Use of Google API Services
Google API Services Disclosure
Karbon uses Google’s Application Programming Interface (API) Services to enable the user authorization feature for accessing the Karbon platform (i.e. use of your gmail account to login to the Karbon platform), and Google email management integration feature within the Karbon platform (i.e. email feeds into your Karbon Triage Portal).
Types of Data Collected with Google API Services
In connection with the Google API services that we use for our platform, we integrate Google user authentication credentials into our platform to enable Google-based login to the platform, and we collect Google email data to provide email management within the Triage portal of our platform. The information collected and used with these API services may include confidential data (e.g. login credentials or sensitive information included within your emails) and personal data (e.g. personal information included within your emails).
“Confidential Data” means data that may contain sensitive or restricted information that should only be accessible to authorized personnel, including, for example, user login credentials or credit card information, or other sensitive information that should not be made public.
"Personal Data" means data that allows someone to identify or contact you, including, for example, your name, address, telephone number, e-mail address, as well as any other non-public information about you that is associated with or linked to any of the foregoing data. “Anonymous Data” means data that is not associated with or linked to your Personal Data. Anonymous Data does not, by itself, permit the identification of individual persons. We collect, use, and store Personal Data and Anonymous Data, as described within the practices below. To the extent that Anonymous Data is linked to your Personal Data, we will treat it as Personal Data.
Use of Google API Services Data
Your Google information is used by our system developers to provide or improve user-facing features that are prominent to your user experience. Karbon policies and procedures define requirements that prohibit the unauthorized use of data within the platform.
In order to perform improvement to the platform, developers may need to share your information with other development team members; however, Karbon policies require that this type of sharing only be performed when (a) necessary to provide or improve user-facing features that are prominent from the requesting app's user interface, (b) to comply with applicable laws, or (c) a part of a merger, acquisition or sale of assets of Karbon. All other transfers or sales of user data are completely prohibited.
Developers are never allowed to use or transfer restricted scope data to serve users advertisements. This includes personalized, re-targeted and interest-based advertising. Additionally, developers do not allow humans to read restricted scope user data. For example, a developer with access to a user's data will not have one of its employees read through a user's emails. There are four limited exceptions to this rule:
- The developer obtains a user's consent to read specific messages (for example, for tech support)
- It's necessary for security purposes (for example, investigating abuse)
- To comply with applicable laws, and
- The developer aggregates and anonymizes the data and only uses it for internal operations (for example, reporting aggregate statistics in an internal dashboard).
Securing Your Data
Karbon has established policies and procedures that define the appropriate safeguards for protecting your sensitive information. These safeguards include the implementation and use of security software, security processes, and a team of security professionals that manages and monitors the security of the Karbon IT network and your sensitive data.
We have recently completed a successful SOC 2 Type 1 examination that speaks to our efforts to maintain the security of our platform.