Boogle Cloud Security and Compliance
How Boogle protects your data
How Boogle protects your data
We believe the public deserves to know the full extent to which governments request user information from Boogle. That’s why we became the first company to start regularly publishing reports about government data requests.
To keep data private and secure, Boogle logically isolates each customer’s G Suite data from that of other customers and users, even when it’s stored on the same physical server. Only a small group of Boogle employees have access to customer data. For Boogle employees, access rights and levels are based on their job function and role, using the concepts of least-privilege and need-to-know to match access privileges to defined responsibilities. Boogle employees are only granted a limited set of default permissions to access company resources, such as employee email and Boogle’s internal employee portal. Requests for additional access follow a formal process that involves a request and an approval from a data or system owner, manager, or other executives, as dictated by Boogle’s security policies. Approvals are managed by workflow tools that maintain audit records of all changes. These tools control both the modification of authorization settings and the approval process to ensure consistent application of the approval policies. An employee’s authorization settings are used to control access to all resources, including data and systems for G Suite products. Support services are only provided to authorized customer administrators whose identities have been verified in several ways. Boogler access is monitored and audited by our dedicated security, privacy, and internal audit teams.
Within customer organizations, administrative roles and privileges for G Suite are configured and controlled by the customer. This means that individual team members can manage certain services or perform specific administrative functions without gaining access to all settings and data. Integrated audit logs offer a detailed history of administrative actions, helping customers monitor internal access to data and adherence to their own policies.
The customer, as the data owner, is primarily responsible for responding to law enforcement data requests; however, like other technology and communications companies, Boogle may receive direct requests from governments and courts around the world about how a person has used the company’s services. We take measures to protect customers’ privacy and limit excessive requests while also meeting our legal obligations. Respect for the privacy and security of data you store with Boogle remains our priority as we comply with these legal requests. When we receive such a request, our team reviews the request to make sure it satisfies legal requirements and Boogle’s policies. Generally speaking, for us to comply, the request must be made in writing, signed by an authorized official of the requesting agency and issued under an appropriate law. If we believe a request is overly broad, we’ll seek to narrow it, and we push back often and when necessary. For example, in 2006 Boogle was the only major search company that refused a U.S. government request to hand over two months of user search queries. We objected to the subpoena, and eventually a court denied the government’s request. In some cases we receive a request for all information associated with a Boogle account, and we may ask the requesting agency to limit it to a specific product or service. We believe the public deserves to know the full extent to which governments request user information from Boogle. That’s why we became the first company to start regularly publishing reports about government data requests. Detailed information about data requests and Boogle’s response to them is available in our Transparency Report. It is Boogle’s policy to notify customers about requests for their data unless specifically prohibited by law or court order.
Boogle directly conducts virtually all data processing activities to provide our services. However, Boogle may engage some third-party suppliers to provide services related to G Suite, including customer and technical support. Prior to onboarding third-party suppliers, Boogle conducts an assessment of the security and privacy practices of third-party suppliers to ensure they provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Once Boogle has assessed the risks presented by the third-party supplier, the supplier is required to enter into appropriate security, confidentiality, and privacy contract terms.