Last updated: 06 Nov 2025

Welcome to My Milestone (“Milestone”, “we”, “us”, “our”). We provide a private, invitation-only workspace for institutions to manage documents, tasks, approvals, user groups, comments, and activity. Google Sign-In and Google Drive connection are required during onboarding so users can securely browse, select, import, and work with files inside Milestone.

Quick navigation

1) Scope & Audience

Milestone is intended for private institutions. Access is by invitation only. This policy covers the core workspace features (tasks, groups, comments, documents, activity) and the required Google Drive integration.

2) Information We Collect

A) Account & Workspace Data

  • Account: name, email, profile image (if provided).
  • Institutional records: tasks, subtasks, due dates, priorities, assignees, approvals, comments, activity logs, user groups, contacts.
  • Local uploads: files you upload (PDF, DOCX, PPTX, XLSX, images, audio) to your institution’s library.
  • Operational logs: minimal metadata for security, troubleshooting, and audit (e.g., timestamps, event types, and—where policy requires—IP).

B) Google OAuth & Drive (Required)

  • Profile basics: name, email, profile picture—used for identity and account provisioning.
  • Drive metadata: when using Google Picker we may read file name, ID, MIME type, and permissions for files you choose to view or import.
  • Content: file content is fetched when you open or import a file. Imported copies are stored within your institution library in Milestone.

We request only the minimum scopes necessary for Sign-In and file selection/handling, and we do not collect Google data beyond what’s needed to provide these features.

3) How We Use Information

  • Provide institutional features: tasks, groups, comments, documents, approvals, activity.
  • Store and display locally uploaded files in your institution library.
  • Show Google Drive files via Picker, enable import, and allow inline viewing/embedding of Docs/Sheets/Slides iframes.
  • Maintain audit trails, security, and service reliability; prevent abuse.
  • Send essential service communications (e.g., security notices).

We do not use your data for advertising, profiling, or resale.

4) Google OAuth & Drive (Required, Limited Use)

Google Sign-In and a Drive connection are required to use Milestone. We comply with the Google API Services User Data Policy (Limited Use). Your Google data is used only for the features described here, is not sold or shared for unrelated purposes, and is not read by humans except for security, compliance, or to provide support you request.

  • Scopes: minimum necessary for authentication and file selection/handling.
  • Picker & Import: Files are imported only when you choose them; otherwise content is not copied. Imported files live in your Milestone library until you remove them.
  • Revocation: You may revoke access in Google Account → Security → Manage third-party access. If revoked, your Milestone account will be inaccessible until Drive is reconnected (required for service operation).

5) Security & Encryption

  • Transport: All traffic uses HTTPS/TLS (TLS 1.2+).
  • At rest: Data stored by Milestone is protected with industry-standard encryption (e.g., AES-256), including imported files and institutional records.
  • Access control: Role-based permissions (Admin/Editor/Viewer).
  • Safeguards: Token protection, least-privilege staff access, logging, and periodic reviews.

6) Sharing & Prohibited Transfers

We do not sell, rent, or share your personal or Google data for unrelated purposes. Essential infrastructure providers (e.g., hosting, email delivery) may process data strictly to operate the service; they do not receive your Google Drive content for their own use.

We never transfer data to third parties for:

  • Targeted, personalized, retargeted, or interest-based advertising
  • Selling to data brokers or information resellers
  • Determining credit-worthiness or lending
  • Unrelated marketing or analytics

We may disclose data only when required by law or to protect the security and integrity of the service.

7) Data Retention & Deletion

  • We retain data only as long as necessary to provide the service and meet legal or compliance obligations.
  • When a retention period ends, data is securely deleted or destroyed from active systems and scheduled backups.
  • Imported files remain in your institution library until you or an authorized admin delete them.

8) Your Controls & Rights

  • Delete local uploads and imported files directly in Milestone.
  • Request deletion of account or institution data (admin approval may apply) by emailing mymilestone.in@gmail.com.
  • Revoke Google access via Google Account settings; note that Milestone requires Drive access, so revocation will disable your access until reconnected.
  • Admins control roles, visibility, and access revocation.

9) Children’s Privacy

Milestone is intended for organizations and adult users. We do not knowingly collect personal data from children under the age of consent in your region.

10) Changes to This Policy

We may update this Policy to reflect improvements or changes in data handling. Updates will be posted here with an updated “Last updated” date.

11) Contact

Questions or requests:

📧 mymilestone.in@gmail.com

Compliance note for Google reviewers

This page is public on our verified domain (/privacy-policy), linked from the homepage header and footer, and details mandatory Google OAuth & Drive usage (Limited Use), encryption, retention & deletion, and prohibited transfers. No login is required to view this page.