Google Workspace API

Transparent, controlled Gmail access

10Alert Mail requests access only after a user action and uses it for visible extension features.

Last updated: 18 July 2026

Requested scope

https://www.googleapis.com/auth/gmail.modify

This scope supports reading messages and modifying their state, without permanently deleting messages outside Trash.

Why it is required

10Alert Mail uses the scope to list messages and threads; display sender, recipients, subject, snippet and body on open; notify about new mail; mark read/unread; star; archive; apply labels; move to Trash; and send user-initiated messages or replies.

Why narrower scopes do not work

gmail.metadata cannot provide message bodies. gmail.readonly cannot modify mailbox state. gmail.send and gmail.compose cannot read and manage existing mail. The app's visible read/write features therefore require gmail.modify.

Data flow

  1. The user selects Google connection.
  2. Google presents its account chooser and consent screen.
  3. The extension connects directly to Gmail API.
  4. Additional accounts use local Authorization Code with PKCE and a 127.0.0.1 loopback callback.
  5. Results are displayed and cached only on the device according to user settings.

What we do not do

Storage and security

The default local cache retention is seven days. Additional Gmail tokens are encrypted using Windows DPAPI or AES-GCM with a protected local key on macOS/Linux. This static website cannot access extension messages or tokens.

Revocation and deletion

Users can remove accounts and erase local data in 10Alert Mail. Authorization can also be revoked from Google Account Connections.

Limited Use. 10Alert Mail's use of information received from Google Workspace APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Contact

Use the contact details in Terms of Use, section 13.