Draftbox Legal
Permissions and Data Access
This page explains the Google and external storage permissions or access flows Draftbox may use, why each permission is needed, what data may be processed, and how Draftbox limits use of that data. This page is intended to support OAuth consent review, app verification, and user-facing transparency.
Last updated: May 22, 2026
1. Core Principle
Draftbox requests the minimum level of access needed to provide the feature a user explicitly enables. We do not request Google or connected-storage access unless the user chooses to connect the relevant service or activate a workflow that depends on it.
2. Google Sign-In
Draftbox currently supports Google account authentication. These permissions are used only to identify the user, create or sign in to the user’s Draftbox account, and maintain a secure session.
| Scope or Permission | Access | Why Draftbox Requests It |
|---|---|---|
| openid | Basic identity token | Used to verify the signed-in Google identity and securely create or resume a Draftbox session. |
| Primary Google account email address | Used to match the user to a Draftbox account, prevent duplicate accounts, and support account communications and verification. | |
| profile | Basic public profile information | Used to prefill account identity details such as display name and profile image during sign-in. |
3. Google Calendar Permissions
Draftbox supports calendar-aware workflows that sync a user’s connected Google Calendar into the built-in Draftbox calendar experience so the user can view relevant schedules, organize planning context, and optionally generate summaries or drafting support based on user-selected calendar information.
| Scope or Permission | Access | Why Draftbox Requests It |
|---|---|---|
| https://www.googleapis.com/auth/calendar.readonly | Read-only access to calendars and events | Used to read calendar lists, event titles, dates, times, attendees, and related event metadata so Draftbox can display, organize, sync, and summarize calendar information the user chooses to connect. |
Draftbox does not request calendar write permissions in this first pass. The current integration is intended for read-only calendar sync into the built-in Draftbox calendar experience. If event creation or editing is introduced later, the privacy and permissions disclosures will be updated before launch.
4. Google Drive Permissions
Draftbox supports Google Drive import and analysis workflows so a user can browse connected Drive content, choose files for import, and bring Drive documents into Draftbox for reading, indexing, summarization, drafting, and workspace organization.
Draftbox uses a dedicated Google Drive integration consent flow that is separate from normal Google sign-in. Draftbox requests read-only or read/write Drive access depending on the integration mode the user explicitly selects from the integrations UI.
| Scope or Permission | Access | Why Draftbox Requests It |
|---|---|---|
| https://www.googleapis.com/auth/drive.readonly | Read-only access to Google Drive files and metadata | Used to let the user browse connected Drive content, select files or folders for import, read supported files, and process chosen Drive content for retrieval, indexing, summarization, drafting, and workspace organization. Draftbox requests read-only access and does not request Drive write permissions. |
| https://www.googleapis.com/auth/drive | Read and write access to Google Drive files | Used only when the user explicitly selects a write-capable integration mode. This broader scope may be required for workflows that manage Draftbox-controlled files in Drive rather than only browsing or importing them. |
Drive content is processed only when the user requests import, viewing, indexing, summarization, or a related connected workflow. Draftbox does not use broader Drive access unless the user has deliberately connected Drive in that higher-access mode.
5. OneDrive and Dropbox Connections
Draftbox also supports OneDrive and Dropbox source connections for user-initiated browsing, sync, linking, import, and external-file workflows.
In the current product, OneDrive and Dropbox are connected through a manual provider-token flow. The user supplies the relevant provider access token, optional refresh token, and provider account identifiers from their own authorized provider-side setup. Draftbox stores that connection data only to maintain the integration the user explicitly asked to enable.
Draftbox uses OneDrive and Dropbox connection data to list folders, read file metadata, download supported files, cache user-selected content, and keep requested source imports in sync. Draftbox does not request provider write permissions from these services in the current connected-source workflow.
6. Imported and Synced Content Handling
When you choose a connected file or folder, Draftbox may temporarily download it, store a managed copy, generate previews, extract text, create summaries, split text into chunks, and create embeddings so the content can be searched and used in retrieval or drafting workflows.
Sync and re-sync operations run only when the user starts them from Draftbox or when Draftbox completes background work for an already requested sync job. Draftbox also records sync progress, read health, and cancellation state so it can show source status and let the user stop long-running syncs.
7. How Draftbox Uses Connected Data
Connected Google Calendar, Google Drive, OneDrive, and Dropbox data is used only to provide the user-facing features the user requested, such as sign-in, importing files, reading connected records, searching content, preparing summaries, generating drafts, or organizing workspace context.
Draftbox does not sell connected-service data. Draftbox does not access connected content unless the user has authorized the connection and triggered a feature that requires the content.
8. Google API Data Restrictions
Draftbox will not use data obtained from Google Workspace APIs to develop, improve, or train generalized artificial intelligence or machine learning models. Google Workspace API data is processed only to provide, secure, and improve user-facing features requested by the user, in accordance with applicable Google API requirements.
9. AI and Connected Content
If a user asks Draftbox to summarize, search, or draft from connected Google or cloud-storage content, Draftbox may process selected portions of that content through indexing, retrieval, or AI-assisted workflows. This happens only in response to user-initiated product actions.
Where supported, Draftbox applies safety and redaction controls to reduce unnecessary exposure of sensitive strings in AI workflows.
10. Revocation and Deletion
A user may disconnect a connected Google, OneDrive, or Dropbox account using Draftbox account controls when available, or by revoking access from the provider side. After revocation, Draftbox will stop making new calls with the revoked authorization, subject to ordinary technical delay, token expiry, cached data handling, and retained imported content already brought into the user’s workspace.
When a connected cloud account is disconnected, Draftbox may offer a choice between keeping imported or preserved items in place and removing unused synchronized cache. If cache cleanup is selected, Draftbox removes unused synced source records and may preserve files that are still actively used by workspace items as standalone managed copies.
11. Related Legal Documents
For broader legal and privacy terms, review the Privacy Policy, Terms of Service, Payments and Cancellations Policy, and Data Processing Agreement.
12. Contact
For questions about permissions, provider review, or connected data handling, contact support@fixpro.gr.