Google Access Explanation

Requested Google Scopes

How Access Is Used

• Access is initiated by the user through Google OAuth.
• The app processes only the data required for invoice collection and storage.
• Users can revoke access at any time from their Google Account permissions page.
• The app is intended for invoice and receipt organization only.

User Controls

• Users decide which Gmail account to connect.
• Users decide which search rules the app uses to find invoice emails.
• All Drive uploads go into a single app-managed Invoice Collector folder at the root of the user's Drive; the user can rename, move, or delete that folder at any time from Google Drive.
• Users can disconnect and reconnect their Google accounts at any time.

Scope Classification Summary

For the Google OAuth verification reviewer, the exact scope classifications used by this app are:

• https://www.googleapis.com/auth/gmail.readonly — Restricted. Justification: read invoice/receipt emails and attachments matching user-defined collection rules. Read-only; the app never sends, deletes, modifies, or forwards email.
• https://www.googleapis.com/auth/drive.file — Non-sensitive. Justification: the app creates one Invoice Collector folder in the user's Drive and writes only files it creates itself into that subtree. It cannot see or list other Drive files.
• https://www.googleapis.com/auth/userinfo.email — Non-sensitive. Justification: identify the connected Google account so the app can persist the link to the correct Invoice Collector user record.

Because the Gmail scope is restricted, verification includes a CASA Tier 2 security assessment. The drive.file scope does not require a security assessment on its own.

Support

Questions about Google access, privacy, or account connections can be sent to nir.ashkenazi88@gmail.com.

Related pages:

• Privacy Policy
• Terms of Service
• Security Overview