Google API Services User Data Policy Compliance
REMBRR INC. – Port Charlotte, Florida, USA.
Privacy and Compliance Office - privacy@rembrr.com

1. Compliance with Google API Services User Data Policy

This policy describes how REMBRR INC. access, use, store, and protect user data obtained through integrations with Google services using OAuth 2.0.

The text published in https://rembrr.com/politica-de-datos-google-api/ is exactly the same as the one shown on the OAuth consent screen.

REMBRR fully complies with:

• Google API Services User Data Policy
• Google Workspace Developer Policy
• OAuth Verification Requirements
• Brand Verification Requirements

Required for integrations with Gmail, Google Drive, Google Calendar, and other authorized Google Workspace services.

2. Accessed Data

With the user's explicit consent, REMBRR INC. can request the minimum required OAuth 2.0 scopes to provide synchronization and productivity functions between the user's Google account and the REMBRR platform.

The data categories accessed are strictly limited to:

Basic Profile
Name, email address, and profile picture.

This data is used solely for authentication and secure session management.

Google Drive
Allows viewing, creating, and updating files and metadata only within the REMBRR workspace that the user chooses to link.

Google Calendar
Allows reading and creating calendar sync events within the platform.

Gmail (metadata only)
Only limited metadata can be accessed, such as:

sender
recipient
subject
• message date or time

These metadata are used exclusively for User-requested notifications or automations.

REMBRR never reads, stores, or analyzes the content of messages or attachments.

Google Contacts (metadata only)

Name, email address, and phone number can only be accessed when the user decides to sync their contacts with REMBRR.

These data are used exclusively to facilitate User-requested communications or synchronizations within the platform.

Google Tasks / Google Keep (metadata only)

Can be accessed Task or note titles or timestamps when the user decides to integrate these functions.

REMBRR does not access, store, or analyze No other Google user data apart from that described above.

3. Data Usage

Data obtained through Google integrations are used solely for:

• authenticate the user and manage secure sessions
• synchronize Drive files, Calendar events, tasks, or notes within the user's workspace
• enable features explicitly requested by the user within the platform
• maintain service stability, integrity, and reliability

The data obtained from Google APIs never used for:

personalized advertising
Behavioral profiling
sale or resale of information
data mining for commercial purposes

4. Use of information obtained through Google OAuth

The information obtained through the services of Google Authentication and Authorization (Google OAuth) is used exclusively to allow the proper functioning of the functionalities available within the REMBRR platform.

Access to this information occurs only when the user explicitly authorizes integration during the authentication process.

Depending on the functions used within the app, REMBRR can access:

• Basic Google profile information
• limited email metadata
• Contact metadata
Calendar metadata or files

REMBRR does not access information other than that which the user explicitly authorizes during the OAuth consent process.

5. Data Sharing

REMBRR does not share Google user data with third parties, except in the following limited circumstances:

Infrastructure or authentication providers

Data may be processed by technology service providers who support the secure operation of the platform (e.g., cloud infrastructure or authentication services).

These providers are subject to Strict confidentiality and data protection agreements.

Legal compliance

The information may be disclosed when required by:

a court order
• an applicable legal obligation
• valid regulatory requirements

All data processing is carried out in strict compliance with Google API Services User Data Policy and the OAuth Limited Use Requirements.

6. Compliance with Google API Services User Data Policy and Limited Use

The use of information obtained through Google APIs complies with the requirements of the Google API Services User Data Policy, including the restrictions of Limited Use.

In particular, REMBRR commits to:

• Data obtained through Google APIs is used solely to provide functionalities that are visible and requested by the user within the platform
• Data is not used for personalized advertising or commercial profiling
The data is not sold or transferred to third parties for marketing purposes.
• data access is limited only to technical processes necessary for service operation

The data obtained through Google APIs they are not used to train artificial intelligence models or for analyses independent of the service requested by the user.

7. Storage and Protection

REMBRR implements multiple security mechanisms to protect information obtained through Google APIs.

The data is protected by:

encrypted in transit using TLS 1.3
• encrypted at rest using AES-256
• storage on secure servers located in United States

Additionally, extra security controls are implemented such as:

RBAC (Role-Based Access Control)
• multifactor authentication (MFA)
• audit logs
• account data isolation

REMBRR does not export Google data to external analytics or advertising systems.

8. Retention and Disposal

Data from Google integrations is retained only while the user keeps the connection active.

When the user disconnects the integration or requests deletion:

• OAuth tokens and associated information are revoked
• data is permanently deleted within a maximum of 30 days

Backup copies that may contain residual data are automatically deleted during the next maintenance cycle, which does not exceed 45 days.

The user can verify the deletion by writing to:

support@rembrr.com

or via the page:

/delete-data-request

9. User Control

The user can revoke REMBRR's access to their Google data at any time by visiting:

https://myaccount.google.com/permissions

You can also request:

• access to your data
Information portability
data deletion

contacting:

info@rembrr.com

or via the page:

user-data-rights

10. Transparency in Connection Flow

During login with Google or when connecting services such as Drive, Calendar, Gmail, Contacts, Tasks or Keep, the user sees the following notice:

“By signing in with Google or connecting a Google service, you agree to REMBRR's Privacy Policy and Terms of Use.”

The message includes links to:

/privacy-policy
Terms
user-data-rights

11. Compliance Commitments

REMBRR INC. certifies that:

• This policy is reviewed annually or when Google updates its API Services User Data Policy
security controls follow frameworks NIST SP 800-53 and ISO/IEC 27001
• all engineers with access to OAuth data receive privacy training and sign confidentiality agreements
• is maintained Data Protection Impact Assessment (DPIA) for Gmail, Drive, and Calendar scopes
• users are notified of any substantial changes at least 7 days before it comes into effect

Contact for Google Data Matters

Privacy and Compliance Office
privacy@rembrr.com

REMBRR INC.
23087 Langdon Avenue
Port Charlotte, FL 33954
United States

Last updated: March 7, 2026.