Google IdP Privacy Policy

Kona IdP Sync enables enterprise customers to connect Google Workspace as an identity provider for KonaSense. The Integration synchronizes directory information so administrators can assign AI security policies by user, group, and organizational unit.

We use Google data solely to provide and secure the KonaSense Services your organization has subscribed to. We do not use Google user data for advertising, sell it to third parties, or use it to build unrelated consumer profiles.

When a Google Workspace administrator authorizes the Integration, Kona IdP Sync may access the following categories of data, depending on the scopes approved during consent:

• Account profile: name, email address, and profile identifier (via OpenID Connect: openid, email, profile).
• Directory users: user IDs, primary email, name, account status, and organizational unit assignment (Admin SDK Directory API, read-only).
• Directory groups: group names, email addresses, member lists, and membership (Admin SDK Directory API, read-only).
• Organizational units: OU structure used for policy assignment (Admin SDK Directory API, read-only).

We request the minimum scopes required for identity synchronization and policy mapping. We do not access Gmail, Drive, Calendar, or other Google Workspace content unless explicitly enabled in a separate, documented integration.

We use Google user data only to:

• Authenticate and provision users who sign in to KonaSense with Google Workspace.
• Synchronize users, groups, and organizational units for role-based policy enforcement.
• Display directory context to authorized administrators in the KonaSense Control Plane.
• Maintain audit logs of administrative actions related to identity configuration.
• Provide support and troubleshoot integration issues at your organization's request.

KonaSense's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. In summary:

• We use Google user data only to provide or improve user-facing features of KonaSense for your organization.
• We do not transfer Google user data to third parties except as necessary to provide the Services, comply with law, or as part of a merger/acquisition with notice.
• We do not use Google user data for serving advertisements.
• Human access to Google user data is limited to authorized personnel with a legitimate business need (e.g., support at your request, security investigations, or legal compliance).

Google directory data is stored in KonaSense infrastructure using encryption in transit (TLS) and at rest. Access is restricted by role and tenant isolation.

We retain synchronized directory data while the Integration remains active and for a limited period after disconnection to support audit and deprovisioning requirements under your contract. You may request deletion of your organization's data via privacy@konasense.com.

We do not sell Google user data. We may share data with infrastructure and security subprocessors under written confidentiality and data protection obligations, solely to operate the Services.

Your Google Workspace administrator can revoke Kona IdP Sync access at any time:

• In Google Admin Console: Security → Access and data control → API controls → App access control, remove or restrict Kona IdP Sync.
• In KonaSense: disconnect the Google Workspace integration from the Control Plane.
• Individual users can review connected apps at myaccount.google.com/permissions.

After revocation, we stop collecting new Google data and process existing data according to our retention policy.

Depending on your jurisdiction (including LGPD and GDPR), users and administrators may request access, correction, or deletion of personal data processed through the Integration. Submit requests via our contact form or privacy@konasense.com.

We may update this policy when the Integration changes. Material updates will be reflected on this page with a revised Effective Date.

Questions about Kona IdP Sync and Google data handling: privacy@konasense.com. See also our general Privacy Policy and Terms of Service.