Streak is a layer on top of your Gmail experience, and provides additional productivity functionalities across the Google suite of products.
To do that, we ask for your permission to connect to your Google account, and authenticate that connection via Google Apps OAuth. Your Streak account thus has the same industry-leading login security as your Google account.
Streak requests access to the following Google APIs so that our features can work. Streak does not make any changes to your Gmail, Drive, Contacts, or Calendar without your explicit permission.
Streak does not, and will never, sell or trade personal information about anyone who uses our services.
Streak only retains data as long as it provides value for our users. (e.g. we don’t store calendar data for any tasks except the ones created by the Streak pipeline and we delete tasks when a user asks us to). Streak removes data promptly once it is no longer referenced in the product, as far as technically feasible. (e.g. after we delete something in our main datastore, there might still be an encrypted copy in a Google backup). Streak stores only as much data as necessary for critical debugging and analytical needs.
All of your Streak data is stored on Google's Cloud Platform in the United States. Google may, at their discretion, make encrypted backup copies of the data in other U.S. locations for disaster recovery purposes.
Google's Cloud Platform has the same security policies, procedures, and infrastructure in place as other popular Google products such a Gmail and Google Drive.
Streak stores information about your Pipelines and Boxes on our Google servers. We implement strict controls such that no one else can access your data unless you've explicitly shared it with them.
Streak does not store the content (the body) of your emails. Instead, they are fetched via the Gmail API only upon request. Streak temporarily stores email metadata (recipients, subject line) for the sole purpose of indexing and sorting your email, before presenting and visualizing that data back to you.
Streak takes meaningful precautions to protect and safeguard our users’ and our members’ information. Streak has put in place physical, electronic, and procedural safeguards to protect the information Streak collects and process. This includes, limiting access to employees, vendors, and others; use of pseudonymization and anonymization techniques where feasible; and use of encryption techniques when transmitting information. We do not share your data with any third party analytics companies.
Streak undergoes Google's OAuth API review process yearly. Additionally, every version of the Streak extension undergoes a review process by Google's Chrome team, in accordance with Google Chromes’ Developer Program Policies. As a trusted Google partner, Streak received the G Suite Partner of the Year award in part because of our Streak's strong security practices.
Streak believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you’ve found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly. Please visit the our Hacker One page to get started.
If you have more questions around Access Control, Change Control, Encryption (at rest and at transit), or any other security-related questions, please email us at firstname.lastname@example.org.
We take your security and privacy very seriously. Many financial institutions, investment firms, and banks around the world use Streak to store their confidential information, and we value their trust. If you'd like to read more about how Google handles the security of data within their Cloud Platform, we recommend reading their documentation on it.