DoneDocs|Google API Limited Use Disclosure

Google API Limited Use Disclosure

Last updated: May 2026

DoneDocs's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

What we access

DoneDocs requests the following Google OAuth scopes:

  • gmail.readonly - Read-only access to Gmail messages and attachments. Used solely to identify and extract invoice data from incoming emails.
  • gmail.labels - Read and write Gmail labels. Used to mark processed email threads and prevent duplicate processing.
  • drive.file - Create files and folders in Google Drive. Scoped only to files created by DoneDocs; no access to existing Drive content.

How we use Google user data

DoneDocs uses Gmail and Drive data exclusively to provide the invoice-filing service described to the user at sign-up:

  • Scanning Gmail for emails that contain invoices or receipts.
  • Extracting invoice metadata (supplier, date, amount) from email attachments using AI analysis.
  • Uploading the invoice files to a dedicated DoneDocs folder in the user's Google Drive.
  • Displaying a dashboard summary of the user's invoice history.

What we do NOT do with Google data

  • We do not use Gmail or Drive data to serve advertisements.
  • We do not sell, rent, or transfer Google user data to any third party.
  • We do not allow humans to read user email content - processing is fully automated.
  • We do not use Google data for any purpose unrelated to the invoice-filing service.
  • We do not retain raw email content - only the extracted invoice metadata is stored in our database.

Data storage and security

  • Google OAuth tokens are encrypted at rest using AES-256-GCM before storage.
  • All communication is encrypted in transit via HTTPS / TLS 1.2+.
  • Access tokens are refreshed automatically and never exposed to the client browser.
  • We use the minimum necessary OAuth scopes - we do not request broad Drive or Gmail access.

Third-party AI processing

Email attachment content is sent to Anthropic Claude AI for invoice data extraction. Anthropic processes the data solely for inference and does not retain or train on user data. For details, see Anthropic's Privacy Policy.

User control

  • Users can disconnect Google access at any time from the Settings page.
  • Users can delete their account and all associated data at any time from the Settings page.
  • Google access can also be revoked directly via Google Account Permissions.

Contact

For questions about our use of Google user data, please contact: info@doneiteasy.com

See also our Privacy Policy and Terms of Service.