When you sign up to YNAW, you are asked to accept the following authorizations:
See, edit, create, and delete all of your Google Drive files
|This scope is required to perform the following actions:|
See and download your contacts
View and manage your Google Docs documents
|This scope enables you to link to other Google docs from a YNAW page.|
At no point can the YNAW server view or access your files.
All requests to the Google Drive API are done through the Google Client API. Which means your data is securely accessed by your browser, the server never see's it or has access to it.
If you are particularly curious, feel free to open up the network tab. There is an initial server call to
/api/user to authorize the user. But otherwise all network requests to Drive are made using
YNAW can move files to trash if you click to "remove" on that file, it does not delete files permanently.
In order to share projects with your team members YNAW needs access to the files in your shared folder. Full access is required to access the shared folder.
It also is required for files that are not explicitly created by the app (if you copy a new file/folder into the YNAW folder). Apart from those 2 specific cases, all operations fall within the YNAW folder and do not need access to files outside the YNAW folder.
Google has audited the YNAW application to confirm that it is secure.
The audit includes a detailed list of the permissions that YNAW requires as well as actions that YNAW performs. Google also signs into the app to test the funcitonality.
Your data is stored in a Google Firebase database. It is stored securely using Firebase's recommended security settings.