Like Simple Gmail Notes, we tried our best to minimize permissions for the CRM.
In general, we need 3 permissions in total:
1. Read-only permission for your email from your device. This has two major implications:
a. We cannot write to your email boxes, the CRM just can’t in nature. That means we won’t mess up your email tags, labels or silently create new emails on your behalf. Your email is always clean.
b. The email collection must be done from your device with CRM logged in. The email collection must be carried out on the device. It’s called local-client application and require explicit verification by Google side. That means you don’t need to worry about some hackers would hack into our CRM system and silently read your emails, because even we cannot do that ourselves. The email collection (i.e. auto sync for future emails) is turned off by default, and must be explicitly enabled by the user.
2. Read-only permission for your Google contacts. This is for conversion of your contacts into CRM contacts.
3. Local calendar permission on device. This is for creation of to-do items on the device.
This is ALL permissions required by the CRM app.
And here are the permissions collected by us versus those collected by others: