See how G Suite Marketplace apps access your data

When you grant data access to a G Suite Marketplace app, you give it API access to specific data like your Calendar and Contacts. The app (and by extension, the vendor) is able to view and store that data. Because your data is then available outside the boundaries of your domain, it's critical that you trust the security mechanisms implemented by the app and the vendor.

Apps may also access identity-related information about your users (for example, username, name, email address) through standard programmatic access. In no case should third-party apps have access to any of your domain passwords.

Review data access requirements for an app

You can review the data access requirements for an app during or after installation.

During installation

When you install an app, you’ll confirm the types of data access required by the app to function properly.

After installation

After you install an app, you can see the types of data access required by the app on the app’s settings page.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Appsand thenG Suite Marketplace apps.
  3. Click an app.
    The app’s configuration page opens.
  4. Under Data access, you can view what type of data is accessed by the app. (This information is provided by the developer and may not be present for all access types.)

If an app, after initial deployment, requires additional data access beyond what was originally requested, you're notified under Data access. You can grant or deny the additional access.

Data retention policies
The data-retention policy for each app is governed by that vendor's Terms of Service.
Risks associated with an app reading your data
The biggest risk with exposing your data to read-only APIs is that the vendor can expose your data to other parties. Be sure to read the privacy policy and Terms of Service provided by the vendor. These documents should describe exactly how the vendor intends to handle your data. In some cases, apps may copy your data into the vendor’s systems, so make sure you understand and trust the security of the app in these circumstances.
Risks associated with an app having write access to your data

Apps that have write access to your domain’s data can change or delete that data. Make sure you trust that the vendor has thoroughly tested the application before you allow it to edit your data.

The more data that an app has access to, the more your risk can increase. For example, an app that only writes to your contacts could be considered less risky than an application that writes to your contacts and calendar. Weigh the benefits of an app against the scope of data access the vendor requests.

Denying an app access to your data
Without the required access to data, the app may not be able to deliver the functionality you wanted. Communicate with the vendor to understand the full ramifications of not granting data access. Learn how to change the settings for an app.
Was this helpful?
How can we improve it?