At AgainstData, we prioritize security and data privacy, and we are committed to being open and transparent about our practices.
Permissions required for the operation of the service
We request only the permissions necessary for our operations. Below, we explain the permissions required and their purposes.
Security measures & audit
We have implemented several security measures to protect your password and account such as:
Master Password Encryption
Your authentication details are encrypted following the Google OAuth 2.0 protocol.
Cybersecurity Standards
Our security methods align with those used by password management systems, ensuring the security of your details and we are regularly certified by a third-party Google OAuth 2.0 assessor under the CASA certification process.
Session Security
Upon login, your authentication details are stored only for the duration of your session and are erased upon logout. This ensures that no one else can access them, even if our system is compromised.
Granting Gmail API Access
On your first login with Gmail, we request the following Gmail API scope read more about OAuth scopes here:
Gmail ready only scope (gmail.readonly)
This allows us to access all resources and metadata, with the purpose of creating the list of companies that hold your data, and the mailing lists you are subscribed to, as well as the various statistics about your Gmail account.
When you first use the Unsubscribe feature, we request the following Gmail API scope:
Gmail modify scope (gmail.modify)
This allows us to implement your choices on the platform, in your Gmail account, such as bulk deleting messages that you no longer need.
Gmail settings scope (gmail.settings)
This allows us to change some of the Settings on your Gmail account to reflect the privacy selections and unsubscribe decisions you make on the platform.
When you first use the Deletion request feature, we request the following Gmail API scope:
Gmail send scope (gmail.send)
This allows us to send the deletion request templates directly from your Gmail account to the Data Protection Officers of the companies that you select.
Each time you login again to Againstdata, we utilise the following Gmail API scopes:
Gmail readonly scope (gmail.readonly)
This allows us to refresh the information related to the companies you have interacted with since your last login on the platform so that we can update the list of companies that hold your data, as well as the various statistics about your Gmail account.
Revoking Gmail API Access & Account Deletion
You can revoke AgainstData’s access to your mailbox at any time by deleting your account from the "Account Settings" page in the application.
WARNING: Once your account is deleted it may not be recovered. All associated data is permanently deleted from our servers.
You can always view your existing Gmail API permissions or revoke access to Against Data at any time from your Google Account Settings Page.