EmailShot OAuth Permissions Explained

When installing EmailShot, Google's authorization dialog lists the permissions the add-on requests without much explanation — which understandably gives some users pause. Here's exactly what each permission is for.

1. User Email Access (https://www.googleapis.com/auth/userinfo.email)
   Lets the add-on read your email address. Used to associate EmailShots with your account and to send the welcome email. Your address is never stored outside of Google Cloud infrastructure.
2. Read-Only Access to Current Email Message (https://www.googleapis.com/auth/gmail.addons.current.message.readonly)
   Lets the add-on read the email currently open in Gmail — but only when you explicitly create an EmailShot. We do not read or store emails you simply open.
3. Execute Actions within Gmail (https://www.googleapis.com/auth/gmail.addons.execute)
   Required for the add-on to respond to user interactions and render its interface inside Gmail.
4. Determine User Locale (https://www.googleapis.com/auth/script.locale)
   Lets the add-on read your locale setting so it can adapt to your language preferences.
5. Make External HTTP Requests (https://www.googleapis.com/auth/script.external_request)
   Lets the add-on call our backend API — used to save email content to Google Cloud Storage and store the EmailShot metadata in our database.
6. Generate Workspace Link Previews (https://www.googleapis.com/auth/workspace.linkpreview)
   Enables Smart Chips — when you paste an EmailShot link into Google Docs, Slides, or Sheets, this scope allows a rich preview to appear on hover.

If you have questions about any of these permissions, contact us.