OAuth scope justifications
Effective: 2026-06-04. Last updated: 2026-06-04.
NitroxBrain is a conversational AI assistant that helps you act on the data in the tools your team already uses. To do that, the Service requests authorisation against Google, Microsoft, and other platforms via standard OAuth flows. This page is the canonical justification for every Google OAuth scope NitroxBrain requests, written so you and your IT / security team can verify that we ask for the minimum needed to deliver the features you signed up for.
The Service requests nine OAuth scopes from your Google account. Seven are classified by Google as sensitive, and two as restricted (which trigger an additional CASA security assessment by Google’s App Defense Alliance). All nine are listed below with what they let the Service do, what we deliberately don’t do, what alternatives we considered, and how the data is protected.
At a glance
| # | Scope | Tier | What it lets the Service do |
|---|---|---|---|
| 1 | gmail.modify | Restricted | Read messages on demand; create drafts (never auto-send) |
| 2 | gmail.settings.basic | Sensitive | Read your send-as identities to compose from the right address |
| 3 | calendar | Sensitive | Read your schedule; create / edit / delete events on your confirmation |
| 4 | drive | Restricted | Read files on demand; create / edit files on your request |
| 5 | drive.activity.readonly | Sensitive | Answer “who edited what?” for files you reference |
| 6 | documents | Sensitive | Read / write Google Docs content |
| 7 | spreadsheets | Sensitive | Read / write Google Sheets content |
| 8 | contacts.readonly | Sensitive | Look up contacts to resolve names to email addresses |
| 9 | contacts.other.readonly | Sensitive | Same, for auto-collected contacts |
Cross-cutting protections
Before the per-scope detail, three properties apply to every Google scope we use:
- No batch processing. The Service does NOT crawl, index, or pre-fetch your Gmail or Drive content. Every API call is bounded by an explicit message you send in chat, within the same conversation turn.
- No content persistence beyond chat history. Email bodies, file content, spreadsheet cells, and contact details are loaded into the AI model’s context for one conversation turn, then discarded.
- Per-user isolation. Each NitroxBrain user runs on a dedicated isolated compute instance with a dedicated encrypted storage vault. User A’s data is technically unreachable from user B’s instance.
1. Gmail: read messages + create drafts
Scope: https://www.googleapis.com/auth/gmail.modify (Restricted)
What the Service does with this scope:
NitroxBrain reads Gmail messages on demand to answer questions like “what did Marie say about the Q3 deadline?” and creates draft emails on your behalf when you say “draft a reply confirming the meeting”. Drafts are never auto-sent — you review and confirm every send through the chat interface. Read access is strictly request-driven: the Service does not poll your inbox, does not index it, and does not store message bodies anywhere. Messages are fetched, used to generate a response, and discarded within the same turn. You retain full control via the Gmail web UI, where drafts created by NitroxBrain appear before send.
Alternatives we considered and rejected:
gmail.composewould allow draft creation + send but not message read. Rejected because features like “find that email”, “summarise this thread”, and “reply with the same tone as the last message” require read access.gmail.readonlywould allow read but not draft creation. Rejected because draft creation is a core feature.gmail.sendwould allow send without review. Rejected because auto-send without your review is the wrong UX for a personal assistant.https://mail.google.com/(full Gmail) would grant everything including settings, filters, and label management. Rejected because it is broader than needed.
2. Gmail: read send-as identities
Scope: https://www.googleapis.com/auth/gmail.settings.basic (Sensitive)
What the Service does with this scope:
NitroxBrain reads your list of send-as alias identities so that when you have multiple addresses configured (e.g. a personal address and a work address), the Service composes replies from the correct identity. This scope only reads the alias list — it does NOT modify settings, filters, vacation responders, or any other Gmail configuration. Used at draft-creation time, never persisted.
Alternatives we considered: No narrower scope exists. The gmail.modify scope does not grant settings access.
3. Calendar: read + write events
Scope: https://www.googleapis.com/auth/calendar (Sensitive)
What the Service does with this scope:
NitroxBrain reads your calendar to answer scheduling questions like “what’s my Friday afternoon look like?” and “when am I free this week?”, and writes events on your behalf when you ask the bot to book or modify meetings. All writes require your explicit confirmation in chat. The Service does NOT auto-accept invitations, auto-decline, or modify events without your instruction. Calendar content is used for one conversation turn then discarded; nothing is indexed or stored.
Alternatives we considered and rejected:
calendar.events.readonlywould block the write features (meeting creation, edits) — core to the assistant role.calendar.events.ownedwould block reading events on shared calendars (typical in coaching workflows where the user references a shared client calendar).calendar.freebusywould block reading event content — needed to answer “what’s that 14:00 meeting about?“.
4. Drive: read + write files
Scope: https://www.googleapis.com/auth/drive (Restricted)
What the Service does with this scope:
NitroxBrain reads and writes Google Drive files on your behalf as part of your conversational workflow. Read access powers questions like “find the proposal I sent Acme last month” and “summarise the Q3 report”. Write access powers actions like “create a one-page doc covering these three bullet points” and “add a paragraph about Q4 to the existing proposal”. The Service does NOT crawl, index, or batch-process your Drive — every access is user-query-driven within one turn. File content is used in the AI model’s context for one turn then discarded; nothing is persisted in NitroxBrain databases beyond your chat history. File writes are visible immediately in your Drive web UI, and you can roll back via Drive’s version history.
Alternatives we considered and rejected:
drive.file(per-file access via picker UI) is Google’s recommended “minimal” Drive scope, but it requires you to explicitly pick files via Google’s Drive picker UI in a browser. NitroxBrain’s chat-based UX has no browser surface to present that picker — you type a description and the bot finds the file. Rejected because it would break the core conversational flow.drive.readonlywould block the write features.drive.appdataonly grants access to a per-app folder, not to user-visible Drive content — rejected as the wrong scope for this use case.drive.metadatawould block content-summarisation features.
5. Drive activity: read-only
Scope: https://www.googleapis.com/auth/drive.activity.readonly (Sensitive)
What the Service does with this scope:
NitroxBrain reads Drive activity logs to answer questions like “who edited this file last week?” and “what changed in the proposal yesterday?”. This is a strictly read-only scope used to enhance file-related Q&A. No activity is logged or persisted by the Service.
Alternatives we considered: None — Drive Activity API is the only way to surface this information.
6. Google Docs: read + write content
Scope: https://www.googleapis.com/auth/documents (Sensitive)
What the Service does with this scope:
NitroxBrain reads and writes Google Docs content on your behalf. Read access powers summarisation (“summarise this meeting notes doc”) and Q&A (“what did we decide about X?”). Write access powers content creation (“draft a one-pager covering these points”) and edits (“add a paragraph about Y at the end”). All writes are user-initiated; the Service does not auto-modify docs.
Note on scope minimisation: the Restricted drive scope above is a technical superset that authorises Docs API endpoints. We declare documents explicitly so it is visible to your security team that we use the Docs-specific scope and not just Drive’s broader authority.
7. Google Sheets: read + write content
Scope: https://www.googleapis.com/auth/spreadsheets (Sensitive)
What the Service does with this scope:
NitroxBrain reads and writes Google Sheets content on your behalf. Read access powers spreadsheet Q&A (“what’s the total in column D?”). Write access powers row appends (“log today’s hours to the timesheet”), new sheet creation (“create a sheet to track this project’s expenses”), and structured updates. All writes are user-initiated.
Note on scope minimisation: as with documents, the Restricted drive scope is technically a superset. We declare spreadsheets explicitly for the same least-privilege clarity reason.
8. Contacts: read-only
Scope: https://www.googleapis.com/auth/contacts.readonly (Sensitive)
What the Service does with this scope:
NitroxBrain looks up your contacts to resolve names to email addresses before drafting emails (“draft an email to Marie”) and to populate meeting invitations (“book a slot with Marie”). This scope is strictly read-only — the Service never modifies contacts. Contact data is used at lookup time then discarded; nothing is persisted in NitroxBrain databases.
Alternatives we considered: None — contact-name lookup is unavoidable for email and meeting drafting workflows.
9. Other contacts: read-only (auto-collected)
Scope: https://www.googleapis.com/auth/contacts.other.readonly (Sensitive)
What the Service does with this scope:
NitroxBrain looks up “other contacts” — people Google auto-collects when you email someone not in your explicit contact list — to resolve names to email addresses. This covers business colleagues whose addresses live in your email history rather than your explicit contact list, a very common pattern. Strictly read-only; same data-handling as contacts.readonly.
Scopes we deliberately DO NOT request
To make scope minimisation visible, here are the Google scopes that the Service does NOT request, and why:
| Scope | Why we don’t request it |
|---|---|
https://mail.google.com/ (full Gmail) | Too broad — gmail.modify covers our needs |
gmail.metadata | Too narrow — blocks body-read for summarisation |
gmail.labels | Not used — the Service doesn’t categorise / label emails |
gmail.send | Auto-send without review is wrong UX |
calendar.events.owned | Insufficient — users frequently reference events on shared calendars |
calendar.events.readonly | Blocks the meeting-creation feature |
drive.metadata | Too narrow — blocks content-summarisation |
drive.file (picker UI) | No browser picker surface in chat UX |
drive.appdata | Wrong scope — restricts to a per-app folder, not your Drive |
drive.scripts | Not used — the Service doesn’t execute Apps Script |
tasks | Not used — Google Tasks is not integrated |
keep | Not used — Google Keep is not integrated |
analytics.readonly | Not used — no Google Analytics integration |
userinfo.profile | Not used — the Service doesn’t access profile photo / display name |
cloud-platform | Never — would be massive over-reach |
Restricted scopes: the CASA assessment
The two Restricted scopes (gmail.modify and drive) require Google’s Cloud App Security Assessment (CASA), a third-party security review of how the Service handles sensitive user data. The relevant security posture is summarised here and detailed in the publicly-disclosed security policy at https://github.com/NitroX-Consulting/NitroxBrain/blob/main/SECURITY.md:
- EU residency. All compute and storage runs in Google Cloud
europe-west1(Belgium) and AWS Lightsaileu-west-3(Paris). - TLS-only transport. Every connection uses TLS 1.2+; the database server is configured to refuse plaintext connections (verified 2026-06-04).
- Five-header pack on every TLS response (HSTS, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy).
- At-rest encryption. AES-256 on every storage tier; per-user encryption keys on the most sensitive material.
- Tamper-evident audit log. Every operator-side access to user data via the impersonation surface is recorded in a hash-chained audit table with 7-year WORM offsite retention.
- Per-user isolation. Dedicated isolated compute instance per user; cross-user data paths are architecturally impossible.
- CVE / SBOM scanning on every deploy + nightly + per-PR (B49, shipped 2026-06-02).
- No model training on your data. Your data is not used to train any general-purpose AI model.
- No data sale. We do not sell or rent your data, nor share it with third parties for marketing.
The detailed self-assessment is available on request at security@nitroxconsulting.com.
Revoking access
You can revoke NitroxBrain’s access to any connected platform at any time:
- Google: Account → Security → “Your connections to third-party apps & services” → NitroxBrain → Remove access.
Revocation takes effect immediately on the provider side and is detected by the Service on the next interaction. After revocation, the Service can no longer read or write any data in that Google account.
Microsoft 365 + Slack + Trello + HubSpot
The Service also requests OAuth scopes on Microsoft 365, Slack, Trello, and HubSpot. The justification structure for those scopes mirrors this page; the per-scope inventory will be added as those integrations move into the production-verified flow. Reach out at support@nitroxbrain.com if you need the inventory before it lands here.
Contact
- General:
support@nitroxbrain.com - Security:
security@nitroxconsulting.com - Privacy / data-protection:
privacy@nitroxconsulting.com - Operator: NitroX Consulting SAS, France.
