Docswave provides an e-approval system connected with Google Docs of Google Drive. You may wonder whether the Docswave team has access to clients’ documents or if there is any possibility of data leakage.
To assure our clients of the safety of Docswave documents, we would like to explain the security of Google Drive data and system connected to Docswave. If you had concerns about the security of Docswave, please keep reading this post!
1. Why does Docswave need to access my Google data?
Docswave needs an access to the user’s Google data because it creates a Docswave folder on behalf of the user. Docswave also needs to create files and manage them. Docswave can gain access only through Google’s OAuth 2.0. This process is illustrated as below.
- The new user (owner of the Main Account) clicks the [Start Docswave] button in the Docswave website (https://www.docswave.com/en)
- Abiding by Google Oauth 2.0 regulations, Docswave sends a request to Google for authorization to access the Main Account’s Google Drive, address book, etc.
- Upon receipt of request, Google confirms with the user about authorization to access information. If the user agrees, Google allows Docswave to access necessary resources.
- Thereafter, Docswave is able to manage Google data used in Docswave on behalf of the user.
<List of information Docswave requests to the Main Account owner>
- Email Address : The user’s email address (to be used as the ID).
- Basic Profile Information : User’s name, profile image, etc.
- Google Drive Management : All activities carried out in Docswave will be saved in the ‘[Docswave] Name of New Org’ folder in Google Drive. Thus, authorization to manage the folder is requested.
- Offline Accessibility : To enable other members to use Docswave even when the Main Account is offline, authorization for offline accessibility is requested on behalf of the Main Account.
- Attachments : When attaching a file while creating a document, the attachment is saved in the Main Account’s Google Drive or a user’s Google Drive file is imported to Docswave.
- Address Book Information : Members can be invited to Docswave through Google Address Book. For this purpose, an access to the user’s address book is requested.
The user needs to agree to Docswave’s request for accessibility in order to use Docswave services. Please note that the above requests are only applicable to the ‘[Docswave] Name of New Org’ folder. Also, if you wish to stop using Docswave services, you can always deactivate Docswave’s access to the folder in your ‘Google Account Information.’ (Refer to: Managing connected apps)
2. Then, can I check Docswave’s activities in Google Drive?
You can check all activities performed by Docswave in the Main Account’s Google Drive. For example, records of creating a ‘[Docswave] Name of New Org’ folder, forms and documents, etc., are automatically saved.
You may be wondering if Docswave is able to access other parts of your Google Drive and view documents in those.
Docswave manages Google Drive files by the Google Access Token received through an agreement. Docswave cannot view or create documents in the parts at all, because it completely complies with Google’s security policy. In particular, the Docswave team is not able to view members’ documents and files. Furthermore, it is impossible for Docswave to share users’ data arbitrarily without leaving a record. You can rest assured that your documents will stay safe.
3. Is the Docswave service secure?
Docswave operates under the Google Cloud Platform (hereafter GCP).
* GCP is a cloud computing environment which can virtually manage servers, storage, and networks. Examples include AWS.
Therefore, all resources of Docswave are operated based on Google’s security policy. As for the database, Docswave’s security is stable as it uses Google Cloud SQL. Moreover, Docswave is currently participating in the Google Cloud Platform for Startup Program through Google Headquarters. As a technical partner of Google, we are preparing for even more secured services.
4. Is the Docswave network secure?
In January 2016, Docswave updated its SSL (Secure Sockets Layer) technology for the GCP (Google Cloud Platform) transfer and security reinforcement.
After applying SSL technology, the data transmitted between the web browser and web server have become encrypted. It enhances the safety of Docswave members’ data and personal information. Additionally, risks of hacking and theft have diminished. Users can check the website address starting with ‘https’.e
5. Are there other security-related activities that Docswave plans to pursue?
Docswave has concluded a strategic partnership with NSHC, Inc. (http://www.nshc.net/), an enterprise specializing in security and currently carrying out projects with LINE (security detection) and representative domestic banks (app security).
We plan to continue to manage and resolve potential Docswave security issues in a professional way.