Privacy Policy

Last updated:

TL;DR
Who we are
What data we access
Where it's stored
Google API Services disclosure
Third parties
Your rights & deletion
Children
Changes
Contact

TL;DR

DriveStat is a client-side Google Drive visualizer. It runs entirely in your browser. We do not operate servers that receive your Drive data, we do not have a database of users, and we do not use analytics, tracking cookies, or third-party ad networks. Your Drive metadata is fetched directly from Google's API to your browser and cached locally in IndexedDB so you don't have to rescan on every visit.

Who we are

"DriveStat", "we", "us", or "our" refers to the operators of drivestat.em95.org. DriveStat is a free, open-source web application. The app is served as static HTML, CSS, and JavaScript from a CDN; there is no application server that processes your requests.

What data we access

When you sign in with Google and grant permission, DriveStat requests the following scope:

https://www.googleapis.com/auth/drive.metadata.readonly — read-only access to file metadata (name, size, mime type, parents, modified time). DriveStat uses this to build the treemap. We never request or receive file contents, thumbnails, or previews.

DriveStat reads only metadata (filenames, sizes, MIME types, timestamps, folder structure). It does not:

Download the contents of your files
Upload, copy, or transmit your files to any server we control
Modify, trash, or delete any of your files — DriveStat is strictly read-only
Share your data with any third party

Where it's stored

Everything is kept in your browser. Specifically:

IndexedDB — caches the scanned file index so rescanning is optional on return visits.
localStorage — stores UI preferences (theme, pane layout), the cookie/storage acknowledgement flag, and the short-lived Google OAuth access token issued by Google's identity library for the duration of your session.

Clearing your browser's site data for drivestat.em95.org deletes all of the above. You can also sign out from the app header, which revokes the in-browser token. To fully revoke DriveStat's access to your Google account, visit your Google account permissions page.

Google API Services disclosure

DriveStat's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

We only use Drive data to provide and improve user-facing features that are prominent in the app's UI (the file list, the treemap, the details sidebar).
We do not transfer Drive data to others, unless doing so is necessary to provide the user-visible feature (it is not, today), or required by law.
We do not use Drive data for serving ads.
We do not allow humans to read Drive data, unless we have your affirmative consent, it's needed for security purposes, or it's required by law.

Third parties

Google Identity Services — the "Sign in with Google" button is loaded from accounts.google.com. Google may set cookies on their own domain as part of the sign-in flow. Their handling is governed by the Google Privacy Policy.
Google Drive API — metadata requests are made directly from your browser to www.googleapis.com over TLS. We are not a man-in-the-middle.
Hosting / CDN — the static files (HTML, CSS, JS) are served from a CDN, which will see standard request logs (IP address, user agent, requested path) for operational purposes. No personal data beyond that is shared with the host.

We do not use Google Analytics, Meta Pixel, ad networks, cross-site trackers, or session recorders.

Your rights & deletion

Because DriveStat does not operate a user database, there's nothing to export or delete on our side. To delete your locally cached data:

Sign out from DriveStat (clears the in-browser token).
Clear site data for drivestat.em95.org in your browser's settings.
Revoke DriveStat from your Google account at myaccount.google.com/permissions.

If you are an EU/UK resident and believe we have somehow processed personal data relating to you, you can contact us (see below). You have the right to access, rectify, delete, restrict processing, and port your data under GDPR / UK GDPR; in practice there is rarely anything on our side to act on.

Children

DriveStat is not directed at children under 13 (or 16 in the EU). We do not knowingly collect data from them. If you believe a child has used DriveStat, contact us and we will help you purge any locally cached data from their device.

Changes to this policy

If we make material changes to how DriveStat handles your data, we will update the date above and post a notice in the app. Continued use after changes take effect constitutes acceptance.

Contact

Questions, concerns, or data deletion requests: em95org@gmail.com.