Google API Services — Limited Use Disclosure

Last updated: May 23, 2026 · For: Clouget Punto de Venta (Desktop)

This page formally discloses how Clouget Punto de Venta, developed by TECNOMADE S.A., uses information received from Google APIs, in compliance with the Google API Services User Data Policy, including the Limited Use requirements.

TL;DR: Clouget POS uses the drive.file Google Drive scope solely to create, read, and delete backup files of the user's own POS database, stored inside the user's own Google Drive. We do not transmit, store, or analyze user data on our servers. We do not use Google data for ads, training models, or any purpose unrelated to the backup feature explicitly requested by the user.

1. Application overview

Name: Clouget Punto de Venta
Developer: TECNOMADE S.A. (Ecuador, RUC 0993377128001)
Type: Desktop application (Windows, built with Tauri 2)
Purpose: Point-of-Sale software for small businesses in Ecuador (invoicing, inventory, customers, electronic SRI invoices, etc.)
Website: https://pos.clouget.com
Privacy Policy: https://pos.clouget.com/privacidad/
Terms of Service: https://pos.clouget.com/terminos/

2. Google scopes requested

Clouget requests only one Google API scope, and only when the user explicitly activates the optional "Backup to Google Drive" module:

Scope	Why we need it
`https://www.googleapis.com/auth/drive.file`	To create a folder ("Clouget Backups") inside the user's own Drive, upload encrypted backup files of the local SQLite database, list them for restore selection, and delete old ones according to retention policy. This scope only grants access to files created or opened by the app; it does NOT grant access to other files in the user's Drive.

We deliberately use the most restrictive scope possible. We do NOT request the broader scopes drive, drive.readonly, or drive.metadata.

3. How Google data is used

Clouget's use of Google Drive data is limited to the following operations:

Create a folder named "Clouget Backups" in the user's My Drive on first connection.
Upload AES-256 encrypted backup files (the encryption key is derived from the user's own password and is never sent to us nor to Google).
List the backups in that folder so the user can choose one to restore.
Download a backup file when the user explicitly requests a restore.
Delete old backup files according to the retention policy the user has configured (e.g. keep last 30 daily backups).

4. Limited Use compliance (formal statement)

Clouget POS's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, Clouget POS:

4.1 Allowed use cases — we ONLY use Google data to:

Provide the user-facing backup feature that the user explicitly activated.
Comply with applicable law (e.g. tax authorities requiring proof of backup retention).

4.2 Prohibited use cases — we DO NOT:

❌ Use Google Workspace API data for serving advertisements.
❌ Use Google Workspace API data to develop, improve, or train generalized AI/ML models.
❌ Transfer Google data to others unless necessary to provide or improve the user-facing feature, comply with the law, or as part of a merger, acquisition or sale of assets (with prior user notice).
❌ Allow humans to read user data, except:
- With the user's explicit prior consent for specific files.
- For security purposes (e.g. to investigate abuse).
- To comply with applicable law.
- For operations where the data are aggregated and anonymized for internal operations.

5. Data storage and processing

Backup files are stored exclusively in the user's own Google Drive account, not in TECNOMADE servers.
Files are encrypted client-side with AES-256-GCM before upload. TECNOMADE never sees plaintext backup contents.
The user's OAuth tokens (access + refresh) are stored only on the user's local PC, in OS-encrypted storage. They are not transmitted to TECNOMADE servers.
TECNOMADE does not have any mechanism to access the user's Google Drive files outside the user's own session.

6. Data sharing with third parties

Clouget POS does not share Google user data with any third party. All backup operations happen directly between the user's PC and Google Drive via official Google APIs.

The only "third party" involved in the OAuth flow itself is Supabase, which hosts a server-side function used to safely store the OAuth Client Secret (so it doesn't have to be embedded in the desktop client). The function is invoked only during OAuth token exchange and refresh; it does not access, store, or process user data from Drive.

7. User control and revocation

Users can revoke Clouget's access to their Google Drive at any time:

From the app: Settings → Backup → Google Drive → Disconnect account.
From Google directly: https://myaccount.google.com/permissions → search for "Clouget Punto de Venta" → Remove access.

Upon revocation, no further uploads or reads will occur. Already-uploaded backup files remain in the user's Drive and can be deleted manually from the Drive web interface if desired.

8. Security measures

All communications with Google APIs use HTTPS/TLS 1.3.
OAuth tokens stored locally are protected using OS-level secure storage (Windows DPAPI).
Backups are encrypted with AES-256-GCM client-side before upload.
Encryption keys are derived from a user-provided password using Argon2id; they are never transmitted off the user's machine.
The OAuth Client Secret is held in a Supabase Edge Function and never shipped in the desktop binary.

9. Compliance with Google policies

Clouget POS follows:

10. Contact

For questions about this disclosure or our use of Google APIs:

Email: jviera@tecnomade.net
Address: TECNOMADE S.A. — Andrés Marín 108 y Aguirre, Ecuador
RUC: 0993377128001