Skip to content

OAuth scope justifications

Effective: 2026-06-04. Last updated: 2026-06-04.

NitroxBrain is a conversational AI assistant that helps you act on the data in the tools your team already uses. To do that, the Service requests authorisation against Google, Microsoft, and other platforms via standard OAuth flows. This page is the canonical justification for every Google OAuth scope NitroxBrain requests, written so you and your IT / security team can verify that we ask for the minimum needed to deliver the features you signed up for.

The Service requests nine OAuth scopes from your Google account. Seven are classified by Google as sensitive, and two as restricted (which trigger an additional CASA security assessment by Google’s App Defense Alliance). All nine are listed below with what they let the Service do, what we deliberately don’t do, what alternatives we considered, and how the data is protected.

At a glance

#ScopeTierWhat it lets the Service do
1gmail.modifyRestrictedRead messages on demand; create drafts (never auto-send)
2gmail.settings.basicSensitiveRead your send-as identities to compose from the right address
3calendarSensitiveRead your schedule; create / edit / delete events on your confirmation
4driveRestrictedRead files on demand; create / edit files on your request
5drive.activity.readonlySensitiveAnswer “who edited what?” for files you reference
6documentsSensitiveRead / write Google Docs content
7spreadsheetsSensitiveRead / write Google Sheets content
8contacts.readonlySensitiveLook up contacts to resolve names to email addresses
9contacts.other.readonlySensitiveSame, for auto-collected contacts

Cross-cutting protections

Before the per-scope detail, three properties apply to every Google scope we use:

  1. No batch processing. The Service does NOT crawl, index, or pre-fetch your Gmail or Drive content. Every API call is bounded by an explicit message you send in chat, within the same conversation turn.
  2. No content persistence beyond chat history. Email bodies, file content, spreadsheet cells, and contact details are loaded into the AI model’s context for one conversation turn, then discarded.
  3. Per-user isolation. Each NitroxBrain user runs on a dedicated isolated compute instance with a dedicated encrypted storage vault. User A’s data is technically unreachable from user B’s instance.

1. Gmail: read messages + create drafts

Scope: https://www.googleapis.com/auth/gmail.modify (Restricted)

What the Service does with this scope:

NitroxBrain reads Gmail messages on demand to answer questions like “what did Marie say about the Q3 deadline?” and creates draft emails on your behalf when you say “draft a reply confirming the meeting”. Drafts are never auto-sent — you review and confirm every send through the chat interface. Read access is strictly request-driven: the Service does not poll your inbox, does not index it, and does not store message bodies anywhere. Messages are fetched, used to generate a response, and discarded within the same turn. You retain full control via the Gmail web UI, where drafts created by NitroxBrain appear before send.

Alternatives we considered and rejected:

  • gmail.compose would allow draft creation + send but not message read. Rejected because features like “find that email”, “summarise this thread”, and “reply with the same tone as the last message” require read access.
  • gmail.readonly would allow read but not draft creation. Rejected because draft creation is a core feature.
  • gmail.send would allow send without review. Rejected because auto-send without your review is the wrong UX for a personal assistant.
  • https://mail.google.com/ (full Gmail) would grant everything including settings, filters, and label management. Rejected because it is broader than needed.

2. Gmail: read send-as identities

Scope: https://www.googleapis.com/auth/gmail.settings.basic (Sensitive)

What the Service does with this scope:

NitroxBrain reads your list of send-as alias identities so that when you have multiple addresses configured (e.g. a personal address and a work address), the Service composes replies from the correct identity. This scope only reads the alias list — it does NOT modify settings, filters, vacation responders, or any other Gmail configuration. Used at draft-creation time, never persisted.

Alternatives we considered: No narrower scope exists. The gmail.modify scope does not grant settings access.

3. Calendar: read + write events

Scope: https://www.googleapis.com/auth/calendar (Sensitive)

What the Service does with this scope:

NitroxBrain reads your calendar to answer scheduling questions like “what’s my Friday afternoon look like?” and “when am I free this week?”, and writes events on your behalf when you ask the bot to book or modify meetings. All writes require your explicit confirmation in chat. The Service does NOT auto-accept invitations, auto-decline, or modify events without your instruction. Calendar content is used for one conversation turn then discarded; nothing is indexed or stored.

Alternatives we considered and rejected:

  • calendar.events.readonly would block the write features (meeting creation, edits) — core to the assistant role.
  • calendar.events.owned would block reading events on shared calendars (typical in coaching workflows where the user references a shared client calendar).
  • calendar.freebusy would block reading event content — needed to answer “what’s that 14:00 meeting about?“.

4. Drive: read + write files

Scope: https://www.googleapis.com/auth/drive (Restricted)

What the Service does with this scope:

NitroxBrain reads and writes Google Drive files on your behalf as part of your conversational workflow. Read access powers questions like “find the proposal I sent Acme last month” and “summarise the Q3 report”. Write access powers actions like “create a one-page doc covering these three bullet points” and “add a paragraph about Q4 to the existing proposal”. The Service does NOT crawl, index, or batch-process your Drive — every access is user-query-driven within one turn. File content is used in the AI model’s context for one turn then discarded; nothing is persisted in NitroxBrain databases beyond your chat history. File writes are visible immediately in your Drive web UI, and you can roll back via Drive’s version history.

Alternatives we considered and rejected:

  • drive.file (per-file access via picker UI) is Google’s recommended “minimal” Drive scope, but it requires you to explicitly pick files via Google’s Drive picker UI in a browser. NitroxBrain’s chat-based UX has no browser surface to present that picker — you type a description and the bot finds the file. Rejected because it would break the core conversational flow.
  • drive.readonly would block the write features.
  • drive.appdata only grants access to a per-app folder, not to user-visible Drive content — rejected as the wrong scope for this use case.
  • drive.metadata would block content-summarisation features.

5. Drive activity: read-only

Scope: https://www.googleapis.com/auth/drive.activity.readonly (Sensitive)

What the Service does with this scope:

NitroxBrain reads Drive activity logs to answer questions like “who edited this file last week?” and “what changed in the proposal yesterday?”. This is a strictly read-only scope used to enhance file-related Q&A. No activity is logged or persisted by the Service.

Alternatives we considered: None — Drive Activity API is the only way to surface this information.

6. Google Docs: read + write content

Scope: https://www.googleapis.com/auth/documents (Sensitive)

What the Service does with this scope:

NitroxBrain reads and writes Google Docs content on your behalf. Read access powers summarisation (“summarise this meeting notes doc”) and Q&A (“what did we decide about X?”). Write access powers content creation (“draft a one-pager covering these points”) and edits (“add a paragraph about Y at the end”). All writes are user-initiated; the Service does not auto-modify docs.

Note on scope minimisation: the Restricted drive scope above is a technical superset that authorises Docs API endpoints. We declare documents explicitly so it is visible to your security team that we use the Docs-specific scope and not just Drive’s broader authority.

7. Google Sheets: read + write content

Scope: https://www.googleapis.com/auth/spreadsheets (Sensitive)

What the Service does with this scope:

NitroxBrain reads and writes Google Sheets content on your behalf. Read access powers spreadsheet Q&A (“what’s the total in column D?”). Write access powers row appends (“log today’s hours to the timesheet”), new sheet creation (“create a sheet to track this project’s expenses”), and structured updates. All writes are user-initiated.

Note on scope minimisation: as with documents, the Restricted drive scope is technically a superset. We declare spreadsheets explicitly for the same least-privilege clarity reason.

8. Contacts: read-only

Scope: https://www.googleapis.com/auth/contacts.readonly (Sensitive)

What the Service does with this scope:

NitroxBrain looks up your contacts to resolve names to email addresses before drafting emails (“draft an email to Marie”) and to populate meeting invitations (“book a slot with Marie”). This scope is strictly read-only — the Service never modifies contacts. Contact data is used at lookup time then discarded; nothing is persisted in NitroxBrain databases.

Alternatives we considered: None — contact-name lookup is unavoidable for email and meeting drafting workflows.

9. Other contacts: read-only (auto-collected)

Scope: https://www.googleapis.com/auth/contacts.other.readonly (Sensitive)

What the Service does with this scope:

NitroxBrain looks up “other contacts” — people Google auto-collects when you email someone not in your explicit contact list — to resolve names to email addresses. This covers business colleagues whose addresses live in your email history rather than your explicit contact list, a very common pattern. Strictly read-only; same data-handling as contacts.readonly.

Scopes we deliberately DO NOT request

To make scope minimisation visible, here are the Google scopes that the Service does NOT request, and why:

ScopeWhy we don’t request it
https://mail.google.com/ (full Gmail)Too broad — gmail.modify covers our needs
gmail.metadataToo narrow — blocks body-read for summarisation
gmail.labelsNot used — the Service doesn’t categorise / label emails
gmail.sendAuto-send without review is wrong UX
calendar.events.ownedInsufficient — users frequently reference events on shared calendars
calendar.events.readonlyBlocks the meeting-creation feature
drive.metadataToo narrow — blocks content-summarisation
drive.file (picker UI)No browser picker surface in chat UX
drive.appdataWrong scope — restricts to a per-app folder, not your Drive
drive.scriptsNot used — the Service doesn’t execute Apps Script
tasksNot used — Google Tasks is not integrated
keepNot used — Google Keep is not integrated
analytics.readonlyNot used — no Google Analytics integration
userinfo.profileNot used — the Service doesn’t access profile photo / display name
cloud-platformNever — would be massive over-reach

Restricted scopes: the CASA assessment

The two Restricted scopes (gmail.modify and drive) require Google’s Cloud App Security Assessment (CASA), a third-party security review of how the Service handles sensitive user data. The relevant security posture is summarised here and detailed in the publicly-disclosed security policy at https://github.com/NitroX-Consulting/NitroxBrain/blob/main/SECURITY.md:

  • EU residency. All compute and storage runs in Google Cloud europe-west1 (Belgium) and AWS Lightsail eu-west-3 (Paris).
  • TLS-only transport. Every connection uses TLS 1.2+; the database server is configured to refuse plaintext connections (verified 2026-06-04).
  • Five-header pack on every TLS response (HSTS, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy).
  • At-rest encryption. AES-256 on every storage tier; per-user encryption keys on the most sensitive material.
  • Tamper-evident audit log. Every operator-side access to user data via the impersonation surface is recorded in a hash-chained audit table with 7-year WORM offsite retention.
  • Per-user isolation. Dedicated isolated compute instance per user; cross-user data paths are architecturally impossible.
  • CVE / SBOM scanning on every deploy + nightly + per-PR (B49, shipped 2026-06-02).
  • No model training on your data. Your data is not used to train any general-purpose AI model.
  • No data sale. We do not sell or rent your data, nor share it with third parties for marketing.

The detailed self-assessment is available on request at security@nitroxconsulting.com.

Revoking access

You can revoke NitroxBrain’s access to any connected platform at any time:

  • Google: Account → Security → “Your connections to third-party apps & services” → NitroxBrain → Remove access.

Revocation takes effect immediately on the provider side and is detected by the Service on the next interaction. After revocation, the Service can no longer read or write any data in that Google account.

Microsoft 365 + Slack + Trello + HubSpot

The Service also requests OAuth scopes on Microsoft 365, Slack, Trello, and HubSpot. The justification structure for those scopes mirrors this page; the per-scope inventory will be added as those integrations move into the production-verified flow. Reach out at support@nitroxbrain.com if you need the inventory before it lands here.

Contact