Permissions Dispatch requests
Dispatch asks for identity first, then requests each product only
when you authorize it. Dispatch uses these exact OAuth scopes:
Identity
openid email profile
Identify the Google account you chose and display its email.
Gmail
gmail.readonly gmail.send
Search and read messages you request. Send a message only after
you repeat a short-lived confirmation phrase bound to the exact
recipient, subject, and body.
Google Drive
drive.file
Read files you deliberately select with Google Picker and create
a file only after exact confirmation. Dispatch does not receive
broad access to all Drive files.
Google Calendar
calendar.events
Read event details and create an event only after exact
confirmation. Destructive calendar actions are not enabled.
How access works
- OAuth refresh tokens are encrypted and stored server-side.
-
Agents call a Dispatch broker and never receive Google
credentials.
-
Google Picker receives one short-lived access token in browser
memory so you can select a file. It is not written to browser
storage, Dispatch logs, prompts, or artifacts.
-
Each operation is checked against your identity, enabled service,
granted scope, and write-confirmation policy.
How data is used and shared
Dispatch retrieves Google content on demand to complete your
request. Relevant excerpts may be sent to the AI provider configured
for your Dispatch workspace so the agent can answer or act. OAuth
credentials are never sent to the AI provider.
Dispatch does not sell Google user data, use it for advertising, or
use it to train a general-purpose model. It does not continuously
crawl or bulk-sync personal Google data by default.
Retention and deletion
Provider content is not copied into a separate integration database
by default. Content you intentionally keep in a chat, work item,
document, or workflow artifact follows that workspace's retention
controls. Security audit records retain the actor, operation type,
status, timestamp, and limited provider object identifier—not
message bodies, file contents, event descriptions, tokens, or raw
responses.
Disconnecting Google revokes the project grant when Google is
reachable and deletes the stored refresh token locally immediately.
You can also revoke Dispatch from your Google Account permissions.
Limited Use and contact
Dispatch's use and transfer of information received from Google APIs
complies with the
Google API Services User Data Policy, including Limited Use requirements.
Questions or deletion requests can be sent to
privacy@dispatchworks.ai.