'>

Security

Security Overview

How FTM TG2DRIVE BOT protects your data and credentials at every layer.

🛡️

OAuth 2.0 Authorization

We use Google's official OAuth 2.0 authorization framework. Your Google password is entered directly on Google's servers — it is never transmitted to or seen by our service. We receive only a scoped access token.

🔒

Fernet Token Encryption

All Google OAuth access and refresh tokens are encrypted using the Fernet symmetric encryption scheme (AES-128-CBC with HMAC-SHA256) before being written to the database. Tokens are never stored in plaintext.

🌐

HTTPS / TLS Everywhere

All connections between users and our server are made exclusively over HTTPS with TLS. Unencrypted HTTP connections are not accepted. The OAuth redirect URI is HTTPS-only.

🎯

Minimal Drive Scope

We request only the Google Drive API scope required to perform file uploads. We do not request access to read or modify existing Drive files not created by this Service.

🚫

No Background Drive Access

We never scan, read, index, or access your Google Drive in the background. Drive operations are performed only when you explicitly request an upload through the Telegram bot.

🔑

No Password Collection

We never ask for or store your Google password, Telegram password, or any other account password. Authentication is handled entirely through official OAuth flows.

Google Drive Permission Scope

The following Google Drive scope is requested during OAuth authentication:

https://www.googleapis.com/auth/drive

This scope is required to create files and folders in your Google Drive on your behalf. We do not use this access for any purpose beyond uploading files you explicitly request.

ℹ️
In accordance with Google's Limited Use Policy, this access is used solely to perform the file uploads you initiate. No Drive data is read, analyzed, or shared for any other purpose.

What we access vs. what we don't

✓ What we DO

  • Upload files to your specified Drive folder
  • Create new folders in Drive when requested
  • Set file metadata (name, MIME type)
  • Make uploaded files shareable (optional)

✗ What we DON'T do

  • Read or access your existing Drive files
  • Delete files from your Drive
  • Share files without your knowledge
  • Access Drive in the background
  • Store copies of your files on our servers
  • Share your data with third parties

Report a Security Issue

If you discover a security vulnerability or have security concerns, please contact us immediately:

🔐 Report Security Issue