Privacy Policy
Casacorvus ("we", "us", "our") is a cloud automation platform that helps users deploy and manage private networking infrastructure on their own Google Cloud Platform accounts. We are committed to protecting your privacy and handling your data with full transparency. This Privacy Policy explains what data we access, how we use it, and the rights you have over it.
1. Overview
Casacorvus is a client-side web application. All Google Cloud API calls are made directly from your browser to Google's servers using your own OAuth access token. We do not operate backend servers that proxy, intercept, or store your Google Cloud API requests or responses.
Architecture: Casacorvus runs entirely in your browser. Your Google credentials never leave your device, and all cloud operations are executed directly between your browser and Google's APIs.
2. Google API Scopes and Data Access
When you sign in to Casacorvus, we request access to the following Google OAuth scopes. Each scope is essential for the application to function:
Data accessed: Your Google account email address
Purpose: User authentication and account identification
Data accessed: Compute Engine instance data (names, zones, status, serial port output)
Purpose: This scope is required to perform the following operations on behalf of the user:
- Create Compute Engine virtual machine instances
- List, start, stop, and delete VM instances
- Read VM serial port output (to monitor deployment progress)
- Create firewall rules for the deployed servers
Why this scope? The compute scope grants read+write access to Compute Engine only. It does NOT grant access to BigQuery, Cloud Storage, IAM, or any other GCP service. We intentionally chose this narrow scope instead of the broad cloud-platform scope to follow the principle of least privilege.
Data accessed: Billing account names, billing account status, project-to-billing-account linkage
Purpose: This scope is required because:
- Compute Engine requires an active billing account to create VM instances
- The application checks whether the user's GCP project has billing enabled before attempting VM creation
- If billing is not linked, the application programmatically links an available billing account to the project
- Without this scope, VM creation fails with "Billing must be enabled" error
Why not a narrower scope? The cloud-billing.readonly scope would allow checking billing status but would NOT allow linking a billing account to a project — a required step for new users whose projects do not yet have billing configured.
Data accessed: GCP project names, IDs, and status
Purpose: This scope is required to:
- List the user's Google Cloud projects so they can choose where to deploy
- Check project status (active, pending deletion, etc.)
Data accessed: API enablement status for the selected project
Purpose: This scope is required to:
- Enable the Compute Engine API in the user's project (required before creating VMs)
- Enable the Cloud Resource Manager API
- Enable the Cloud Billing API
Why this scope? New GCP projects do not have Compute Engine API enabled by default. This scope allows the application to enable only the required APIs — it does NOT grant access to any compute, storage, or data resources.
Least Privilege Architecture: Casacorvus intentionally does NOT request the broad cloud-platform scope. Instead, we use four narrow, purpose-specific scopes that limit access to only the GCP services required for the application's functionality. This means Casacorvus cannot access BigQuery, Cloud Storage, IAM, Pub/Sub, or any other GCP service beyond Compute Engine, Billing, Projects, and API Management.
3. How We Use Your Data
We use the data obtained through Google APIs exclusively for the following purposes:
| Data Category | Usage |
|---|---|
| Email address | Account identification and personalization |
| Compute Engine data | Creating, listing, and managing Compute Engine VM instances running the Outline VPN server |
| Billing data | Verifying and linking billing accounts to enable VM provisioning |
| Project data | Listing and selecting the user's GCP projects for deployment |
| API status data | Checking and enabling required APIs (Compute Engine, etc.) in the user's project |
We do NOT use your data for:
- Advertising, marketing, or retargeting
- Selling or transferring to third parties
- Training AI/ML models
- Credit assessment or lending decisions
- Any purpose unrelated to the application's core functionality
4. Data Storage and Retention
a) OAuth Access Tokens
- Stored only in browser memory (RAM) during your active session
- NEVER written to disk, local storage, cookies, or any persistent storage
- NEVER transmitted to or stored on our servers
- Automatically discarded when you close the browser tab or sign out
b) Personal Account Data (Firebase Firestore)
| Field | Retention |
|---|---|
| Email address | Until account deletion |
| Display name | Until account deletion |
| Account status (free/pro) | Until account deletion |
| Account creation date | Until account deletion |
c) Google Cloud Resource Data
Project IDs, instance names, and configuration data are used transiently during API calls and are NOT stored on our servers. All Google Cloud API responses are processed in your browser and discarded after rendering.
5. Data Sharing and Third-Party Disclosure
We do NOT sell, trade, rent, or otherwise transfer your personal data or Google API data to any third party.
Prohibited transfers: We do NOT transfer data to advertising platforms, data brokers, or information resellers. We do NOT use data for serving ads. We do NOT transfer data for credit-worthiness determination or for lending purposes.
The only third-party services that process your data are operated by Google:
- Google Firebase: Authentication and Firestore database (account data only)
- Google Cloud Platform APIs: Direct browser-to-Google API calls using your own access token
- Outline Protocol by Jigsaw/Google: Open-source networking protocol deployed on user's infrastructure
6. Google API Services User Data Policy Compliance
In accordance with the Limited Use requirements:
- We limit our use of Google API data to providing and improving the user-facing features of Casacorvus
- We do not allow humans to read Google API data unless the user has given affirmative consent, it is necessary for security purposes, or it is required by applicable law
- We do not transfer Google API data except to provide or improve user-facing features, for security purposes, or to comply with applicable law
- All employees, agents, contractors, and successors comply with the Google API Services User Data Policy
7. Security Architecture
Our application is designed around three core security principles:
- Least Privilege: We request only narrow, purpose-specific OAuth scopes (compute, cloud-billing, cloudplatformprojects, service.management) instead of the broad cloud-platform scope. This means Casacorvus cannot access BigQuery, Cloud Storage, IAM, or any other GCP service beyond what is strictly needed.
- Client-Side Execution: All Google Cloud API calls originate from your browser. Our servers never see, relay, or log your cloud requests or responses.
- Zero Knowledge: We have no technical ability to access your VMs, network traffic, or cloud resources. OAuth tokens remain in your browser session memory and are never transmitted to our servers.
8. Your Rights
| Right | Description |
|---|---|
| Access | Request a copy of all personal data we hold about you |
| Rectification | Request correction of any inaccurate data |
| Erasure | Request deletion of your account and all associated data (processed within 30 days) |
| Restrict Processing | Restrict the processing of your data at any time |
| Data Portability | Request your data in a machine-readable format |
| Withdraw Consent | Revoke Google OAuth consent at any time through Google Account Settings |
To exercise any of these rights, contact us at privacy@casacorvus.com.
9. Data Security
- All data in transit is encrypted using TLS 1.3 (HTTPS)
- Firebase Firestore data is encrypted at rest with AES-256
- OAuth tokens exist only in browser memory and are never persisted
- The application is served exclusively over HTTPS via Firebase Hosting
- We follow the principle of least privilege: we use four narrow OAuth scopes instead of the broad cloud-platform scope
- No server-side storage of Google Cloud credentials or API responses
10. Infrastructure Ownership and Zero-Log Policy
Casacorvus does not own, operate, or have access to any network infrastructure deployed by users. All Compute Engine instances run within the user's own Google Cloud account, under the user's full ownership and control.
We have a strict zero-log policy: we never log, track, or store network traffic, visited websites, IP addresses, or any data that passes through user-deployed infrastructure.
11. Children's Privacy
Casacorvus is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will promptly delete such data.
12. Cookies and Local Storage
We use essential browser cookies and local storage solely for Firebase authentication state management and user session persistence. We do NOT use any tracking, advertising, or analytics cookies.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through an updated revision date on this page and in-app notifications. Continued use of the Service after changes constitutes acceptance of the revised policy.
14. Contact Information
Privacy inquiries: privacy@casacorvus.com
General support: support@casacorvus.com
Website: https://casacorvus.com
© 2026 Casacorvus. All rights reserved. · Privacy Policy · Terms of Service