đĄī¸ We Use Google OAuth 2.0
Industry-standard authentication. Your credentials, your control, your security.
đ Introduction
Welcome to BigQuery Cost Analyzer ("we," "our," or "the Service"). This Privacy Policy explains how we collect, use, protect, and handle your information when you use our BigQuery cost analysis and optimization service.
â Our Commitment to You
We are committed to transparency, security, and giving you control over your data. We use industry-standard OAuth 2.0 authentication and follow best practices for data protection.
By using our Service, you agree to this Privacy Policy. If you do not agree, please discontinue use of the Service immediately.
đ Information We Collect
1.1 Authentication Information (via Google OAuth)
When you log in using Google OAuth 2.0, we collect:
- Google Account Email: To identify you and personalize your experience
- Profile Information: Name and profile picture (if provided by Google)
- OAuth Access Token: Temporary token (expires in 1 hour) to access BigQuery on your behalf
đ OAuth Security
Your Google password is NEVER shared with us. Google handles all authentication. We only receive a temporary access token that you explicitly authorize.
1.2 BigQuery Project Information
You may choose to provide:
- Project IDs: GCP projects you want to analyze
- Dataset Names: BigQuery datasets for cost analysis
- Configuration Settings: Your preferences for alerts and thresholds
1.3 Usage Data (Automatically Collected)
- Log Data: IP address, browser type, access times
- Feature Usage: Which features you use and when
- Error Logs: Technical errors to improve service reliability
âšī¸ What We DON'T Collect
- â Your Google account password (handled by Google OAuth)
- â Your BigQuery query results (unless you use optional server-side features)
- â Your billing amounts or financial data (beyond what you choose to share)
- â Your personal files or documents
đ OAuth 2.0 Security Model
â Why OAuth is Secure
OAuth 2.0 is the industry-standard authorization protocol used by Google, Microsoft, Facebook, and thousands of secure applications worldwide.
How OAuth Protects You:
| Security Feature | How It Works |
|---|---|
| đ No Password Sharing | You log in directly with Google. We never see or store your password. |
| â° Token Expiration | Access tokens expire in 1 hour. You must re-authorize for continued access. |
| đ¯ Limited Scope | We only request permissions for BigQuery access - nothing else. |
| đĢ Revocable Access | You can revoke our access anytime from your Google Account settings. |
| đ Encrypted Communication | All OAuth flows use HTTPS encryption. |
OAuth Permissions We Request:
https://www.googleapis.com/auth/bigquery- Read and query your BigQuery datahttps://www.googleapis.com/auth/cloud-platform- Access Google Cloud Platform resources
You see these permissions when you log in and can deny them. We cannot access anything beyond what you explicitly authorize.
đ Two Access Models: Choose Your Level
We offer two ways to use our service, giving you control over your data:
Model 1: OAuth Only (Most Secure) â RECOMMENDED
đĄī¸ Maximum Security & Control
How it works: Your browser connects directly to BigQuery using YOUR OAuth token. Your data never touches our servers.
Features Available:
- â Project exploration and analysis
- â Interactive cost queries
- â Reservation management (BQ Angel)
- â Real-time BigQuery operations
Data Flow:
Your Browser â (Your OAuth Token) â Google BigQuery â Your Browser
Privacy: â Your data NEVER passes through our servers
Model 2: OAuth + Optional Server-Side Analysis â ī¸ OPTIONAL
âī¸ Advanced Features (Requires Trust)
How it works: For billing analysis and automated alerts, you optionally grant our service account access to your GCP project.
Additional Features Available:
- đ Comprehensive billing breakdown
- đ¨ Automated cost alerts (email/SMS)
- đ Historical variance analysis
- đ¤ Background monitoring jobs
Data Flow:
Your Browser â Our Server â (Our Service Account) â Your BigQuery â Our Server â Your Browser
Privacy: â ī¸ Billing data temporarily passes through our server for analysis (not stored)
You Control Access:
- â You explicitly grant permissions via GCP IAM
- â You can revoke access anytime
- â All queries appear in your audit logs
- â Read-only access (we cannot modify your data)
đ¯ You Choose
You are not required to use server-side features. You can use our service with OAuth only for maximum security and privacy. Server-side features are entirely optional.
âī¸ How We Use Your Information
We use collected information to:
- Provide the Service: Execute BigQuery cost analysis and optimization
- Authenticate You: Verify your identity via Google OAuth
- Send Alerts: Notify you of cost spikes (if you enable this feature)
- Improve the Service: Analyze usage patterns to enhance features
- Troubleshoot Issues: Debug errors and technical problems
- Comply with Legal Obligations: Respond to legal requests when required
â What We DON'T Do
- â We do NOT sell your data to third parties
- â We do NOT use your data for advertising
- â We do NOT share your data except as described in this policy
- â We do NOT store your BigQuery query results (OAuth mode)
đž Data Storage, Retention & Security
What We Store:
| Data Type | Storage Location | Retention Period |
|---|---|---|
| User Profile (email, name) | Firebase Authentication | Until account deletion |
| OAuth Tokens | Your browser session only | 1 hour (automatic expiration) |
| Project Settings | Firebase Firestore | Until you remove them |
| Alert Preferences | Firebase Firestore | Until you change or delete |
| Usage Logs | Server logs | 30 days |
| BigQuery Query Results (OAuth mode) | NOT STORED | N/A - Not retained |
Security Measures:
- đ Encryption in Transit: All data transmission uses HTTPS/TLS encryption
- đ Encryption at Rest: Firebase and Google Cloud Platform encrypt stored data
- đĒ Access Controls: Limited employee access with audit logging
- đ OAuth Security: Industry-standard authentication protocol
- đĄī¸ Regular Security Audits: Ongoing monitoring for vulnerabilities
đ Service Account Security (Optional Features)
If you choose to use server-side features, our service account credentials are:
- â Stored securely with encryption
- â Never exposed to client-side code
- â Rotated regularly for security
- â Limited to read-only BigQuery permissions
âī¸ Your Rights & Control
You have the following rights regarding your data:
1. Access & Portability
You can request a copy of all data we have about you. Contact us at: support@bigquerycostanalyzer.com
2. Correction
You can update your profile information anytime through the Service.
3. Deletion (Right to be Forgotten)
You can request account deletion by:
- Logging out and requesting deletion via email
- Revoking OAuth access from your Google Account settings
We will delete your data within 30 days, except where required by law to retain it.
4. Revoke BigQuery Access
OAuth Access: Revoke from Google Account Permissions
Service Account Access (if granted): Remove our service account from your GCP IAM settings
5. Opt-Out of Alerts
You can disable email/SMS alerts anytime through the Service settings.
6. Data Portability
Request your data in a machine-readable format (JSON) by contacting us.
â Immediate Revocation
Revoking OAuth access or removing our service account from IAM immediately terminates our ability to access your BigQuery data. No waiting period.
đ¤ Data Sharing and Disclosure
â We Do NOT Sell Your Data
We never sell, rent, or trade your personal information or Google user data to third parties for marketing or any other purposes.
Who We Share Data With
We share limited data with the following parties solely for operational purposes:
| Third Party | Data Shared | Purpose |
|---|---|---|
| Google Cloud Platform | OAuth tokens, BigQuery query metadata, project IDs | To access and analyze your BigQuery data as authorized by you |
| Firebase (Google) | Email address, user ID, alert preferences, cost summary data | User authentication, storing your preferences and settings |
| Anthropic Claude AI | SQL query text (anonymized), query analysis results | To provide AI-powered query optimization recommendations |
| Twilio (Optional) | Phone number, cost alert messages | To send SMS/WhatsApp alerts if you enable this feature |
Data Processing, Not Selling
The data shared with third parties is used exclusively to:
- â Provide the core functionality of our service
- â Process your queries and generate cost predictions
- â Store your preferences and settings
- â Send alerts you explicitly request
- â Improve service performance and reliability
We Do NOT Share:
- â Your actual BigQuery data content or query results
- â Your billing information or payment details
- â Your data with advertisers or marketers
- â Your data for purposes unrelated to service functionality
- â Personal information without your explicit consent
Legal Disclosure
We may disclose your information if required by law, such as:
- In response to valid legal requests (subpoenas, court orders)
- To protect our rights, property, or safety
- To protect the rights, property, or safety of our users or others
- To prevent fraud or security issues
đ Your Control
You can stop data sharing at any time by:
- Revoking OAuth permissions in your Google account
- Removing our service account from your GCP IAM
- Uninstalling the Chrome extension
- Logging out of the service
đ Third-Party Services
We use the following third-party services:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Google Cloud Platform | BigQuery API access and OAuth authentication | View Policy |
| Firebase | User authentication and data storage | View Policy |
| Twilio (Optional) | SMS alerts (if you enable this feature) | View Policy |
Note: These third-party services have their own privacy policies. We encourage you to review them.
đļ Children's Privacy
Our Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately and we will delete it.
đ International Users & Data Transfers
Our Service is hosted on Google Cloud Platform, which may store data in various regions worldwide. By using the Service, you consent to the transfer of your data to these locations.
GDPR Compliance (EU Users): If you are in the European Economic Area (EEA), you have additional rights under GDPR, including:
- Right to access your personal data
- Right to rectification and erasure
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to lodge a complaint with a supervisory authority
âī¸ Legal Basis for Processing (GDPR)
We process your personal data under the following legal bases:
- Consent: You explicitly consent by logging in with OAuth and granting permissions
- Contract: Processing necessary to provide the Service you requested
- Legitimate Interests: Improving service quality and security (balanced against your privacy rights)
- Legal Obligation: Compliance with applicable laws and regulations
đ Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on this page
- Updating the "Last Updated" date at the top
- Sending an email notification (for significant changes)
Your continued use of the Service after changes constitutes acceptance of the updated policy.
â ī¸ Limitation of Liability
đ¨ Important Legal Information
THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND.
To the maximum extent permitted by law:
- No Warranty: We make no warranties regarding the accuracy, reliability, or availability of cost predictions or analysis
- Your Responsibility: You are solely responsible for your BigQuery costs and usage decisions
- No Liability for Costs: We are not liable for any BigQuery costs incurred based on our analysis or recommendations
- Data Security: While we use industry-standard security, we cannot guarantee absolute security
- Third-Party Actions: We are not responsible for actions of third parties (Google, Firebase, etc.)
- Service Interruptions: We are not liable for service downtime or interruptions
Maximum Liability: Our total liability shall not exceed the fees paid by you (if any) in the 12 months preceding the claim.
đĄī¸ Indemnification
You agree to indemnify and hold harmless BigQuery Cost Analyzer, its operators, and affiliates from any claims, damages, or expenses arising from:
- Your use or misuse of the Service
- Your violation of this Privacy Policy or Terms of Service
- Your violation of any third-party rights
- Any BigQuery costs incurred in your projects
đ§ Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your data:
Email: support@bigquerycostanalyzer.com
Response Time: We aim to respond within 72 hours
Data Protection Officer (if required): privacy@bigquerycostanalyzer.com
For security vulnerabilities, please email: security@bigquerycostanalyzer.com
â Your Acceptance
By using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.
If you do not agree, you must discontinue use of the Service immediately.