Legal Notice
Google’s Terms Of Use
Snobs Custom Cycles is required by the use of Googles Maps & Google Login to inform you of the following. By reading this notice you have been so informed!
Google’s Statement of Use
[Google Maps Platform API] Terms of Service requires websites and applications using any Google Maps Platform APIs to have a Terms of Use.
The Terms of Use:
(1) must be publicly available,
and
(2) you must explicitly state in your Terms of Use that by using your application, users are bound by Google’s Terms of Service.
Google APIs Terms of Service
Last modified: November 9, 2021 (see previous version)
Thank you for using Google’s APIs, other developer services, and associated software (collectively, “APIs”). By accessing or using our APIs, you are agreeing to the terms below. If there is a conflict between these terms and additional terms applicable to a given API, the additional terms will control for that conflict. Collectively, we refer to the terms below, any additional terms, terms within the accompanying API documentation, and any applicable policies and guidelines as the “Terms.” You agree to comply with the Terms and that the Terms control your relationship with us. So please read all the Terms carefully. If you use the APIs as an interface to, or in conjunction with other Google products or services, then the terms for those other products or services also apply.
Under the Terms, “Google” means Google LLC, with offices at 1600 Amphitheatre Parkway, Mountain View, California 94043, United States, unless set forth otherwise in additional terms applicable for a given API. We may refer to “Google” as “we”, “our”, or “us” in the Terms.
Section 1: Account and Registration
Accepting the Terms
You may not use the APIs and may not accept the Terms if (a) you are not of legal age to form a binding contract with Google, or (b) you are a person barred from using or receiving the APIs under the applicable laws of the United States or other countries including the country in which you are resident or from which you use the APIs.
EntityLevelAcceptance
If you are using the APIs on behalf of an entity, you represent and warrant that you have authority to bind that entity to the Terms and by accepting the Terms, you are doing so on behalf of that entity (and all references to “you” in the Terms refer to that entity).
Registration
In order to access certain APIs you may be required to provide certain information (such as identification or contact details) as part of the registration process for the APIs, or as part of your continued use of the APIs. Any registration information you give to Google will always be accurate and up to date and you’ll inform us promptly of any updates.
Subsidiaries and Affiliates
Google has subsidiaries and affiliated legal entities around the world. These companies may provide the APIs to you on behalf of Google and the Terms will also govern your relationship with these companies.
Section 2: Using Our APIs
Your End Users
You will require your end users to comply with (and not knowingly enable them to violate) applicable law, regulation, and the Terms.
Compliance with Law, Third Party Rights, and Other Google Terms of Service
You will comply with all applicable law, regulation, and third party rights (including without limitation laws regarding the import or export of data or software, privacy, and local laws). You will not use the APIs to encourage or promote illegal activity or violation of third party rights. You will not violate any other terms of service with Google (or its affiliates).
Permitted Access
You will only access (or attempt to access) an API by the means described in the documentation of that API. If Google assigns you developer credentials (e.g. client IDs), you must use them with the applicable APIs. You will not misrepresent or mask either your identity or your API Client’s identity when using the APIs or developer accounts.
API Limitations
Google sets and enforces limits on your use of the APIs (e.g. limiting the number of API requests that you may make or the number of users you may serve), in our sole discretion. You agree to, and will not attempt to circumvent, such limitations documented with each API. If you would like to use any API beyond these limits, you must obtain Google’s express consent (and Google may decline such request or condition acceptance on your agreement to additional terms and/or charges for that use). To seek such approval, contact the relevant Google API team for information (e.g. by using the Google developers console).
Open Source Software
Some of the software required by or included in our APIs may be offered under an open source license. Open source software licenses constitute separate written agreements. For certain APIs, open source software is listed in the documentation. To the limited extent the open source software license expressly supersedes the Terms, the open source license instead sets forth your agreement with Google for the applicable open source software.
Communication with Google
We may send you certain communications in connection with your use of the APIs. Please review the applicable API documentation for information about opting out of certain types of communication.
Feedback
If you provide feedback or suggestions about our APIs, then we (and those we allow) may use such information without obligation to you.
Non-Exclusivity
The Terms are non-exclusive. You acknowledge that Google may develop products or services that may compete with the API Clients or any other products or services.
Google Controller-Controller Data Protection Terms
To the extent required by data protection laws applicable to the parties’ processing of personal data under these Terms, the parties agree to the Google Controller-Controller Data Protection Terms.
Section 3: Your API Clients
API Clients and Monitoring
The APIs are designed to help you enhance your websites and applications (“API Client(s)”). YOU AGREE THAT GOOGLE MAY MONITOR USE OF THE APIS TO ENSURE QUALITY, IMPROVE GOOGLE PRODUCTS AND SERVICES, AND VERIFY YOUR COMPLIANCE WITH THE TERMS. This monitoring may include Google accessing and using your API Client, for example to identify security issues that could affect Google or its users. You will not interfere with this monitoring. Google may use any technical means to overcome such interference. Google may suspend access to the APIs by you or your API Client without notice if we reasonably believe that you are in violation of the Terms.
Security
You will use commercially reasonable efforts to protect user information collected by your API Client, including personal data, from unauthorized access or use and will promptly report to your users any unauthorized access or use of such information to the extent required by applicable law.
Ownership
Google does not acquire ownership in your API Clients, and by using our APIs, you do not acquire ownership of any rights in our APIs or the content that is accessed through our APIs.
User Privacy and API Clients
You will comply with (1) all applicable privacy laws and regulations including those applying to personal data and (2) the Google API Services User Data Policy, which governs your use of the APIs when you request access to Google user information. You will provide and adhere to a privacy policy for your API Client that clearly and accurately describes to users of your API Client what user information you collect and how you use and share such information (including for advertising) with Google and third parties.
Section 4: Prohibitions and Confidentiality
API Prohibitions
When using the APIs, you may not (or allow those acting on your behalf to):
- Sublicense an API for use by a third party. Consequently, you will not create an API Client that functions substantially the same as the APIs and offer it for use by third parties.
- Perform an action with the intent of introducing to Google products and services any viruses, worms, defects, Trojan horses, malware, or any items of a destructive nature.
- Defame, abuse, harass, stalk, or threaten others.
- Interfere with or disrupt the APIs or the servers or networks providing the APIs.
- Promote or facilitate unlawful online gambling or disruptive commercial messages or advertisements.
- Reverse engineer or attempt to extract the source code from any API or any related software, except to the extent that this restriction is expressly prohibited by applicable law.
- Use the APIs for any activities where the use or failure of the APIs could lead to death, personal injury, or environmental damage (such as the operation of nuclear facilities, air traffic control, or life support systems).
- Use the APIs to process or store any data that is subject to the International Traffic in Arms Regulations maintained by the U.S. Department of State.
- Remove, obscure, or alter any Google terms of service or any links to or notices of those terms.
Unless otherwise specified in writing by Google, Google does not intend use of the APIs to create obligations under the Health Insurance Portability and Accountability Act, as amended (“HIPAA”), and makes no representations that the APIs satisfy HIPAA requirements. If you are (or become) a “covered entity” or “business associate” as defined in HIPAA, you will not use the APIs for any purpose or in any manner involving transmitting protected health information to Google unless you have received prior written consent to such use from Google.
- Confidential Matters
- Developer credentials (such as passwords, keys, and client IDs) are intended to be used by you and identify your API Client. You will keep your credentials confidential and make reasonable efforts to prevent and discourage other API Clients from using your credentials. Developer credentials may not be embedded in open source projects.
- Our communications to you and our APIs may contain Google confidential information. Google confidential information includes any materials, communications, and information that are marked confidential or that would normally be considered confidential under the circumstances. If you receive any such information, then you will not disclose it to any third party without Google’s prior written consent. Google confidential information does not include information that you independently developed, that was rightfully given to you by a third party without confidentiality obligation, or that becomes public through no fault of your own. You may disclose Google confidential information when compelled to do so by law if you provide us reasonable prior notice, unless a court orders that we not receive notice.
Section 5: Content
Content Accessible Through our APIs
Our APIs contain some third party content (such as text, images, videos, audio, or software). This content is the sole responsibility of the person that makes it available. We may sometimes review content to determine whether it is illegal or violates our policies or the Terms, and we may remove or refuse to display content. Finally, content accessible through our APIs may be subject to intellectual property rights, and, if so, you may not use it unless you are licensed to do so by the owner of that content or are otherwise permitted by law. Your access to the content provided by the API may be restricted, limited, or filtered in accordance with applicable law, regulation, and policy.
Submission of Content
Some of our APIs allow the submission of content. Google does not acquire any ownership of any intellectual property rights in the content that you submit to our APIs through your API Client, except as expressly provided in the Terms. For the sole purpose of enabling Google to provide, secure, and improve the APIs (and the related service(s)) and only in accordance with the applicable Google privacy policies, you give Google a perpetual, irrevocable, worldwide, sublicensable, royalty-free, and non-exclusive license to Use content submitted, posted, or displayed to or from the APIs through your API Client. “Use” means use, host, store, modify, communicate, and publish. Before you submit content to our APIs through your API Client, you will ensure that you have the necessary rights (including the necessary rights from your end users) to grant us the license.
Retrieval of content
When a user’s non-public content is obtained through the APIs, you may not expose that content to other users or to third parties without explicit opt-in consent from that user.
Data Portability
Google supports data portability. For as long as you use or store any user data that you obtained through the APIs, you agree to enable your users to export their equivalent data to other services or applications of their choice in a way that’s substantially as fast and easy as exporting such data from Google products and services, subject to applicable laws, and you agree that you will not make that data available to third parties who do not also abide by this obligation.
Prohibitions on Content
Unless expressly permitted by the content owner or by applicable law, you will not, and will not permit your end users or others acting on your behalf to, do the following with content returned from the APIs:
- Scrape, build databases, or otherwise create permanent copies of such content, or keep cached copies longer than permitted by the cache header;
- Copy, translate, modify, create a derivative work of, sell, lease, lend, convey, distribute, publicly display, or sublicense to any third party;
- Misrepresent the source or ownership; or
- Remove, obscure, or alter any copyright, trademark, or other proprietary rights notices; or falsify or delete any author attributions, legal notices, or other labels of the origin or source of material.
Section 6: Brand Features; Attribution
Brand Features
“Brand Features” is defined as the trade names, trademarks, service marks, logos, domain names, and other distinctive brand features of each party. Except where expressly stated, the Terms do not grant either party any right, title, or interest in or to the other party’s Brand Features. All use by you of Google’s Brand Features (including any goodwill associated therewith) will inure to the benefit of Google.
Attribution
You agree to display any attribution(s) required by Google as described in the documentation for the API. Google hereby grants to you a non-transferable, non-sublicensable, nonexclusive license while the Terms are in effect to display Google’s Brand Features for the purpose of promoting or advertising that you use the APIs. You must only use the Google Brand Features in accordance with the Terms and for the purpose of fulfilling your obligations under this Section. In using Google’s Brand Features, you must follow the Google Brand Features Use Guidelines. You understand and agree that Google has the sole discretion to determine whether your attribution(s) and use of Google’s Brand Features are in accordance with the above requirements and guidelines.
Publicity
You will not make any statement regarding your use of an API which suggests partnership with, sponsorship by, or endorsement by Google without Google’s prior written approval.
Promotional and Marketing Use
In the course of promoting, marketing, or demonstrating the APIs you are using and the associated Google products, Google may produce and distribute incidental depictions, including screenshots, video, or other content from your API Client, and may use your company or product name. You grant us all necessary rights for the above purposes.
Section 7: Privacy and Copyright Protection
Google Privacy Policies
By using our APIs, Google may use submitted information in accordance with our privacy policies.
Google DMCA Policy
We provide information to help copyright holders manage their intellectual property online, but we can’t determine whether something is being used legally or not without their input. We respond to notices of alleged copyright infringement and terminate accounts of repeat infringers according to the process set out in the U.S. Digital Millennium Copyright Act. If you think somebody is violating your copyrights and want to notify us, you can find information about submitting notices and Google’s policy about responding to notices in our Help Center.
Section 8: Termination
Termination
You may stop using our APIs at any time with or without notice. Further, if you want to terminate the Terms, you must provide Google with prior written notice and upon termination, cease your use of the applicable APIs. Google reserves the right to terminate the Terms with you or discontinue the APIs or any portion or feature or your access thereto for any reason and at any time without liability or other obligation to you.
Your Obligations Post-Termination
Upon any termination of the Terms or discontinuation of your access to an API, you will immediately stop using the API, cease all use of the Google Brand Features, and delete any cached or stored content that was permitted by the cache header under Section 5. Google may independently communicate with any account owner whose account(s) are associated with your API Client and developer credentials to provide notice of the termination of your right to use an API.
Surviving Provisions
When the Terms come to an end, those terms that by their nature are intended to continue indefinitely will continue to apply, including but not limited to: Sections 4b, 5, 8, 9, and 10.
Section 9: Liability for our APIs
WARRANTIES
EXCEPT AS EXPRESSLY SET OUT IN THE TERMS, NEITHER GOOGLE NOR ITS SUPPLIERS OR DISTRIBUTORS MAKE ANY SPECIFIC PROMISES ABOUT THE APIS. FOR EXAMPLE, WE DON’T MAKE ANY COMMITMENTS ABOUT THE CONTENT ACCESSED THROUGH THE APIS, THE SPECIFIC FUNCTIONS OF THE APIS, OR THEIR RELIABILITY, AVAILABILITY, OR ABILITY TO MEET YOUR NEEDS. WE PROVIDE THE APIS “AS IS”.
SOME JURISDICTIONS PROVIDE FOR CERTAIN WARRANTIES, LIKE THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. EXCEPT AS EXPRESSLY PROVIDED FOR IN THE TERMS, TO THE EXTENT PERMITTED BY LAW, WE EXCLUDE ALL WARRANTIES, GUARANTEES, CONDITIONS, REPRESENTATIONS, AND UNDERTAKINGS.
LIMITATION OF LIABILITY
WHEN PERMITTED BY LAW, GOOGLE, AND GOOGLE’S SUPPLIERS AND DISTRIBUTORS, WILL NOT BE RESPONSIBLE FOR LOST PROFITS, REVENUES, OR DATA; FINANCIAL LOSSES; OR INDIRECT, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES.
TO THE EXTENT PERMITTED BY LAW, THE TOTAL LIABILITY OF GOOGLE, AND ITS SUPPLIERS AND DISTRIBUTORS, FOR ANY CLAIM UNDER THE TERMS, INCLUDING FOR ANY IMPLIED WARRANTIES, IS LIMITED TO THE AMOUNT YOU PAID US TO USE THE APPLICABLE APIS (OR, IF WE CHOOSE, TO SUPPLYING YOU THE APIS AGAIN) DURING THE SIX MONTHS PRIOR TO THE EVENT GIVING RISE TO THE LIABILITY.
IN ALL CASES, GOOGLE, AND ITS SUPPLIERS AND DISTRIBUTORS, WILL NOT BE LIABLE FOR ANY EXPENSE, LOSS, OR DAMAGE THAT IS NOT REASONABLY FORESEEABLE.
Indemnification
Unless prohibited by applicable law, if you are a business, you will defend and indemnify Google, and its affiliates, directors, officers, employees, and users, against all liabilities, damages, losses, costs, fees (including legal fees), and expenses relating to any allegation or third-party legal proceeding to the extent arising from:
- your misuse or your end user’s misuse of the APIs;
- your violation or your end user’s violation of the Terms; or
- any content or data routed into or used with the APIs by you, those acting on your behalf, or your end users.
Section 10: General Provisions
Modification
We may modify the Terms or any portion to, for example, reflect changes to the law or changes to our APIs. You should look at the Terms regularly. We’ll post notice of modifications to the Terms within the documentation of each applicable API, to this website, and/or in the Google developers console. Changes will not apply retroactively and will become effective no sooner than 30 days after they are posted. But changes addressing new functions for an API or changes made for legal reasons will be effective immediately. If you do not agree to the modified Terms for an API, you should discontinue your use of that API. Your continued use of the API constitutes your acceptance of the modified Terms.
U.S. Federal Agency Entities
The APIs were developed solely at private expense and are commercial computer software and related documentation within the meaning of the applicable U.S. Federal Acquisition Regulation and agency supplements thereto.
General Legal Terms
We each agree to contract in the English language. If we provide a translation of the Terms, we do so for your convenience only and the English Terms will solely govern our relationship. The Terms do not create any third party beneficiary rights or any agency, partnership, or joint venture. Nothing in the Terms will limit either party’s ability to seek injunctive relief. We are not liable for failure or delay in performance to the extent caused by circumstances beyond our reasonable control. If you do not comply with the Terms, and Google does not take action right away, this does not mean that Google is giving up any rights that it may have (such as taking action in the future). If it turns out that a particular term is not enforceable, this will not affect any other terms. The Terms are the entire agreement between you and Google relating to its subject and supersede any prior or contemporaneous agreements on that subject. For information about how to contact Google, please visit our contact page.
Except as set forth below: (i) the laws of California, U.S.A., excluding California’s conflict of laws rules, will apply to any disputes arising out of or related to the Terms or the APIs and (ii) ALL CLAIMS ARISING OUT OF OR RELATING TO THE TERMS OR THE APIS WILL BE LITIGATED EXCLUSIVELY IN THE FEDERAL OR STATE COURTS OF SANTA CLARA COUNTY, CALIFORNIA, USA, AND YOU AND GOOGLE CONSENT TO PERSONAL JURISDICTION IN THOSE COURTS.
If you are accepting the Terms on behalf of a United States federal government entity, then the following applies instead of the paragraph above: the laws of the United States of America, excluding its conflict of laws rules, will apply to any disputes arising out of or related to the Terms or the APIs. Solely to the extent permitted by United States Federal law: (i) the laws of the State of California (excluding California’s conflict of laws rules) will apply in the absence of applicable federal law; and (ii) FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THE TERMS OR THE APIS, THE PARTIES CONSENT TO PERSONAL JURISDICTION IN, AND THE EXCLUSIVE VENUE OF, THE COURTS IN SANTA CLARA COUNTY, CALIFORNIA.
If you are accepting the Terms on behalf of a United States city, county, or state government entity, then the following applies instead of the paragraph above: the parties agree to remain silent regarding governing law and venue.
For further information please see Googles site for more details: https://developers.google.com/terms
Google API Services User Data Policy
Last updated May 18, 2022
Google API Services, including Google Sign-In, are part of an authentication and authorization framework that gives you, the developer, the ability to connect directly with Google users when you would like to request access to Google user data. The policy below, as well as the Google APIs Terms of Service, govern the use of Google API Services when you request access to Google user data. Please check back from time to time as these policies are occasionally updated.
Accurately represent your identity and intent
If you wish to access Google user data you must provide Google users and Google with clear and accurate information regarding your use of Google API Services. This includes, without limitation, requirements to accurately represent:
- Who is requesting Google user data? All permission requests must accurately represent the identity of the application that seeks access to user data. If you have obtained authorized client credentials to access Google API Services, keep these credentials confidential.
- What data are you requesting? You must provide clear and accurate information explaining the types of data being requested. In addition, if you plan to access or use a type of user data that was not originally disclosed in your privacy policy (or in-product disclosures) when a Google user initially authorized access, you must update your privacy policy and prompt the user to consent to any changes before you may access that data.
- Why are you requesting Google user data? Be honest and transparent with users when you explain the purpose for which your application requests user data. If your application requests data for one reason but the data will also be utilized for a secondary purpose, you must notify Google users of both use cases. As a general matter, users should be able to readily understand the value of providing the data that your application requests, as well as the consequences of sharing that data with your application.
Be transparent about the data you access with clear and prominent privacy disclosures
You must publish a privacy policy that fully documents how your application interacts with user data. You must list the privacy policy URL in your OAuth client configuration when your application is made available to the public.
Your Privacy Policy and all in-product privacy notifications should be accurate, comprehensive, and easily accessible.
Your privacy policy and in-product privacy notifications must thoroughly disclose the manner in which your application accesses, uses, stores, or shares Google user data. Your use of Google user data must be limited to the practices explicitly disclosed in your published privacy policy, but you should consider the use of additional in- product notifications to ensure that users understand how your application will handle user data. If you change the way your application uses Google user data, you must notify users and prompt them to consent to an updated privacy policy before you make use of Google user data in a new way or for a different purpose than originally disclosed.
Disclosures about data use should be prominent and timely. Your privacy policy and any in-product notifications regarding data use should be prominently displayed in your application interface so that users can find this information easily. Where possible, disclosures about data use should be timely and shown in context.
Request relevant permissions
Permission requests should make sense to users, and should be limited to the critical information necessary to implement your application.
Don’t request access to information that you don’t need. Only request access to the minimal, technically feasible scope of access that is necessary to implement existing features or services in your application, and limit access to the minimum amount of data needed. Don’t attempt to “future proof” your access to user data by requesting access to information that might benefit services or features that have not yet been implemented.
Request permissions in context where possible. Request access to user data in context (via incremental auth) whenever you can, so that users understand why you need the data.
Deceptive or unauthorized use of Google API Services is prohibited
You are strictly prohibited from engaging in any activity that may deceive users or Google about your use of Google API Services. This includes without limitation the following requirements:
Do not misrepresent what data is collected or what you do with Google user data. Be up front with users so that they can make an informed decision to grant authorization. You must disclose all user data that you access, use, store, delete, or share, as well as any actions you take on a user’s behalf.
You are not permitted to access, aggregate, or analyze Google user data if the data will be displayed, sold, or otherwise distributed to a third party conducting surveillance.
Overall there should be no surprises for Google users: hidden features, services, or actions that are inconsistent with the marketed purpose of your application may lead Google to suspend your ability to access Google API Services.
Do not mislead Google about an application’s operating environment. You must accurately represent the environment in which the authentication page appears. For example, don’t claim to be an Android application in the user agent header if your application is running on iOS, or represent that your application’s authentication page is rendered in a desktop browser if instead the authentication page is rendered in an embedded web view.
Do not use undocumented APIs without express permission. Don’t reverse engineer undocumented Google API Services or otherwise attempt to derive or use the underlying source code of undocumented Google API Services. You may only access data from Google API Services according to the means stipulated in the official documentation of that API Service, as provided on Google’s developer site.
Do not make false or misleading statements about any entities that have allegedly authorized or managed your application. You must accurately represent the company, organization, or other authority that manages your application. Making false representations about client credentials to Google or Google users is grounds for suspension.
Child-directed apps
The Children’s Online Privacy Protection Act, or COPPA, applies to websites, apps, and services directed to children under the age of 13 and general audience apps, websites, or services with users known to be under the age of 13. While child-directed apps may use some Google services, developers are responsible for using these services according to their obligations under the law. Please review the FTC’s guidance on COPPA (including information about the differences between mixed audience apps and apps directed primarily to children from the FTC’s website and consult with your own legal counsel.
Child-directed apps: If your application is directed primarily at children, it should not use Google Sign-In or any other Google API Service that accesses data associated with a Google Account. This restriction includes Google Play Games Services and any other Google API Service using the OAuth technology for authentication and authorization.
Mixed audience apps: Applications that are mixed audience shouldn’t require users to sign in to a Google Account, but can offer, for example, Google Sign-In or Google Play Games Services as an optional feature. In these cases, users must be able to access the application in its entirety without signing into a Google Account.
Maintain a secure operating environment
You must take reasonable and appropriate steps to protect all applications or systems that make use of Google API Services against unauthorized or unlawful access, use, destruction, loss, alteration, or disclosure.
Additional Requirements for Specific API Scopes
More information about the assessment requirements to obtain (or keep) access to Restricted Scopes is available in the OAuth Application Verification FAQ.
For Gmail Restricted Scopes:
Enforcement of the Gmail requirements in this section began on January 15, 2019. Applications that had access to Gmail Restricted Scopes prior to January 15, 2019 must obtain their first Letter of Assessment no later than December 31, 2019 to keep access to Gmail Restricted Scopes. All other apps must first be verified and obtain the letter prior to being granted access to Gmail Restricted Scopes.
For Drive Restricted Scopes:
To learn more about the new Drive requirements, read our blog post, Enhancing security controls for Google Drive third-party apps.
For Google Fit Restricted Scopes:
Enforcement of the Google Fit requirements in this section began on May 18, 2022. Applications that had access to Google Fit Restricted Read Health Scopes prior to the enforcement start date will be informed by Google when to obtain their first Letter of Assessment to keep access to Google Fit Restricted Read Health Scopes. All other apps must first be verified and obtain the letter prior to being granted access to Google Fit Restricted Read Health Scopes. To learn more about the new Google Fit requirements, read the Google Fit Developer and User Data Policy.
Certain Google OAuth API Scopes (the “Restricted Scopes”) are subject to additional requirements in this section.
Note: If your app is only used by users within your own domain, then these requirements do not apply. As well, G Suite administrators can control access to connected applications via whitelisting. Learn more about best practices for managing your enterprise OAuth ecosystem.
Restricted Scopes:
- Gmail – Any Gmail API scope that permits an application to
- Read, create, or modify message bodies (including attachments), metadata, or headers; or
- Control mailbox access, email forwarding, or admin settings.
- Drive – Any Drive API scope that permits an application to read, modify, or manage the content or metadata of a user’s Drive files, without the user individually granting file-by-file access.
- Google Fit – Any Google Fit API scope that permits an application to read or write a user’s health and fitness data types, which include activity, blood glucose, blood pressure, body temperature, body measurement data (body fat percentage, height, weight), heart rate, location, nutrition, oxygen saturation, reproductive health, and sleep data.
Here is a list of the Restricted Scopes.
Application Type: Only certain application types may access Restricted Scopes for each product.
Product | Permitted Application Types |
Gmail |
|
Drive |
|
Fit |
|
Limited Use:
Your use of data obtained via the Restricted Scopes must comply with these requirements:
- Limit your use of data to providing or improving user-facing features that are prominent in the requesting application’s user interface. All other uses of the data are prohibited;
- Only transfer the data to others if necessary to provide or improve user-facing features that are prominent in the requesting application’s user interface. You may also transfer data as necessary to comply with applicable law or as part of a merger, acquisition, or sale of assets with notice to users. All other transfers or sales of the user data are prohibited;
- Don’t use or transfer the data for serving ads, including retargeting, personalized, or interest-based advertising; and
- Don’t allow humans to read the data, unless
- You first obtained the user’s affirmative agreement to view specific messages, files, or other data, with the limited exception of use cases approved by Google under additional terms applicable to the Nest Device Access program;
- It is necessary for security purposes (such as investigating a bug or abuse);
- It is necessary to comply with applicable law; or
- Your use is limited to internal operations and the data (including derivations) have been aggregated and anonymized.
These prohibitions apply to the raw data obtained from Restricted Scopes and data aggregated, anonymized, or derived from them. You must ensure that your employees, agents, contractors, and successors comply with this Google API Services: User Data Policy.
Secure Data Handling:
Applications accessing Restricted Scopes must demonstrate that they adhere to certain security practices. Depending on the API being accessed and number of user grants or users, applications must pass an annual security assessment and obtain a Letter of Assessment from a Google-designated third party. Local client applications that only allow user-configured transmissions of Restricted Scope data from the device may be exempt from this requirement.
Enforcement
You must access Google API Services in accordance with the Google APIs Terms of Service. If you are found to be out of compliance with the Google APIs Terms of Service, this Google API Services: User Data Policy, or any Google product policies that are applicable to the Google API Service you are using, Google may revoke or suspend your access to Google API Services and other Google products and services. Your access to Google API Services may also be revoked if your application enables end-users or other parties to violate the Google APIs Terms of Service and/or Google policies.
For further information please see Googles site for more details: https://developers.google.com/terms/api-services-user-data-policy