This policy is for the d7x PC Technician’s Productivity Tool software and is not applicable to other software by d7xTech, Inc.
The d7x software can be configured with sensitive information such as email/SMTP or FTP server credentials in order to provide access to certain features. Additionally, d7x can be authorized for access to Google accounts for use with GMail and Google Drive. More on that below.
By default, d7x does not collect or store any such information outside of the d7x folder, and no information is transmitted to our servers or anywhere else without specific actions being taken, more on these below.
d7x Server Usage
When not configured for an alternative (self-hosted FTP or Google Drive), d7x can optionally save your config information to our “dCloud” server by default (via Config Mgmt Portal.)
All d7x configuration archives (which may contain your potentially sensitive configuration settings) are encrypted in an archive created with strong SHA256 encryption using your personal technician password (which you created while activating the software, and it is not shared with d7xTech), so that anyone who somehow gained access to our server could NOT gain access to the data inside your configuration archive (without your technician password.)
You may optionally configure d7x to use your own self-hosted FTP server or Google Drive, instead of using our server for configuration storage, and in this case no information is ever stored on our server by d7x (the exception being your d7x license information, which is generated automatically by the server itself after purchase.)
d7x Internal Email Usage
When d7x is used to email reports and system information, and if d7x is configured to use our internal mail server (default), then any information sent will spend some time (up to 24 hours) on d7x mail servers (currently hosted through Google Workplace.) Unfortunately, this cannot be avoided.
d7xTech does not review information on this email account for any reason (with a possible exception being made for a specific troubleshooting need, though this has never been necessary, and it is not anticipated that it ever will be.)
All email is automatically deleted from this account every 24 hours (deletion occurs at approximately 3am ET.)
If you are uncomfortable with system information from your d7x generated reports sitting on mail servers that you don’t own or control access to, then you may wish to disable this functionality and configure an alternative (your own GMail/Google Workplace account with secure authentication, or your own mail host’s SMTP server) for usage instead of using d7x internal mail; you may also simply choose not to use d7x email functionality.
Google GMail authorization
d7x can be authorized to with your GMail/Google Workplace email account in order to send email on your behalf as part of d7x email functionality.
It is important to note that d7x does NOT request authorization to login to your/GMail’s SMTP server, nor can it read your existing emails from any other method. To be clear, your existing email and Google account data cannot be accessed by d7x in any way. d7x is only authorized to send email using the following Google OAuth2 scope from Gmail API v1 as defined here:
| https://www.googleapis.com/auth/gmail.send | Send email on your behalf |
To confirm, observe that the scope definition (above) appearing on the Google account login prompt after you click the “re(Authorize)” button (in d7x Config on the Servers/Email tab > SMTP Server/Email Options tab.) The scope definition will appear on the Google login page just under the d7x logo, and it will describe what you are giving d7x access to.
After authentication, an access token is stored with the d7x Config, so that d7x does not need you to login to Google every time you use this functionality. More on d7x Config Files here.
Google Drive authorization
d7x can be authorized for use with your Google Drive account for d7x Reports storage, 3rd Party Tools storage for Custom Apps, and even your d7x configuration files and d7x Remote Deployment Tool (d7xRDT.)
Your pre-existing Google Drive data can NOT be accessed in any way by d7x. If you review the authentication scopes you authorize d7x for when you “Sign in with Google” through d7x, you will see that these scopes only allow d7x to access (read, download, or delete) data that d7x creates, but any existing data (put on Google Drive by anyone/anything except d7x itself) cannot be accessed by d7x in any way. This was very intentional, because we don’t want access to your Google Drive files, and I can think of no reason for an integration with such access.
Specifically, when you authorize d7x by the “Sign in with Google” button, d7x requests these Google authentication scopes from Drive API v3 as defined here:
| https://www.googleapis.com/auth/drive.appdata | View and manage its own configuration data in your Google Drive |
| https://www.googleapis.com/auth/drive.file | View and manage Google Drive files and folders that you have opened or created with this app |
To confirm, observe the scope definitions (above) appearing on your Google account login prompt after you click “Sign in with Google” anywhere in d7x Config. The scopes will appear on the Google login page just under the d7x logo, and they describe what you are giving d7x access to.
Note that neither scope will allow d7x access to any files or folders not created by d7x. This is why you must upload any files used for Custom Apps through d7x itself (although they can later be modified/replaced by anyone.)
After authentication, an access token is stored with the d7x Config, so that d7x does not need you to login to Google every time you use this functionality. More on d7x Config Files here.
Microsoft OneDrive authorization
d7x can be authorized for use with your OneDrive account for d7x Reports storage, and possibly other functionality in the future (to the same end as the Google Drive functionality.)
Unfortunately, Microsoft permissions are pretty broad when compared with the narrow scopes that Google allows, and as a result when you grant d7x access to your OneDrive account you are granting d7x full read/write access. This means that technically if d7x were malicious, it could read any file on your OneDrive, overwrite it, or simply delete it.
We do guarantee you that d7x does NOT do anything outside of what you configure it to do, but that may not be good enough for some people, and that is understandable. If this is the case, we highly recommend you use the Google Drive integration instead (look under the “Google Drive authorization” heading above for why that is more secure.)
d7x Bug Reports
When submitting a bug report through d7x, please understand that d7x must collect diagnostic and environmental data from the system it is being run on. This includes information on Windows version, Windows environment details (at most, a Windows username may be present), any installed security products, d7x and various component versions and other operating information, and last and possibly most concerning is the WAN IP you submitted the bug report from (this is used only if your bug report requires troubleshooting a connectivity issue with our dCloud server.)
This information is deleted after the specific issue has been resolved, so it isn’t even kept with our email record of the support incident.
Data Exchanged with our Support Team
Note that any data exchanged in email with our support team is stored in our ticket system and email archives. This data is never deleted. You may make a specific request to remove data from our ticket system, but data cannot be removed once it makes it into our read-only email archives which are generated periodically.
General
d7x does not otherwise collect, store, or transmit any information from your d7x configuration or resulting from d7x usage.
d7xTech, Inc. does not specifically seek to collect any data (either from d7x users or any systems d7x is used on), nor do we store any data other than what is necessary for licensing and support purposes (such as your purchase details, contact email address, and emails from your exchanges with our customer support team.)
An email address provided to d7xTech for any reason is NEVER automatically added to any mailing list.
d7xTech does NOT share customer data (of any type) with 3rd parties under any circumstances.
In addition to the specific information listed here, d7x is also subject to our main Privacy and Data Collection policy.
Please contact us for any clarifications.