Privacy Policy for OGD Sync Authentication Service

Effective Date: September 15, 2025

Thank you for using OGD Sync Authentication Service. This Privacy Policy outlines how your information is handled when you use our OAuth authentication service for connecting Obsidian plugins to Google Drive. By using this service, you agree to the practices described in this policy.

1. What This Service Does

Our web service provides OAuth authentication for Obsidian plugins that need to connect to Google Drive. We:

• Exchange OAuth codes for access tokens: We temporarily process Google OAuth authorization codes to obtain access tokens
• Refresh access tokens: We help refresh expired access tokens using refresh tokens
• Enable CORS: We provide cross-origin resource sharing for Obsidian plugin compatibility

2. Information We Process (But Do Not Store)

We temporarily process the following information during authentication:

• OAuth Authorization Codes: Received from Google and immediately exchanged for tokens
• Access Tokens & Refresh Tokens: Passed through our service but not stored
• Request Data: IP addresses and User-Agent strings for security monitoring

3. Data We Do NOT Store

We do not store or have access to:

• Your Files: We never handle or store your Obsidian vault files
• Personal Information: We do not collect or store any personal data
• OAuth Tokens: All tokens are immediately passed to your Obsidian plugin
• Google Drive Content: We have no access to your Google Drive files

4. Data Security & Retention

We implement security measures to protect data during processing:

• Immediate Processing: All authentication data is processed and discarded immediately
• No Data Storage: We do not store any authentication tokens or personal data
• Security Logging: We log IP addresses and timestamps for security monitoring only
• HTTPS Encryption: All communications are encrypted in transit

5. Third-Party Services

This service integrates with Google OAuth 2.0 for authentication. Please refer to Google's Privacy Policy for information on how they handle your authentication data. We act only as an intermediary and do not store any data from Google.

6. User Control

You maintain complete control over your authentication:

• No Account Required: We do not create or maintain user accounts
• Revoke Access Anytime: You can revoke access through your Google Account settings
• No Data to Delete: Since we don't store data, there's nothing to delete

7. Security Monitoring

For security purposes, we log minimal information:

• IP Addresses: To detect and prevent abuse
• Request Timestamps: For security event correlation
• User-Agent Strings: To identify potentially malicious requests

This information is used solely for security monitoring and is not linked to personal identity.

8. Updates to Privacy Policy

We may update this Privacy Policy to reflect changes in our service or legal requirements. Updates will be posted on this page with a revised effective date.

9. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at bosong2@hanmail.net.

By using the OGD Sync Authentication Service, you acknowledge and agree to the terms outlined in this Privacy Policy. This service is designed to respect your privacy by processing authentication data without storing any personal information.