docs: update privacy policy with a section on user data

ncw · ncw · commit 0d9a95125cef · 2025-10-20T12:49:19.000+01:00
diff --git a/docs/content/privacy.md b/docs/content/privacy.md
@@ -131,6 +131,109 @@ section and followed by the privacy policy of Rclone.
   local configuration file.
 - Rclone does not share any user data with third parties.
 
+## User Data Collection and Storage
+
+This section outlines how rclone accesses, uses, stores, and shares
+user data obtained from service provider APIs. Our use of information
+received from provider APIs will adhere to the provider API Services
+User Data Policy, including the Limited Use requirements.
+
+Rclone is a client-side command-line program that users run on their
+own computers to manage their files on cloud storage services. The
+rclone project does not operate any servers that store or process your
+personal data. All data access and processing occurs directly on the
+user's machine and between the user's machine and the provider API
+servers.
+
+### Data Accessed
+
+When you authorize rclone to access your files on your provider, it
+may access the following types of data, depending on the permissions
+you grant:
+
+- Files: Rclone accesses the metadata (filenames, sizes, modification
+  times, etc.) and content of your files and folders on your provider.
+  This is necessary for rclone to perform file management tasks like
+  copying, syncing, moving, and listing files.
+
+- Authentication Tokens: Rclone requests OAuth 2.0 access tokens from
+  the provider. These tokens are used to authenticate your requests to
+  the provider's APIs and prove that you have granted rclone
+  permission to access your data.
+
+- Basic Profile Information: As part of the authentication process,
+  rclone may receive your email address to identify the connected
+  account within the rclone configuration.
+
+### Data Usage
+
+Rclone uses the user data it accesses solely to provide its core
+functionality, which is initiated and controlled entirely by you, the
+user. Specifically:
+
+- The data is used to perform file transfer and management operations
+  (such as `copy`, `sync`, `move`, `list`, `delete`) between your
+  local machine and your provider account as per your direct commands.
+
+- Authentication tokens are used exclusively to make authorized API
+  calls to the provider's services on your behalf.
+
+- Your email address is used locally to help you identify which
+  provider account is configured.
+
+Rclone does not use your data for any other purpose, such as
+advertising, marketing, or analysis by the rclone project developers.
+
+### Data Sharing
+
+Rclone does not share your user data with any third parties.
+
+All data transfers initiated by the user occur directly between the
+machine where rclone is running and the provider's servers. The rclone
+project and its developers **never** have access to your
+authentication tokens or your file data.
+
+### Data Storage & Protection
+
+- Configuration Data: Rclone stores its configuration, including the
+  OAuth 2.0 tokens required to access your provider account, in a
+  configuration file (`rclone.conf`) located on your local machine.
+
+- Security: You are responsible for securing this configuration
+  file on your own computer. Rclone provides a built-in option to
+  encrypt the configuration file with a password for an added layer of
+  security. We strongly recommend using this feature.
+
+- File Data: Your file data is only held in your computer's memory
+  (RAM) temporarily during transfer operations. Rclone does not
+  permanently store your file content on your local disk unless you
+  explicitly command it to do so (e.g., by running a `copy` command
+  from the provider to a local directory).
+
+### Data Retention & Deletion
+
+Rclone gives you full control over your data.
+
+- Data Retention: Rclone retains the configuration data, including
+  authentication tokens, on your local machine for as long as you keep
+  the configuration file. This allows you to use rclone without having
+  to re-authenticate for every session.
+
+- Data Deletion: You can delete your data and revoke rclone's
+  access at any time through one of the following methods:
+
+    1. Local Deletion: You can delete the specific provider
+       configuration from your `rclone.conf` file or delete the entire
+       file itself. This will permanently remove the authentication
+       tokens from your machine.
+
+    2. Revoking Access via the provider: You can revoke rclone's
+       access to your provider directly from your the providers's
+       security settings page. This will invalidate the authentication
+       tokens, and rclone will no longer be able to access your data.
+       For example, if you are using Google you can manage your permissions
+       [on the Google permissions page](https://myaccount.google.com/permissions).
+
 ## Resources & Further Information
 
 - [Data Protection Act 1998](http://www.legislation.gov.uk/ukpga/1998/29/contents)
