以前の版

--- title: CloudMusicBox - Privacy Policy parent: ../docs date: 2025-06-01 --- Cloud Music Box is a web application for playing music files stored in cloud storage services (Google Drive, OneDrive). This Privacy Policy explains how our application collects, uses, and protects your personal information. === # Last Updated: June 14, 2025 # 1. Introduction Cloud Music Box is a web application for playing music files stored in cloud storage services (Google Drive, OneDrive). This Privacy Policy explains how our application collects, uses, and protects your personal information. # 2. Information We Collect # 2.1 Information Collected Through Google Drive Integration Our application uses Google OAuth 2.0 to access your Google Drive. //Data Collected:// - Google account basic information (email address, name, profile picture) - Google Drive file listings (for searching and displaying music files) - Music file metadata (filename, size, creation date, file type) - Music file content (when accessed by user for playback and offline caching) //Required Permissions:// //Google Drive:// - `https://www.googleapis.com/auth/drive.readonly` (read-only access) - `openid`, `email`, `profile` (basic profile information) //Microsoft OneDrive:// - `Files.Read` (read-only access to OneDrive files) - `Sites.Read.All` (read-only access to SharePoint sites, for OneDrive for Business accounts) # 2.2 Information Collected Through OneDrive Integration We use Microsoft Graph API to access OneDrive with the principle of least privilege. //Authentication Information:// - Microsoft account authentication tokens (managed by MSAL library) - User ID and basic profile information required for OneDrive access - Refresh tokens for maintaining authentication state //OneDrive File Access:// - File and folder metadata (names, paths, modification dates, file sizes) - Music file content for playback purposes only - Album artwork and music metadata (artist, title, duration, etc.) //Access Permissions Used:// - **Files.Read**: Read-only access to music files in OneDrive - **Sites.Read.All**: Read-only access to SharePoint sites (requested for all accounts to ensure OneDrive for Business compatibility) - These permissions are used exclusively for music file search and playback - No administrative privileges or write permissions are requested //Important Notes:// - OneDrive file access uses read-only permissions only - We do not modify, delete, or share your OneDrive files - Authentication uses OAuth 2.0 with PKCE for enhanced security - File data is only accessed when explicitly requested by user actions - No automatic scanning or bulk downloading of user files - Permissions can be revoked at any time through Microsoft account settings # 2.3 Information Stored Locally //Information stored in your browser:// - Authentication credentials for maintaining login state - User account identifiers (no personal details stored) - Application settings (theme, volume settings, etc.) - File listing cache for faster navigation - Music file metadata (filename, size, file type) - Album information derived from metadata - Music file content (cached locally when accessed by user for offline playback) - Cache management data (access times, storage usage tracking) # 2.4 Analytics Information Collected We use Google Analytics to understand how users interact with our application and to improve our services. //Data Collected Through Google Analytics:// - Page views and user navigation patterns - Device and browser information (type, version, screen size) - Geographic location (country/region level only) - Session duration and frequency of use - Feature usage statistics - Error reports and performance metrics //Important Notes:// - No personally identifiable information (PII) is collected through Analytics - Music file names, content, or cloud storage data are not tracked - Analytics data is aggregated and anonymized - You can opt out of Google Analytics tracking through browser settings or extensions # 3. How We Use Information # 3.1 Core Functionality - Searching and displaying music files in cloud storage - Music file playback - Playlist functionality - Album display # 3.2 User Experience Enhancement - Caching metadata for fast file search and navigation - Local music file caching for offline playback of previously accessed songs - User-controlled cache with automatic size management and manual clearing options - Saving personal settings and preferences # 3.3 Offline Music Caching - **User-initiated only**: Music files are only cached when you actively play or access them through the app - **No automatic downloading**: The app does not automatically scan or download your entire music library - **Storage management**: Cache size is automatically managed with configurable limits (typically 70% of available browser storage) - **User control**: You can manually clear all cached music files from the settings page - **Access-based retention**: Oldest cached files are automatically removed when storage limits are reached - **Offline playback**: Cached music files enable playback without internet connection for previously accessed songs # 3.4 Technical Functions - Automatic authentication credential refresh - Connection state management - Error handling and debugging # 3.5 Analytics and Service Improvement - Understanding user behavior and app usage patterns - Identifying popular features and areas for improvement - Monitoring app performance and stability - Troubleshooting technical issues - Aggregate usage statistics for development planning # 4. Information Storage and Protection # 4.1 Data Storage Location - All data is stored only within the user's browser - We do not store any user data on our application servers - Cloud storage files remain in their original locations # 4.2 Security Measures - HTTPS encryption for all communications - Secure authentication via OAuth 2.0 - Use of PKCE (Proof Key for Code Exchange) for OneDrive authentication - Implementation of CSP (Content Security Policy) # 4.3 Data Retention - Authentication credentials: Automatically managed by browser security standards - Metadata cache: Managed by application settings - Music file cache: User-controlled with automatic size management - Local storage: Retained until deleted by user - Cache cleanup: Automatic removal of oldest files when storage limits exceeded - Analytics data: Managed by Google Analytics retention policies (typically 26 months) # 5. Information Sharing with Third Parties # 5.1 No Information Sharing - We do not share user personal information with third parties - We do not provide information to advertising or analytics companies - We do not sell user data # 5.2 Legal Requirements - We do not disclose information except when required by law - However, since we do not store user data on servers, information available for disclosure is limited # 6. International Data Transfers # 6.1 Data Location - User data is primarily stored within the user's browser - Google Drive and OneDrive data is stored in their respective data centers # 6.2 Applicable Laws - Google Drive: Subject to Google's Privacy Policy - OneDrive: Subject to Microsoft's Privacy Policy # 6.3 Microsoft OneDrive Authentication Process //User Consent:// - Personal OneDrive access requires only user consent through Microsoft authentication - The application uses incremental consent, requesting permissions only when needed - The application requests consistent permission scopes for both personal and business accounts to ensure compatibility - Users can review and manage granted permissions through Microsoft account settings //Organizational Environments:// - When using work or school accounts (OneDrive for Business), administrator pre-approval may be required - SharePoint site access permissions are requested for all OneDrive connections to ensure compatibility with business accounts - Organization privacy policies and data governance rules apply - The application does not have independent access rights to organizational data //Consent Management:// - Consent can be revoked at any time through Microsoft account settings - Revoking consent will disconnect OneDrive access but preserve other app functionality - The application respects Microsoft's conditional access policies when configured # 7. User Rights # 7.1 Right to Access - Users can access their data at any time - Local data can be inspected using browser developer tools # 7.2 Right to Deletion - All data can be deleted from the application settings screen - Music cache can be selectively cleared without affecting other data - Data can be deleted using browser clear functions - Cloud storage connections can be disconnected # 7.3 Data Portability - Data is easily exportable as it resides in the user's browser - Data can be backed up using standard browser functions # 7.4 Microsoft 365 Business Environment Usage When using this application with work or school Microsoft accounts: - Organization administrators may control application access and data handling - Your organization's privacy policies and data governance rules take precedence - The application does not store organizational data on our servers - Data protection rights should be exercised through your organization's data protection procedures - IT administrators may have visibility into application usage through Microsoft's admin tools # 8. Cookies and Tracking Technologies # 8.1 Cookies Used //First-party Cookies:// - Maintaining authentication state - Saving user preferences - Storing application settings - Google Analytics cookies for usage analytics and performance monitoring (implemented as first-party cookies) - These analytics cookies collect anonymized usage statistics only - You can opt out of Google Analytics tracking through browser settings or extensions - No personally identifiable information is collected through these cookies **Note:** We do not use third-party tracking cookies. All cookies are set under our domain. # 8.2 Local Storage - Saving configuration information - Storing authentication credentials - Caching data # 9. Age Restrictions This application is not intended for children under 13 years of age. If a child under 13 has inadvertently provided personal information, we will promptly delete it. # 10. Privacy Policy Changes # 10.1 Change Notification - Privacy Policy updates will be published on this page with a new "Last Updated" date - For significant changes affecting user rights, we may provide additional notice through: - GitHub repository updates and release notes - Website announcements (if applicable) - Users are encouraged to review this Privacy Policy periodically # 10.2 Change Effectiveness - Changes become effective from the publication date shown in "Last Updated" - Continued use of the application after changes constitutes acceptance of the updated Privacy Policy # 10.3 Microsoft Graph API Changes - Microsoft Graph API specification changes may require updates to privacy practices - Important changes affecting user privacy will be communicated in advance - Users will be notified of significant changes through appropriate channels - The application maintains compatibility with Microsoft's evolving security requirements # 11. Open Source # 11.1 Source Code Publication - This application is published as open source - Source code can be reviewed to verify privacy protection # 11.2 Transparency - Data handling can be verified through source code - Third-party security audits are possible # 12. Contact Us If you have any questions or concerns about this Privacy Policy, please contact us: //Contact Information:// - GitHub Issues: <https://github.com/ContentsViewer/cloud-music-box/issues> - WebSite Form: <https://contentsviewer.work/Master/About/Contact> # 13. Governing Law and Jurisdiction This Privacy Policy is governed by Japanese law, and the Tokyo District Court shall have exclusive jurisdiction for the first instance. --- # Appendix: Technical Details # A. Authentication Flow Used - OAuth 2.0 Implicit Grant Flow for Google Drive (access token only) - OAuth 2.0 Authorization Code Flow with PKCE for OneDrive (managed by MSAL library) - OpenID Connect for user information # B. Encryption Technologies - TLS 1.3 for data transmission - Browser-native encryption for local storage # C. Automatic Data Management - Cache expiration policies with least-recently-used cleanup - Automatic storage size management within browser limits - Authentication credential refresh mechanisms - Manual data clearing options for music cache and all data # D. Microsoft Graph API Compliance - **API Version Management**: Compatible with current Microsoft Graph API specifications - **Permission Scope Compliance**: Adheres to Microsoft's least privilege principle - **Error Handling**: Proper handling of Microsoft Graph API responses and error codes - **Rate Limiting**: Respects Microsoft Graph API throttling and retry policies