We take user privacy and security very seriously. This document provides an overview of our security policies and technology. We are happy to discuss any of these points in more detail with concerned customers.
Our product uses OAuth 2.0 for user authentication and authorization via Google Cloud Endpoints. We never have access to our users' Gmail passwords.
On first use of the Wizy.io product, our chrome extensions and Drive add-ons need users’ permission to run: users have to allow our chrome extensions, Drive add-ons and Google to use user's information in accordance with their respective terms of service and privacy policies.
For some features, we request access to user data on other services, including online and offline access to Google Contacts, Calendar, Drive and Gmail data. We treat these credentials as highly secure information, which we keep on users’ behalf. You may revoke these credentials at the issuer at any time, or we will destroy them when asked.
Access to Systems and Hosting
All interaction between Google Apps and our application occurs over a secure HTTPS connection. All web reports and account management activities are likewise performed over a secure HTTPS connection.
We host our systems on the Google Cloud Platform, and let you enjoy the same level of Security and Confidentiality as with Google Apps.
Technical Support, Incident Response
We monitor our systems permanently. Our team is notified as soon as problems are detected and the issues are immediately investigated.
Whenever a significant downtime happens we notify it via our Twitter.
We provide 24x5 support to every end user with an average first response time of 2 hours. Our Enterprise support offer includes Hangout and Phone support.
Data Collection & Confidentiality
When using Calendar & Contact synchronization, we collect IDs and modifications date to manage the synchronization.
To enable Email tracking features, we collect and store information about the inbound and outbound email activity of our users. We store a permanent copy of metadata (including header information and subject line) for outbound mail composed using Wizy, and for inbound replies to those messages.
We do not store any copies of the bodies of email messages.
Although our add-ons require access to Drive documents, we do not store the document content nor monitor the Drive activity. Only document Ids are kept in our database.
Access to user's account and all data associated with that account by Wizy.io employees is limited to an as-needed basis (e.g., to resolve customer issues, support). When such access is required, only personnel with a direct need will access the data, and such access will be limited as much as possible. Breach of this policy by a Wizy.io employee is a serious matter which can lead to contract termination as well as legal action.
When requested, we will destroy a user's account, removing all data associated with that account.
Although our browser extension requires certain permissions to run scripts, and may request access to other websites, we do not monitor any web browsing activities. Our extension does not access or modify user’s data on any other websites, beyond those needed by the Wizy.io application.
As customers use Wizy.io, our server collects telemetry data about the features being used. We use this data to generate reports, to assist us in debugging and customer service, and to update system status and capacity planning.
We use a leading cloud based payment gateway: Stripe for online sales and credit card payments. We do not see, store and never have access to user's’ credit card information.
Wizy.io does not rent, sell, trade or disclose users Personal Information to third parties.