Use of Google API Services

Google API Services User Data Policy Compliance

Tidyflow’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

This applies to data Tidyflow receives from both the Google Gmail API and the Google Calendar API.

OAuth Scopes We Request

Tidyflow requests only the OAuth scopes necessary to provide the functionality you have authorised. Each scope is requested for a specific user-facing feature.

Sign-in

• openid — required to identify the user during the OAuth flow.
• email — required to read the user’s primary email address so that the connected account can be linked to the corresponding Tidyflow user.

Gmail

• https://www.googleapis.com/auth/gmail.modify — required to read message bodies, threads, labels, and attachments so they can be displayed inside Tidyflow alongside the related client and job, and to mark messages as read/unread, archive, label, and move messages on the user’s behalf when the user performs those actions inside Tidyflow. A narrower gmail.readonly scope does not provide the modify capabilities needed to operate a shared inbox; a narrower gmail.labels scope does not provide the read access needed to surface message content.
• https://www.googleapis.com/auth/gmail.send — required to send replies, new emails, and drafts composed inside Tidyflow on behalf of the authenticated user.

Google Calendar

• https://www.googleapis.com/auth/calendar.events — required to allow users to accept, decline, or update meeting invitations they have received in their connected Gmail. A narrower scope (calendar.events.freebusy or calendar.calendarlist.readonly) does not provide the write access needed to RSVP. Tidyflow does not list or import calendar events that did not originate from, or get modified through, user interaction with an email invitation in the Tidyflow email surface.

What Google User Data We Access

Gmail

When you connect a Gmail account to Tidyflow via OAuth 2.0, we access the following categories of data from the Google Gmail API:

• Email message content (body text, subject lines)
• Sender and recipient information (names, email addresses)
• Email metadata (timestamps, read/unread status, labels)
• Attachments (where you choose to sync or access them within Tidyflow)

Google Calendar

When you connect a Google account that grants Tidyflow Calendar access via OAuth 2.0, we access the following data from the Google Calendar API:

• Event details (title, time, location, description, attendees, response status) — only for events you create, update, or respond to through interaction with a meeting invitation in your Tidyflow email surface

Tidyflow does not import, list, or display your full Google Calendar. Calendar API calls are made only in response to a specific user action against a specific email invitation (e.g. clicking “Accept”, “Decline”, or “Tentative” on an invite, or updating an event the user originally created from such an invite).

We request only the permissions necessary to provide the functionality you have authorised. You can review the specific permissions requested during the OAuth consent process.

How We Use Google User Data

Gmail

Tidyflow uses Gmail data solely to provide email integration functionality within the Service:

• Syncing and displaying your emails within Tidyflow
• Composing, sending, and replying to emails on your behalf
• Organising email communications alongside your practice management workflows

Google Calendar

Tidyflow uses Google Calendar data solely to let you act on meeting invitations received in your connected Gmail:

• Accepting, declining, or tentatively responding to a calendar invitation that arrived as an email
• Adding the event to your calendar in response to an email invitation you have actioned
• Updating an existing event when the underlying email invitation is updated

We do not use Google user data for:

• Serving advertisements or any advertising-related purpose
• Market research unrelated to the Service
• Any purpose other than providing, maintaining, and improving the Gmail and Calendar integration functionality you have authorised

Limited Use Requirements

In accordance with the Google API Services User Data Policy, Tidyflow adheres to the following Limited Use requirements:

• No transfer to third parties except as necessary to provide or improve the Service, to comply with applicable laws, or as part of a merger, acquisition, or asset sale — and only with your consent where required
• No use for advertising — Google user data is never used for serving ads, including retargeting, personalised, or interest-based advertising
• No sale of data — Google user data is never sold, rented, or transferred to data brokers or information resellers
• No training of AI/ML models — Google user data is not used to train generalised or non-personalised artificial intelligence or machine learning models
• No human access to Google user data except with your explicit consent for specific messages or data, for security investigations, to comply with applicable law, or in aggregated and anonymised form for internal operations

AI Features and Google User Data

If you have enabled both Email Integration and Tidyflow’s optional AI Features (such as email summarisation), email data from your connected Gmail account may be transmitted to a third-party AI provider (currently OpenAI) solely to deliver the AI functionality you requested.

This transfer is:

• Performed only with your explicit consent (you must separately opt in to AI Features)
• Subject to data minimisation — personal identifiers are pseudonymised via tokenisation before transmission to the AI provider
• Necessary to provide the AI functionality you requested
• Consistent with the Limited Use requirements — the AI provider is contractually committed to the minimum retention period required to operate its API and is prohibited from using your data to train or improve its models

Google Calendar event data is not transmitted to the AI provider. If a future AI feature requires Calendar data, Tidyflow will update these terms and request fresh user consent before enabling it.

You may disable AI Features at any time without affecting the email sync functionality. Full details are available in our AI Terms of Use.

Third-Party Analytics and Google User Data

Tidyflow uses PostHog for product analytics inside the Tidyflow application. To protect Google user data:

• Autocapture is disabled (autocapture: false).
• Session recording is disabled (disable_session_recording: true).
• Only structured product events are sent (for example http_request, feature_used, page_viewed), with anonymised properties such as record identifiers, status codes, and route names.
• URL paths included in performance events are normalised before transmission — UUIDs and numeric record identifiers are replaced with placeholders such as :uuid and :id.
• No Gmail message content, no Gmail metadata beyond what is needed for normal application telemetry, and no Google Calendar event content is ever transmitted to PostHog.

PostHog is listed on our Sub-processors page.

How We Store Google User Data

Gmail data from connected Gmail accounts is synced and cached within Tidyflow’s infrastructure (hosted on DigitalOcean and AWS in the United States) for as long as the mailbox remains connected.

Google Calendar event data is sent to and received from the Google Calendar API only when you take a specific action against an email invitation (such as accepting, declining, or updating an event). Tidyflow stores only the minimum event metadata required to relate the action to the originating email and the corresponding job or client; we do not maintain a mirror of your calendar.

Tidyflow implements appropriate technical and organisational security measures to protect Google user data, including encryption in transit (TLS), encryption at rest at the storage layer, additional application-layer encryption for selected sensitive fields (including personally identifying information on user and contact records and authentication credentials for connected services), role-based access controls, and restricted internal access to production systems.

Data Retention and Deletion

When you disconnect a Gmail or Google Calendar connection from Tidyflow:

• Tidyflow will immediately cease syncing or making any further calls against that connection
• Previously synced Gmail data and any cached calendar event metadata will be deleted in accordance with our internal retention policies, within 30 days of disconnection

You may also revoke Tidyflow’s access to your Google account at any time through your Google Account permissions.

Your Control

You retain full control over your Google user data:

• Connect and disconnect Google accounts at any time through your Tidyflow account settings
• Revoke access directly through your Google Account security settings
• Enable or disable AI Features independently of Email Integration
• Request deletion of your data in accordance with our Privacy Policy

Each Google account connected to Tidyflow is authorised by a separate OAuth consent from the person who holds authority over that account. Tidyflow does not access mailboxes or calendars other than those that have been individually authorised in this way.

Related Policies

• Privacy Policy
• Terms of Service
• Data Processing Addendum
• AI Terms of Use
• Sub-processors

Contact

For questions about how Tidyflow uses Google user data, please contact [email protected].