Information & Disclosure for Gmail Users
Limited Use Disclosure
Zaplify’s use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Justification for restricted API-scopes that Gmail users can choose to grant Zaplify access to, inside the Zaplify App
Zaplify uses the “https://www.googleapis.com/auth/gmail.send”-scope in order to send emails (including email replies).
- The reason a narrower scope would not be sufficient is because: Zaplify needs the ability to send emails for providing the productivity value the Zaplify web app should offer. According to Google Gmail API documentation the “gmail.send”-scope is the least restricted scope that allows for sending emails.
Zaplify uses the “https://www.googleapis.com/auth/gmail.metadata”-scope in order to view headers of emails (messages) on a thread that was previously created through the API via the “gmail.send”-scope. Through the headers Zaplify determines sender(s), recipient(s), the Message-ID and References (see RFC 2822 standards) to be able to reply to a thread.
- Zaplify will not store nor log any contents of the email body. Zaplify only looks if there is a result or not, for a given query (i.e. the “boolean value”).
- Zaplify will only read headers and metadata from emails.
- The reason a narrower scope would not be sufficient is because: Zaplify needs the ability to view email headers for providing the feature to determine if a reply has been received from a specific email-address. Reply-determiniation is used by zaplify to not send any emails to any recipient that has already replied to the user. According to Google Gmail API documentation the “gmail.metadata”-scope is the least restricted scope that allows for reading the header and metadata information in emails.
Further information & details
For further information or details, please contact firstname.lastname@example.org.