Log inApply for Beta
Back to home
Integration · Google Workspace

Google Workspace

TAO connects to Google Workspace through Google's verified OAuth flow, requesting only the narrow read scopes our operational features actually need — Gmail, Calendar, Contacts, and Drive metadata. We've completed Google's Brand Verification and hold a current CASA Tier 1 attestation; the CASA Tier 2 third-party assessment required for broader restricted-scope production access is actively in progress. We honour the Limited Use policy in full; your data stays inside your workspace, we don't train models on it, sell it, or surface it to ads.

Apply for Beta All data & permissions

How the connection works

OAuth 2.0 via a verified Google Cloud project (External user type). Restricted scopes (Gmail readonly, Drive metadata readonly) trigger mandatory Brand Verification, Sensitive/Restricted Scope Verification, and an annual Cloud Application Security Assessment (CASA). TAO holds Tier 1 today (self-assessment + Google-validated questionnaire) and is mid-engagement with a Google-approved third-party lab for Tier 2.

Scopes TAO requests

We request only the scopes the connected features actually use. Each scope, why we ask for it, and which tier it sits in for Google Workspace:

ScopeTierWhat it's for
https://www.googleapis.com/auth/userinfo.emailbasicIdentify the authenticated Google account
https://www.googleapis.com/auth/userinfo.profilebasicDisplay name and avatar on the connected-account card
https://www.googleapis.com/auth/gmail.readonlyrestrictedRead email threads to surface operational context against contacts, deals, and jobs
https://www.googleapis.com/auth/calendar.events.readonlysensitiveRead calendar events to drive the TAO calendar and Andy briefings
https://www.googleapis.com/auth/contactssensitiveRead and reconcile personal contacts into TAO's contact graph
https://www.googleapis.com/auth/directory.readonlysensitiveRead Workspace directory entries for staff and shared contacts
https://www.googleapis.com/auth/drive.metadata.readonlyrestrictedList file names and metadata to attach Drive documents to TAO records (no file content)

What TAO accesses

The connected features read specific Google Workspace data — and only what's needed for the operational record visible inside TAO.

  • Email subject, sender, thread context, and labels to link conversations to TAO records
  • Calendar events, attendees, and times to populate the TAO calendar and Andy daily brief
  • Contact names, emails, phone numbers, and organisations for TAO's contact graph
  • Drive file names, owners, and modified dates so users can link documents to jobs and quotes

What TAO never does with this data

Some commitments are easier to read as a list.

  • We do not train generative or machine-learning models on your Google Workspace data
  • We do not sell, rent, or transfer your data to third parties or data brokers
  • We do not use your data for advertising, retargeting, or audience profiling
  • We do not allow humans to read your data except with your explicit consent or for security and legal compliance
  • We do not store full Drive file bodies — only the metadata needed to render links

Google API Limited Use commitment

TAO's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

OAuth consent screen + listing

The exact configuration TAO submits to Google Workspace for every customer connection — keep this aligned with the public site for reviewers and consent dialogs.

  • App name matches "TAO" exactly on the consent screen and in the privacy policy
  • Authorised domain = theartificialorganisation.com, verified in Google Search Console
  • Privacy policy URL = https://theartificialorganisation.com/privacy on the matching domain
  • Terms of Service URL = https://theartificialorganisation.com/terms on the matching domain
  • Application homepage is publicly accessible (not behind login) and describes the integration
  • Support email is monitored and resolves Workspace integration questions within one business day

Verification + review path

TAO progresses through Google's full verification pathway: testing → published → verified. Brand Verification confirms identity and domain ownership. Sensitive Scope Verification reviews use of Contacts and Calendar data. For restricted scopes (Gmail, Drive), Google requires an annual Cloud Application Security Assessment (CASA). TAO is currently certified at CASA Tier 1 (self-assessment validated by Google) and is actively working with a Google-approved third-party lab to complete the Tier 2 independent assessment that enables broader restricted-scope production access. We re-attest annually so verification status doesn't lapse.

How to disconnect

Open https://myaccount.google.com/permissions, find TAO under "Third-party apps with account access", and click Remove access. You can also disconnect from inside TAO at Settings → Integrations → Google Workspace → Disconnect; TAO revokes the refresh token at Google's revocation endpoint and permanently deletes the associated Workspace data within 24 hours.

Reference: Google Workspace developer documentation

Canonical Google Workspace reference: https://developers.google.com/terms/api-services-user-data-policy

See also the full Data & Permissions page for the side-by-side comparison across all providers TAO connects to, and the Privacy Policy for retention, deletion, and your rights.

You might also want

Microsoft 365Outlook, Calendar, Contacts, OneDrive — via Microsoft Entra.XeroSMB accounting on granular OAuth scopes.

Want to see this running on the apps you already use? Apply for the beta, or tell us what your team is trying to run from one place.

Apply for Beta All data & permissions
Sign inApply for Beta