Privacy Policy
Last updated: 2026-05-05
1. Who we are
Tech Provider ("Tech Provider", "we", "us", "our") operates an OAuth 2.0 authorization broker available at oauth.techprovider.com.br and the marketing site at techprovider.com.br. Tech Provider is operated from Brazil. For all data-protection matters, the contact address is admin@zdg.com.br.
2. Scope of this policy
This policy describes how Tech Provider collects, uses, and discloses information when you authorize a partner application to access your Google account — including Gmail, Google Calendar, Google Drive, and YouTube — or another supported identity provider through Tech Provider's broker. It does not describe the data-handling practices of the partner application that requested authorization — for that, please consult the partner application's own privacy policy.
Google's collection and use of any information transferred through Google APIs is additionally governed by the Google Privacy Policy. Use of YouTube data is additionally governed by the YouTube Terms of Service.
3. Information we receive
When you initiate an OAuth authorization flow through Tech Provider, we may receive:
- Account identifiers from the identity provider (such as Google), including your name, primary email address, and a stable account ID.
- Authorization tokens (access tokens and refresh tokens) issued by the identity provider for the scopes you approved on the consent screen.
- Partner-application context — the identifier of the partner application that initiated the flow, the scopes requested, and the redirect target.
- Technical request metadata — IP address, user-agent string, timestamp, and a partner-scoped state token, used to complete the OAuth flow and to detect abuse.
Tech Provider does not read, copy, or persist the content of your emails, calendar events, files, or YouTube channel data. The platform only relays authorization tokens; the user's content stays at Google (or YouTube) and is fetched by the partner application directly when needed.
4. How we use information
Information received through the OAuth flow is used solely to:
- Complete the authorization handshake between you, your identity provider, and the partner application that you chose to grant access to.
- Forward the resulting tokens to the originating partner application over an encrypted channel.
- Identify and prevent abuse of the broker (rate limiting, anomaly detection, security investigations).
- Comply with applicable law and respond to lawful requests.
5. Google API Services User Data Policy — Limited Use
Tech Provider's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
In line with that policy, Tech Provider:
- Does not sell Google user data.
- Does not use Google user data to serve advertising.
- Does not use Google user data to train generalized or generative AI/ML models.
- Does not allow humans to read Google user data, except (a) with your affirmative agreement for a specific purpose, (b) where necessary for security investigations or to comply with applicable law, (c) for limited operational debugging where the data is aggregated and anonymized whenever possible.
- Limits use of Google user data to the user-facing features of the partner application that the user has authorized.
6. Scopes and what they enable
Depending on the partner application and the boxes you tick on the consent screen, Tech Provider may relay tokens authorizing the following Google scopes:
| Scope | What it allows the partner application to do |
|---|---|
openid, profile, email | Identify you to the partner application by your name and primary email address. |
https://www.googleapis.com/auth/gmail.send | Send emails as you, so the partner application can send messages to your contacts on your behalf. |
https://www.googleapis.com/auth/gmail.modify | Read, label, and reply to your emails inside the partner application's unified inbox. |
https://www.googleapis.com/auth/gmail.readonly | Display incoming customer emails in the partner application without modifying them. |
https://www.googleapis.com/auth/calendar.events | Read and create events on your calendar, typically to schedule meetings. |
https://www.googleapis.com/auth/drive.file | Upload or open files the partner application explicitly creates or that you explicitly select. |
https://www.googleapis.com/auth/youtube.readonly | List the YouTube channels and videos owned by your account, so the partner application can display them. |
https://www.googleapis.com/auth/youtube / youtube.upload / youtube.force-ssl | Upload videos, manage video metadata, captions, playlists, and respond to comments on your YouTube channel on your behalf, when the partner application is a video-publishing or social-media management tool. |
https://www.googleapis.com/auth/yt-analytics.readonly | Read aggregate analytics for your YouTube channel so the partner application can display performance reports. |
7. YouTube API Services
When you authorize a partner application to access your YouTube data through Tech Provider, the partner application is using YouTube API Services. By authorizing such access, you also agree to the YouTube Terms of Service.
Google's collection and use of information from YouTube is governed by the Google Privacy Policy.
Tech Provider, as a developer using YouTube API Services, complies with the YouTube API Services Terms of Service and the YouTube API Services Developer Policies. We store YouTube authorization tokens only for as long as needed to relay them to the partner application during the OAuth flow.
You may revoke a partner application's access to your YouTube data at any time at the Google security settings page. Revoking access at Google immediately invalidates the tokens previously issued to the partner application.
8. Sharing
Tech Provider only shares authorization tokens with the partner application that you yourself authorized during the OAuth flow. Tokens are never sold or disclosed to other third parties. Tech Provider may share information when required to do so by law or to comply with valid legal process.
9. Retention
Tech Provider does not retain Google user content. Authorization tokens are processed in transit during the OAuth callback and forwarded to the partner application; any short-lived state required to complete the handshake (for example, the OAuth state token) is discarded immediately after use. Request logs — consisting of timestamps, partner identifiers, and IP addresses, but not user content — are retained for up to ninety (90) days for security and abuse prevention, after which they are deleted or anonymized.
10. Security
All traffic to and from Tech Provider is served over HTTPS. The platform uses industry-standard cryptography to protect tokens in transit. Access to operational systems is restricted to a limited number of authorized engineers under audit, with mandatory two-factor authentication.
11. Your rights
Under the LGPD (Brazilian Lei Geral de Proteção de Dados) and the GDPR (where applicable), you have the right to:
- Confirm whether Tech Provider processes information about you.
- Access the information we hold about you.
- Correct inaccurate or incomplete information.
- Request deletion of information no longer required for the purposes for which it was collected.
- Withdraw consent and revoke access at any time. To revoke a partner application's access to your Google account, visit Google Account » Apps with access and remove the partner application directly.
- Lodge a complaint with a supervisory authority (in Brazil, the Autoridade Nacional de Proteção de Dados — ANPD).
To exercise these rights, email admin@zdg.com.br with the subject line "Data request". We will respond within thirty (30) days.
12. International transfers
Tech Provider operates infrastructure primarily in Brazil. When information transits Google's APIs, it may be processed in any region in which Google operates. Tech Provider does not transfer Google user data to additional third-party processors beyond the partner application that you authorized.
13. Children
Tech Provider's services are intended for use by partner applications serving adult business users. The platform is not directed at children under 13 (or the equivalent minimum age in the user's jurisdiction). If you believe a child has used Tech Provider, please contact us so we can remove the related information.
14. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will be communicated through the homepage or by email where we hold a contact address. Continued use of the platform after a change constitutes acceptance of the updated policy.
15. Contact
Questions about this policy or about how your information is handled?
Email: admin@zdg.com.br
Subject line for data requests: "Data request"