Aggregate/App Engine Data Privacy?

I was reading through the Terms of Service for Google AppEngine which ODK
Aggregate runs through and I came across this paragraph which concerned
me.about the privacy of the data collected using ODK.

"1.2 From Customer to Google. By submitting, posting, generating or
displaying any Application and/or Customer Data on or through the Service,
Customer gives Google a worldwide, non-sublicensable, non-transferable,
non-exclusive, terminable, limited license to reproduce, adapt, modify,
translate, publish, publicly perform, publicly display and distribute any
Application and/or including Customer Data for the sole purpose of enabling
Google to provide Customer with the Service in accordance with the
Agreement."

Is this the correct policy or does Aggregate have a different policy with
Google?

--- Sean

We have no special arrangement with Google. When you deploy ODK Aggregate
to AppEngine, you, yourself, are the owner of that AppEngine application,
and have agreed to Google's terms by using their service.

I am not a lawyer, but I believe the key phrase in the above legalese is:

"... limited license .... for the sole purpose of enabling Google to
provide Customer with the Service in accordance with the Agreement."

That said, if you have data that you don't want anyone outside your direct
control seeing, you should either host ODK Aggregate on your own
infrastructure or use encrypted forms
http://opendatakit.org/help/encrypted-forms/

Within web hosting companies (e.g., Google, Amazon, EMC, etc), it is common
for the systems engineers and developers supporting web infrastructure to
have varying degrees of access to all user content (except credit cards and
billing instruments, which have much tighter access controls).

Mitch

··· On Wed, Jul 17, 2013 at 8:12 AM, wrote:

I was reading through the Terms of Service for Google AppEngine which ODK
Aggregate runs through and I came across this paragraph which concerned
me.about the privacy of the data collected using ODK.

"1.2 From Customer to Google. By submitting, posting, generating or
displaying any Application and/or Customer Data on or through the Service,
Customer gives Google a worldwide, non-sublicensable, non-transferable,
non-exclusive, terminable, limited license to reproduce, adapt, modify,
translate, publish, publicly perform, publicly display and distribute any
Application and/or including Customer Data for the sole purpose of enabling
Google to provide Customer with the Service in accordance with the
Agreement."

Is this the correct policy or does Aggregate have a different policy with
Google?

--- Sean

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
Mitch Sundt
Software Engineer
University of Washington
mitchellsundt@gmail.com

Thanks Mitch, encryption seems like the way to go, extremely helpful advice!

Sean

··· On Wednesday, July 17, 2013 12:20:23 PM UTC-4, Mitch Sundt wrote: > > We have no special arrangement with Google. When you deploy ODK Aggregate > to AppEngine, you, yourself, are the owner of that AppEngine application, > and have agreed to Google's terms by using their service. > > I am not a lawyer, but I believe the key phrase in the above legalese is: > > "... limited license .... for the sole purpose of enabling Google to > provide Customer with the Service in accordance with the Agreement." > > > That said, if you have data that you don't want anyone outside your direct > control seeing, you should either host ODK Aggregate on your own > infrastructure or use encrypted forms > http://opendatakit.org/help/encrypted-forms/ > > Within web hosting companies (e.g., Google, Amazon, EMC, etc), it is > common for the systems engineers and developers supporting web > infrastructure to have varying degrees of access to all user content > (except credit cards and billing instruments, which have much tighter > access controls). > > Mitch > > > > On Wed, Jul 17, 2013 at 8:12 AM, <sean.ba...@cnu.edu > wrote: > >> I was reading through the Terms of Service for Google AppEngine which ODK >> Aggregate runs through and I came across this paragraph which concerned >> me.about the privacy of the data collected using ODK. >> >> "1.2 *From Customer to Google*. By submitting, posting, generating or >> displaying any Application and/or Customer Data on or through the Service, >> Customer gives Google a worldwide, non-sublicensable, non-transferable, >> non-exclusive, terminable, limited license to reproduce, adapt, modify, >> translate, publish, publicly perform, publicly display and distribute any >> Application and/or including Customer Data for the sole purpose of enabling >> Google to provide Customer with the Service in accordance with the >> Agreement." >> >> Is this the correct policy or does Aggregate have a different policy with >> Google? >> >> --- Sean >> >> -- >> -- >> Post: opend...@googlegroups.com >> Unsubscribe: opendatakit...@googlegroups.com >> Options: http://groups.google.com/group/opendatakit?hl=en >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ODK Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to opendatakit...@googlegroups.com . >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > > > > -- > Mitch Sundt > Software Engineer > University of Washington > mitche...@gmail.com >