GEM

Privacy Policy

Effective date: June 11, 2026 · Oliwka Software LLC ("Oliwka", "we", "us")

This policy describes how we handle information for the GEM website (gem-cloud.app) and the GEM Cloud hosted service. It also explains, in detail, how GEM accesses and uses Google user data.

Running GEM self-hosted? The open-source edition runs entirely on your own infrastructure. We receive no data from self-hosted installations — no telemetry, no analytics, nothing. This policy's Google-data sections describe how the software handles data within your own deployment; the only party processing it is you.

1. Information we collect on this website

The website is a static site. We do not run advertising or third-party analytics trackers. Our hosting provider (Cloudflare) processes standard request logs (IP address, user agent) to serve and protect the site. If you email us or join the waitlist, we keep your email address and correspondence to respond to you.

2. GEM Cloud account information

When you subscribe to GEM Cloud we collect what's needed to operate your service: your name, business name, billing email, and payment details (handled by our payment processor — we never store card numbers). GEM logins on your instance (email, hashed password, MFA enrollment) exist solely to authenticate you and your staff.

3. Google user data — what GEM accesses and why

GEM connects to a Google Workspace environment only after that environment's super-administrator explicitly grants OAuth consent. GEM requests the minimum sensitive scopes needed for its features — it requests no restricted scopes, and it cannot read, send, or modify Gmail messages or Drive file content.

• Admin SDK — Directory (admin.directory.user, .user.security, .orgunit, .group): to display your user inventory (name, email, status, org unit, last login) and to perform the administrative actions you initiate — creating users during onboarding, suspending/archiving accounts, sign-out during offboarding, and OU/group changes.
• Admin SDK — Reports (admin.reports.usage.readonly, admin.reports.audit.readonly): read-only activity metadata (e.g. last-activity timestamps, login events) used to identify inactive accounts. Never message or file content.
• Admin SDK — Data Transfer (admin.datatransfer): to transfer Drive file ownership to another user during offboarding, when you request it.
• Enterprise License Manager (apps.licensing): to list, assign, and remove license assignments for license reporting and reclamation.
• Sign-in (openid, userinfo.email): used once during consent to identify the granting administrator and Workspace domain.

4. How Google user data is stored and protected

• Each GEM Cloud customer runs in a dedicated, isolated instance with its own database and its own encryption keys — never commingled with other customers.
• The OAuth refresh token for each connected environment is encrypted at rest (Fernet/AES). Directory metadata synced for display (user names, emails, statuses, org units, license assignments, activity timestamps) is stored in your instance's database.
• Backups are encrypted before leaving the host and stored in the same region as your instance. You choose your instance's region at signup; your data is processed and backed up in that region.
• Transport is HTTPS-only. Access to your instance requires authentication with mandatory multi-factor enrollment for local accounts.

5. How Google user data is shared

It isn't. We do not sell, rent, or share Google user data with third parties. It is not used for advertising, profiling, or training machine-learning models. The only third parties involved are our infrastructure subprocessors (Google Cloud Platform for hosting; cloud object storage for encrypted backups), acting on our instructions to run your instance. Oliwka staff access a customer instance's data only for support, with your permission, or as required to operate or secure the service.

Limited Use disclosure: GEM's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

6. Retention and deletion

• Disconnecting an environment inside GEM revokes the OAuth grant at Google and deletes the stored credential and that environment's synced data.
• Ending your GEM Cloud subscription destroys your instance — containers, database, and keys. Encrypted backups expire automatically under our retention schedule (no longer than 30 days) and are unreadable without the destroyed keys.
• You can also revoke GEM's access at any time from the Google Admin Console (Security → API controls → App access control), which immediately invalidates the stored token.

7. Your rights

Email [email protected] to access, correct, export, or delete information we hold about you or your organization. We respond to all requests within 30 days.

8. Changes

We'll post changes to this policy here and update the effective date. Material changes to how we handle Google user data will be communicated to affected customers directly.

9. Contact

Oliwka Software LLC · [email protected]