital platforms and services. By accessing or using our services, you agree to the collection and use of information in accordance with this policy.
+This Privacy Policy outlines how Dekart XYZ UG (haftungsbeschränkt) (“Dekart Cloud,” “we,” “us,” or “our”) manages your data in compliance with the General Data Protection Regulation (GDPR) and other relevant laws. By accessing or using our services, you acknowledge that you have read this policy and understand your rights.
 
 
-## Compliance with Google API Services User Data Policy
+## Information We Collect and Process
 
-Our application's use and transfer to any other application of information received from Google APIs comply with the [Google API Services User Data Policy](https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specific_api_scopes), including the Limited Use requirements. We ensure that the handling of data received through Google APIs is done with the utmost care and respect for your privacy and data security.
+Personal Information: We collect your email address solely for authorization, communication, and service delivery purposes. The lawful basis for processing this data is to fulfill our contractual obligations to you.
+Metadata: We gather metadata such as report names, data warehouse usage, and map configurations to enhance our services. This data is processed on the basis of legitimate interests in improving and personalizing our offerings.
+
+Nobody at Dekart Cloud has access to your data and results of your queries.
 
-## Information We Collect
+Payment Information: Payments are processed by our third-party provider, Stripe. We do not store payment details.
+Your Data Protection Rights
 
-Personal Information: We collect your email address for authorization purposes and to communicate with you. We also collect metadata about the reports, data warehouse jobs (like id, bites processed), and map configurations and report names you create, including the names of the data warehouses used and bucket names. We do not store SQL queries, data caches, or access tokens.
+You have the right to access, rectify, erase, and port your data, and to restrict or object to its processing. You can withdraw consent at any time, where applicable. To exercise these rights, please contact us at [email protected].
 
-Nobody at Dekart Cloud has access to your data or warehouse credentials.
+### Compliance with Google API Services User Data Policy
 
-Payment Information: Payment processing is handled by our third-party service provider, Stripe. We do not store your payment data.
+Our application's use and transfer to any other application of information received from Google APIs comply with the [Google API Services User Data Policy](https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specific_api_scopes), including the Limited Use requirements. We ensure that the handling of data received through Google APIs is done with the utmost care and respect for your privacy and data security.
 
-## How We Collect Information
+### How We Collect Information
 
 We collect information directly from you when you sign up via Google OAuth and when you use our services. Metadata is automatically generated by our backend systems hosted on Google Cloud and stored in a Cloud SQL database.
 
+
+## Security Measures
+
+We employ robust security practices to protect your data, including encryption and restricted access. We commit to notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
+
+Our infrastructure implements state-of-the-art security practices, including network security, credential storage, and two-factor authentication for data access.
+
+## Data Sharing and Transfers
+
+Your data is hosted within the EU and is not transferred internationally without adequate protections. We use third-party services that comply with GDPR and provide necessary safeguards.
+
 ## Use of Your Information
 
 Your information is used to provide our services, communicate with you, and for marketing purposes. We strive to improve our offerings based on the data we collect.
@@ -38,40 +53,23 @@ Your information is used to provide our services, communicate with you, and for
 
 Access to your information is limited to Dekart XYZ shareholders. We may share your information with third parties in compliance with legal obligations or to provide you with our services.
 
-## Protection of Your Information
+## Retention of Data
 
-We prioritize the security of your data. Our infrastructure on Google Cloud implements state-of-the-art security practices, including network security, credential storage, and two-factor authentication for data access.
-
-## Your Rights
-
-You have the right to access, correct, or request the deletion of your personal data. To exercise these rights, please contact us at [email protected]. We adhere to standard GDPR rights regarding personal data.
+Data is kept for as long as necessary to provide our services, and is securely deleted after one year of inactivity or upon your request, whichever comes first.
 
 ## Cookies and Tracking Technologies
 
 Dekart Cloud does not use cookies or similar tracking technologies.
 
-## Data Retention
-
-Your information is retained for as long as necessary to provide our services. After the termination of services, data is deleted after one year or upon your request.
-
 ## Changes to This Privacy Policy
 
 We reserve the right to update our Privacy Policy. Updates will be published on our website at this URL.
 
-## Contact Information
-
-For privacy-related inquiries, please contact [email protected].
-
-## International Data Compliance
-
-Dekart Cloud complies with international data protection laws, including GDPR and CCPA, as applicable to our operations as a Germany-based company.
-
-## International Data Transfer
+## Commitment to Compliance
 
-Data is hosted in the EU/Frankfurt. We use third-party services like Mailchimp, Gmail, and Slack for communication, ensuring compliance with international data protection standards.
+We are committed to upholding the principles of GDPR and ensuring that your data rights are respected.
 
-## Third-Party Services
+## Contact Us
 
-We integrate services such as Plausible Analytics and Google OAuth, which adhere to privacy standards affecting user data.
+For any questions about this policy or our privacy practices, contact our Data Protection Officer at [email protected].
 
-This Privacy Policy provides a comprehensive overview of our data practices. For more detailed information or if you have questions, please contact us directly.

Diff for: layouts/index.html

@@ -12,7 +12,7 @@
         -moz-text-fill-color: transparent;
     ">{{ .Title }}</h1>
     </div>
-    <div class="col-lg-9 col-xl-8 text-center">
+    <div class="col-lg-9 col-xl-9 text-center">
       <p class="lead">{{ .Params.lead | safeHTML }}</p>
     </div>
     <!-- <div class="center-block"><img class="mw-100" src="/images/screen.png" alt="Dekart Screenshot: Visualizing Chicago Crime Dataset Hosted on BigQuery"/></div> -->
@@ -60,7 +60,7 @@
   <div class="container">
     <div class="row justify-content-center">
       <div class="col-md-12 col-lg-10 col-xl-8">
-        <h2 class="mt-3 text-center">What's New?</h2>
+        <h2 class="mt-3 text-center">Blog</h2>
         {{ range (where .Site.RegularPages.ByDate "Section" "blog" ) -}}
         <div class="card">
           <div class="card-body">
@@ -113,19 +113,18 @@ <h2 class="h3 mt-0 mb-5 text-center">Connectors</h2>
 </section>
 <section class="section section-sm">
   <div class="container">
-    <div class="row justify-content-center text-center">
+    <div class="row justify-content-center text-left">
       <div class="col-lg-5">
-        <h2 class="h4">GPU accelerated</h2>
-        <p>State-of-the art WebGL-powered map visualizations and spatial analysis based on deck.gl</p>
+        <h2 class="h4">Raw data insights</h2>
+        <p>With WebGL rendering and advanced caching you don't need to worry much about data sampling and aggregation.</p>
       </div>
       <div class="col-lg-5">
-        <h2 class="h4">For large query results</h2>
-        <p>Tested at 100Mb and 1M rows.
-          Efficient query result caching on Amazon S3 or Google Cloud Storage.</p>
+        <h2 class="h4">Never talk to sales</h2>
+        <p><a href="/docs/">Self-hosted</a> or <a href="/cloud/">Cloud</a>, you can start your analysis today without waiting and talking.</p>
       </div>
       <div class="col-lg-5">
-        <h2 class="h4">SQL, CSV, GeoJSON</h2>
-        <p>Side-by-side SQL editor and support for CSV and GeoJSON file uploads.</p>
+        <h2 class="h4">Live collaboration</h2>
+        <p>Easy to share Dekart maps updated live when multiple users are working together.</p>
       </div>
     </div>
   </div>

Diff for: layouts/partials/main/blog-meta.html

@@ -1 +1,2 @@
-<p><small>Posted {{ .PublishDate.Format "January 2, 2006" }} by {{ if .Params.contributors -}}{{ range $index, $contributor := .Params.contributors }}{{ if gt $index 0 }} and {{ end }}<a class="stretched-link position-relative" href="{{ "/contributors/" | absURL }}{{ . | urlize }}/">{{ . }}</a>{{ end -}}{{ end -}}&nbsp;&hyphen;&nbsp;<strong>{{ .ReadingTime -}}&nbsp;min read</strong></small><p>
+<!-- <p><small>Posted {{ .PublishDate.Format "January 2, 2006" }} by {{ if .Params.contributors -}}{{ range $index, $contributor := .Params.contributors }}{{ if gt $index 0 }} and {{ end }}<a class="stretched-link position-relative" href="{{ "/contributors/" | absURL }}{{ . | urlize }}/">{{ . }}</a>{{ end -}}{{ end -}}&nbsp;&hyphen;&nbsp;<strong>{{ .ReadingTime -}}&nbsp;min read</strong></small><p> -->
+<p><small>by {{ if .Params.contributors -}}{{ range $index, $contributor := .Params.contributors }}{{ if gt $index 0 }} and {{ end }}<a class="stretched-link position-relative" href="{{ "/contributors/" | absURL }}{{ . | urlize }}/">{{ . }}</a>{{ end -}}{{ end -}}&nbsp;&hyphen;&nbsp;<strong>{{ .ReadingTime -}}&nbsp;min read</strong></small><p>