Why we only ask for gmail.send
A practical, technical breakdown of the OAuth scopes Maildriply requests and why we deliberately chose the minimum.
Most "email tracking" products ask for permissions that let them read every message you own. Maildriply does not. This page explains what we ask for, why, and what the difference means in practice.
Scopes we request
| Scope | Why |
|---|---|
openid, email, profile | Identify your Google account so we can attach campaigns to the right user. |
https://www.googleapis.com/auth/gmail.send | Place outgoing messages in your Sent folder via Gmail's API. |
That's the whole list.
Scopes we do not request
gmail.readonly— would let us read every email you own. We don't want it.gmail.modify— would let us mark, archive, or delete mail. We don't want it.gmail.metadata— would expose header metadata (subjects, recipients, dates). We don't want it.gmail.compose— would let us create drafts. Not needed for send-only.
What gmail.send can and cannot do
| Operation | Allowed? |
|---|---|
| Send a new message on your behalf | yes |
| Add a message to your Sent folder | yes (Gmail does this automatically) |
| Read existing messages, drafts, labels | no |
| List your inbox | no |
| Detect replies to a thread | no (we use the message ID Gmail returns at send time; we never query the inbox) |
When we ship sequences (auto-pause on reply), we will use Gmail's Push
notifications API with a narrow topic filter scoped to messages
sent by Maildriply. We will not add a read scope to do this.
How to revoke
If you ever want us out, go to myaccount.google.com/permissions, find Maildriply, and click Remove access. Subsequent send attempts from us will fail because the refresh token becomes invalid.
You can also delete your data from inside the app — Settings → Delete account & data.