Why do we need permission to access your Google account?
When you install the Clockwise chrome extension, we ask you for permission to connect to your work Google account and authenticate that connection via Google OAuth. This means that your Clockwise account has the same industry-leading login security as your Google account.
Clockwise requests the minimum permissions needed to be able to deliver a rich calendar experience. Specifically, we request access to the following Google information:
Clockwise also gives users the option to view the Clockwise chrome extension next to their work Gmail, as well as their calendar. To do this, Clockwise does not request API access to the user's Gmail data, but we do request access to mail.google.com in the browser, in order to display the extension. This is an optional chrome extension permission.
How is user data protected?
Our user’s data security is foundational to the Clockwise product, from account creation through Google's OAuth service, to encryption of data in transit to Clockwise servers (using browser-based TLS), to a variety of administrative, physical, and technical safeguards designed to create a secure environment for our customers' data.
We work with industry-leading cloud PaaS and IaaS providers. All Clockwise applications run in a virtual private cloud hosted by AWS, including failover and backup instances. These infrastructure providers maintain industry-standard security certifications, including ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3 and PCI DSS Level 1.
How does the Clockwise chrome extension interact with my computer?
Clockwise has no access to anything on your computer outside of the Chrome browser. This is a security feature of the Chrome browser that Google calls "sandboxing". You can learn more about it in this video from Google.
If you have any security related questions, or if you think you’ve identified a security vulnerability, please contact us at firstname.lastname@example.org.