|
| 1 | +--- |
| 2 | +title: "Google Cloud Grant Scopes" |
| 3 | +description: "What permissions am I granting to Dekart, and why are they necessary?" |
| 4 | +date: 2021-02-22T07:48:05+01:00 |
| 5 | +lastmod: 2021-02-22T07:48:05+01:00 |
| 6 | +draft: false |
| 7 | +menu: |
| 8 | + docs: |
| 9 | + parent: "usage" |
| 10 | +images: [] |
| 11 | +--- |
| 12 | + |
| 13 | +<p class="lead text-left jumbotron p-5">Dekart has been verified by Google’s Trust & Safety Team to be Compliant with <a href="https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specific_api_scopes">Google API Services User Data Policy</a> – a process <a href="https://developers.google.com/identity/protocols/oauth2/production-readiness/brand-verification">required</a> to approve our Google Authentication consent screen.</p> |
| 14 | + |
| 15 | +## What permissions is Dekart requesting, and why are they necessary? |
| 16 | + |
| 17 | +Dekart implements BigQuery passthrough authentication (OAuth 2.0 Token Pass-Through) and requests the following permissions: |
| 18 | + * `https://www.googleapis.com/auth/bigquery` this scope grants Dekart the ability to create BigQuery jobs and read query results. |
| 19 | + * `https://www.googleapis.com/auth/devstorage.read_write` this scope allows Dekart to store query result cache on your Google Cloud Storage bucket. |
| 20 | + |
| 21 | +Received short-lived tokens are stored in your browser's local storage. Dekart never stores tokens or query results in its backend. You can revoke token anytime by signing out of Dekart Cloud. |
| 22 | + |
| 23 | +You can analyze our codebase on [GitHub](https://github.com/dekart-xyz/dekart) or [Self-host](/self-hosted/) Dekart Cloud on your infrastructure. |
| 24 | + |
| 25 | +## Why Dekart is using .xyz domain? |
| 26 | + |
| 27 | +We chose `.xyz` domain as a reference to Cartesian (Descartes) coordinate system, where `x`, `y`, and `z` axes represent three dimensions. This domain is also used by organizations like Alphabet (Google’s parent company, hosted on abc.xyz) and others. |
| 28 | + |
| 29 | +Dekart XYZ is registered in Germany (see Dekart in [Germany Companies Registry](https://www.unternehmensregister.de/ureg/index.html;jsessionid=DA70A83D7BC84B9E249AC040755AD5D9.web04-1)), see [Impressum](https://dekart.xyz/legal/notice/) for more details. |
| 30 | + |
| 31 | +Dekart Cloud is hosted on Google Cloud Platform (GCP) in Frankfurt, Germany (europe-west3 region). |
| 32 | + |
| 33 | +## Does Dekart store my data or access sensitive company information? |
| 34 | + |
| 35 | +Dekart never stores tokens or query results in its backend. Query results are stored in your Google Cloud Storage bucket or in BigQuery temp result cache. Dekart Cloud backend stores BigQuery job IDs and query metadata, including query text, and map titles. |
| 36 | + |
| 37 | +## Can anyone at Dekart access my BigQuery datasets or Google Cloud Storage? |
| 38 | + |
| 39 | +No, nobody at Dekart can access your BigQuery datasets or Google Cloud Storage bucket. Short-lived tokens received from Google are stored in your browser's local storage and never stored on Dekart backend. Your BigQuery data is not stored or cached on Dekart backend. |
| 40 | + |
| 41 | +## Does using Dekart add extra costs to my cloud services? |
| 42 | + |
| 43 | +You are billed directly by Google Cloud for BigQuery queries you made via Dekart and storage costs for storing query results in your Google Cloud Storage bucket. You have full control over SQL queries and Dekart does not initiate any background jobs. There is no additional cost for using Dekart. |
| 44 | + |
| 45 | +## Will Dekart impact the performance of my BigQuery queries? |
| 46 | + |
| 47 | +Dekart does not modify or wrap your SQL queries and sends them as it is. |
| 48 | + |
| 49 | +## What support is available if I encounter issues with Dekart? |
| 50 | + |
| 51 | +If you have any questions or issues about Dekart Cloud, you can: |
| 52 | + |
| 53 | + * Schedule a call with us via [Calendly](https://calendly.com/vladi-dekart/30min) |
| 54 | + * Contact us in [Slack](https://slack.dekart.xyz/) |
| 55 | + |
| 56 | + |
| 57 | +<!-- If you have any questions or issues about Dekart Cloud, please contact us via email at [[email protected]](mailto:[email protected]) or via [Slack](https://slack.dekart.xyz/). --> |
| 58 | + |
| 59 | +## Read more |
| 60 | + |
| 61 | +👉 [Dekart Cloud Privacy Policy](/legal/privacy/) |
| 62 | + |
| 63 | +<!-- * **Passthrough Authentication**: Short-lived Google OAuth token is passed from your browser to Google APIs and never stored on Dekart Cloud backend. |
| 64 | +
|
| 65 | +* **No User Data Storage**: Query results are stored on Google Cloud Storage bucket provided by you. |
| 66 | +
|
| 67 | +* **Compliance Friendly**: We comply with [Google API Services User Data Policy](https://cloud.google.com/terms/services) and verified by Google's Trust & Safety team. --> |
| 68 | + |
| 69 | +<!-- ### What permissions am I granting to Dekart, and why are they necessary? |
| 70 | +
|
| 71 | +You are granting Dekart the following scopes: |
| 72 | + * `https://www.googleapis.com/auth/bigquery` this scope grants Dekart the ability to manage user data in Google BigQuery, encompassing actions like running queries, managing datasets, and configuring settings. |
| 73 | + * `https://www.googleapis.com/auth/devstorage.read_write` this scope allows Dekart to read and write user data in Google Cloud Storage, enabling it to manage files and potentially other data storage elements. |
| 74 | +
|
| 75 | +These permissions are necessary for Dekart to run queries and store results in your Google Cloud Storage bucket. |
| 76 | +
|
| 77 | +### How will my data be used and protected? |
| 78 | +
|
| 79 | +SQL queries and their results are stored in Google Cloud Storage bucket *provided by you!* We never store tokens or query results in the Dekart Cloud backend. Nobody at Dekart can access your BigQuery data or Google Cloud Storage bucket. |
| 80 | +
|
| 81 | +### Can I revoke Dekart's access if I change my mind? |
| 82 | +
|
| 83 | +Yes, you can revoke Dekart's access to your Google Cloud resources by signing out of Dekart Cloud. This will remove Dekart's access to your Google Cloud resources and prevent Dekart from running queries or storing results in your Google Cloud Storage bucket. |
| 84 | +
|
| 85 | +### Does Dekart comply with data protection regulations? |
| 86 | +
|
| 87 | +We are committed to upholding the principles of GDPR and ensuring that your data rights are respected. We also comply with [Google API Services User Data Policy](https://cloud.google.com/terms/services) and verified by Google's Trust & Safety team. |
| 88 | +
|
| 89 | +### What support is available if I have issues or questions about data access? |
| 90 | +
|
| 91 | +If you have any questions or issues about data access, please contact us via email at [[email protected]](mailto:[email protected]) or via [Slack](https://slack.dekart.xyz/). --> |
0 commit comments