Every permission we use, listed.

The extension: mail.google.com page access only, no Gmail API. Sign-in: basic profile. Compose: send-only.

The Chrome extension

Runs only on mail.google.com, works inside the compose window you're writing in, and uses no Google API permissions at all — it literally cannot open your inbox. It talks only to MailViewed's own server, authenticated with a token minted when you pair.

Signing in

Google sign-in shares your basic profile: name, email, photo. Nothing else — no offline access, no Gmail scope.

Compose (optional)

One permission, gmail.send, requested only when you connect Gmail to send from your address. Send-only; can't read or modify anything. Revoke anytime at myaccount.google.com/permissions.

We never request restricted Gmail scopes like gmail.modify or gmail.readonly. This is verifiable on every Google consent screen you see.

Did this answer it? If not, email support — a human replies, usually within a day.