Privacy Policy
Valid from: 23rd of February 2023, last updated December 2024.
1. Introduction
This Privacy Policy describes how Maybe ("we", "us", or "our") processes your personal data when you use our website and Maybe Products. Maybe is the controller of the processing activities described in this policy.
2. Data Collection and Processing
We collect personal data for the following purposes:
2.1. Product Provision
We collect and process:
- Name and username
- Email address
- IP address and browser information
- Navigation data on our platforms
2.2. Website Analysis
We use cookies and analytics to improve our services and user experience.
2.3. Support and Troubleshooting
We process usage logs and personal data to provide technical support.
2.4. Marketing Communications
We may send product updates and marketing communications. You can opt-out by contacting [email protected].
3. Google Services Integration and Sensitive Data Protection
3.1. Google Services Access
With your explicit consent, we may access:
- Google Calendar: Read calendar events and create entries
- Google Docs: Read and create documents
- Gmail: Read, send, modify, and compose emails
- Google Sheets: Read and create spreadsheets
3.2. Comprehensive Data Protection Mechanisms
3.2.1. Data Encryption
- Transport Layer Security: All data in transit is encrypted using TLS 1.3 protocols
- Data at Rest: All stored data is encrypted using AES-256 encryption
- API Security: All Google API communications use secure HTTPS connections
- Key Management: Encryption keys are managed through secure key management systems
3.2.2. Access Controls and Authentication
- Multi-Factor Authentication: Required for all administrative access
- OAuth 2.0: Secure authorization for Google services integration
- Role-Based Access Control: Employees only access data necessary for their role
- Session Management: Automatic session timeouts and secure session handling
- IP Whitelisting: Administrative access restricted to authorized IP addresses
3.2.3. Data Minimization and Purpose Limitation
- Scope Limitation: We only request minimum necessary Google service scopes
- Purpose Restriction: Data is only processed for stated purposes in this policy
- Automatic Deletion: Data is automatically purged when no longer needed
- No Human Review: Google user data is not accessed by humans unless required for security or with explicit consent
3.2.4. Secure Processing Environment
- Isolated Processing: All sensitive data processing occurs in secure, isolated environments
- Network Security: Firewalls and intrusion detection systems protect our infrastructure
- Regular Security Audits: Comprehensive security assessments conducted quarterly
- Vulnerability Management: Regular vulnerability scans and patch management
- Security Monitoring: 24/7 security monitoring and incident response
3.2.5. Data Retention and Deletion
- Retention Policy: Google service data retained only as long as necessary
- User Control: Users can request immediate deletion of their data
- Automatic Purging: Data automatically deleted after account termination
- Audit Trails: Complete logs of data access and deletion activities
3.2.6. Compliance and Monitoring
- GDPR Compliance: Full compliance with General Data Protection Regulation
- Regular Assessments: Privacy impact assessments conducted annually
- Staff Training: Regular privacy and security training for all employees
- Incident Response: Comprehensive data breach response procedures
3.3. Google Limited Use Requirements
We strictly adhere to Google's Limited Use Requirements:
- Google user data is only used to provide or improve our application functionality
- No transfer of Google user data to third parties except as necessary for service provision
- No use of Google user data for advertising purposes
- No human access to Google user data unless required for security or with explicit consent
3.4. User Controls and Rights
- Users can revoke Google service access at any time
- Users can request a copy of their processed Google service data
- Users can request deletion of specific Google service data
- Users can modify their privacy settings through their account dashboard
4. Data Sharing
We do not share personal data with third parties except:
- With your explicit consent
- When required by law
- With service providers who assist in providing our services (under strict data protection agreements)
Google service data is never shared with third parties except as explicitly required to provide our services and with your consent.
5. Data Retention
Personal data is deleted upon user request or account termination. Google service data is deleted within 30 days of account termination or access revocation.
6. Your Rights
You have the right to:
- Access your personal data
- Rectify inaccurate data
- Request deletion of your data
- Restrict processing
- Data portability
- Object to processing
7. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes before they become effective.
Last Updated: December 2024
Version: 2.0