diff --git a/public/static/docs/command-reference/remote/add.md b/public/static/docs/command-reference/remote/add.md
index e6d2e0e01a..f5343e9dee 100644
--- a/public/static/docs/command-reference/remote/add.md
+++ b/public/static/docs/command-reference/remote/add.md
@@ -217,6 +217,8 @@ option is enabled on this type of storage, so DVC recalculates the checksums of
files upon download (e.g. `dvc pull`), to make sure that these haven't been
modified.
+> Please note our [Privacy Policy (Google APIs)](/doc/user-guide/privacy).
+
diff --git a/public/static/docs/command-reference/remote/modify.md b/public/static/docs/command-reference/remote/modify.md
index a2061a4939..1d20b67de2 100644
--- a/public/static/docs/command-reference/remote/modify.md
+++ b/public/static/docs/command-reference/remote/modify.md
@@ -271,6 +271,8 @@ including obtaining the necessary credentials, and how to form `gdrive://` URLs.
$ dvc remote modify myremote gdrive_client_secret
```
+> Please note our [Privacy Policy (Google APIs)](/doc/user-guide/privacy).
+
diff --git a/public/static/docs/sidebar.json b/public/static/docs/sidebar.json
index b36b4bbe7c..16c1a17583 100644
--- a/public/static/docs/sidebar.json
+++ b/public/static/docs/sidebar.json
@@ -162,7 +162,7 @@
"slug": "analytics"
},
{
- "label": "Privacy Policy",
+ "label": "Privacy Policy (Google APIs)",
"slug": "privacy"
}
]
diff --git a/public/static/docs/user-guide/privacy.md b/public/static/docs/user-guide/privacy.md
index d2d50e8655..de853fe20b 100644
--- a/public/static/docs/user-guide/privacy.md
+++ b/public/static/docs/user-guide/privacy.md
@@ -1,13 +1,12 @@
-# DVC privacy policy to access Google Services and APIs
+# Privacy Policy for Access to Google APIs
DVC is using the [Google Drive API](https://developers.google.com/drive/) to
-make it easier to store and version files in the Google Drive storage. For the
-details on how to setup it check the respective sections in the `dvc remote add`
-and `dvc remote modify` commands as well as the relevant Google Drive section of
-this User Guide.
+make it easier to store files on Google Drive. For more details on how to set it
+up, refer to
+[Setup a Google Drive DVC Remote](/doc/user-guide/setup-google-drive-remote)
-DVC uses the _DVC_ application on Google Cloud Platform. That is the name you
-will see in a consent screen. DVC integration is governed by common policies
+DVC uses the _DVC_ Application on Google Cloud Platform. (That is the name you
+will see in a consent screen.) This integration is governed by common policies,
recorded here.
Your use of Google APIs with DVC is subject to each API’s respective terms of
@@ -16,13 +15,16 @@ service. See
## Accessing user data
-DVC access Google resources from your machine you run DVC on. Your machine
+DVC accesses Google resources from the machine where you use DVC. Your machine
communicates directly with the Google APIs.
-DVC project never receives your data or the permission to access your data. The
-owners of the project can only see anonymous, aggregated information about usage
-of tokens obtained through its OAuth client, such as which APIs and endpoints
-are being used.
+The _DVC_ Application never receives your data or the permission to access your
+data. The owners of the project can only see anonymous, aggregated information
+about usage of tokens obtained through its OAuth client, such as which APIs and
+endpoints are being used.
+
+DVC sends users to `https://accounts.google.com/o/oauth2/auth` for authorization
+and does not directly access or collect user data used by Google Auth.
## Using user data
@@ -32,57 +34,55 @@ which requires that you authenticate yourself as a specific Google user and
authorize these actions.
DVC can help you get a token by guiding you through the OAuth flow in the
-browser. There you must consent to allow the _DVC_ application to operate on
+browser. There you must consent to allow the _DVC_ Application to operate on
your behalf. The OAuth consent screen will describe the scope of what is being
-authorized, e.g., it will name the target API(s) and whether you are authorizing
+authorized e.g. it will name the target API(s) and whether you are authorizing
“read only” or “read and write” access.
There are two ways to use DVC with Google Drive without authorizing the _DVC_
-application: bring your own service account token or configure the package to
-use an OAuth client of your choice. See the relevant Google Drive section of
-this User Guide.
+Application: bring your own service account token or configure the package to
+use an OAuth client of your choice. See
+[Setup a Google Drive DVC Remote](/doc/user-guide/setup-google-drive-remote) for
+more information.
## Scopes
-`userinfo.email` scope (view your email address), `userinfo.profile` scope (see
-your personal info, including any personal info you've made publicly available),
+`userinfo.email` scope (view your email address)' `userinfo.profile` scope (see
+your personal info. including any personal info you've made publicly available),
and `openid` scope (authenticate using OpenID Connect) are required to be used
-by Google Auth. DVC authorizes users via
-[Google's server](https://accounts.google.com/o/oauth2/auth) and doesn't access
-or collect users data used by Google Auth.
+by Google Auth.
DVC allows you to manage your Google Drive files and therefore the default
-scopes include `drive` scope (read/write access to your Google Drive) and
-`drive.appdata` scope (manage configuration folder in your Google Drive).
+scopes also include `drive` (read/write access to your Google Drive) and
+`drive.appdata` (manage configuration folder in your Google Drive).
## Sharing user data
DVC only communicates with Google APIs. No user data is shared with the owners
-of the _DVC_ application, DVC, Iterative or any other servers.
+of the _DVC_ GCP Project, DVC, Iterative or any other party.
## Storing user data
-DVC stores your credentials on your machine, for later reuse by you. Use caution
-when using DVC on shared machine.
+DVC stores your credentials on your machine, for later reuse by you. **Use
+caution when using Google Drive DVC remotes on shared machines.**
-By default, an OAuth token is cached in a local file per DVC repository -
-`.dvc/tmp/gdrive-user-credentials.json`.
+By default, OAuth tokens are cached in a local file per DVC repository, located
+in `.dvc/tmp/gdrive-user-credentials.json`.
## Usage in other packages or applications
-Do not use an API key or client ID from the _DVC_ application in an external
+Do not use an API key or client ID from the _DVC_ Application in an external
package or tool. Per the
[Google User Data Policy](https://developers.google.com/terms/api-services-user-data-policy),
your application must accurately represent itself when authenticating to Google
API services.
If you use DVC inside another package or application that executes its own logic
-— as opposed to code in the DVC or by the user — you must communicate this
-clearly to the user. Do not use credentials from the _DVC_ application; instead,
-use credentials associated with your project or your user.
+— as opposed to code in DVC or by the user — you must communicate this clearly
+to the user. Do not use credentials from the _DVC_ Application; instead, use
+credentials associated with your project or your user.
## Acknowledgments
-This document is a modified version of the
-[Privacy policy for packages that access Google APIs](https://www.tidyverse.org/google_privacy_policy/)
-by [Tidyverse](https://www.tidyverse.org/).
+This document is based on Tidyverse's
+[Privacy policy for packages that access Google APIs](https://www.tidyverse.org/google_privacy_policy/).
diff --git a/public/static/docs/user-guide/setup-google-drive-remote.md b/public/static/docs/user-guide/setup-google-drive-remote.md
index d316d1b1d6..2ed6530032 100644
--- a/public/static/docs/user-guide/setup-google-drive-remote.md
+++ b/public/static/docs/user-guide/setup-google-drive-remote.md
@@ -111,3 +111,5 @@ token data will be cached in a Git-ignored directory located in
⚠️ In order to prevent unauthorized access to your Google Drive, **do not share
access token data with others**. Each team member should generate their own
tokens.
+
+> Please note our [Privacy Policy (Google APIs)](/doc/user-guide/privacy).