OAuth Scope Justification
Detailed documentation of every permission we request and why — Last updated: June 28, 2026
Overview
Stintt requests only the minimum OAuth scopes required to deliver its core functionality: converting calendar events and task data into formatted timesheet exports. When users opt in to AI features, limited event metadata may be sent to Google's Gemini API for real-time processing.
By default, all calendar and task data is processed within the user's browser and is not transmitted to our servers. Our server-side component handles only:
- OAuth code exchange, so that client secrets remain secure.
- AI feature requests, by forwarding event metadata to Google Gemini for real-time processing (opt-in).
- Automated email reports and workspace automation, by storing OAuth tokens — uploaded when you connect a source and encrypted with AES-256-GCM — to fetch events on the user's behalf.
- Workspace team analytics (Workspace plan only), by syncing events from calendars the user has chosen to track and storing them in our database to power the team dashboard. Synced events are automatically deleted after approximately 18 months, or sooner on account deletion or request.
- A real-time relay for sources whose APIs block direct browser requests (such as ClickUp), forwarding data to your browser without storing it.
For full details, please review our Privacy Policy.
Data Handling Principles
- Minimum necessary access. We request read-only scopes wherever available. We never create, modify, or delete data on any connected provider.
- Client-side by default. All user data is processed in the browser by default. Optional features — AI categorization, automated email reports, and Workspace team analytics (which syncs tracked calendar events to our database) — involve server-side processing and storage, as described in our Privacy Policy.
- Encryption at rest. OAuth tokens are encrypted using AES-256-GCM — in the browser via the Web Crypto API using a key stored locally in your browser (or a key configured by the operator), and on our servers for tokens uploaded when you connect a source.
- No advertising use. We do not use any user data for advertising or profiling.
- Restricted data sharing. We do not transfer user data to third parties, except to our infrastructure provider Supabase (database and authentication, under a Data Processing Agreement), as required by the OAuth flow, for AI processing via Google Gemini (opt-in), for email delivery via Mailtrap (opt-in), for product analytics via PostHog (anonymous cookieless usage events by default; account identifiers only with cookie consent — never calendar data), and to our Merchant of Record and payment provider, Dodo Payments, for subscription billing. None of these involve sharing Google user data for advertising.
- User control. Users may revoke access at any time from within the app or through the provider's own account settings.
- AI data handling. When AI features are used, event metadata is processed by Google Gemini on the paid API tier in real time; the provider does not use it to train its models or for human review, and retains it only transiently for abuse monitoring.
calendar.readonlyPurpose
Read-only access to the user's Google Calendar events to generate timesheet exports.
Why This Scope Is Needed
Stintt pulls calendar events to auto-populate timesheet spreadsheets. Without this scope, the core functionality of the app — converting calendar events into timesheet rows — would not work. We request read-only access because we never need to create, modify, or delete events. On the Workspace plan, the same read-only scope is also used to fetch teammate calendars that the user has explicitly subscribed to from the Workspace dashboard, so managers can see team-wide capacity and meeting load.
Data Accessed
- Event titles (summary)
- Start and end date/time
- Event descriptions
- Organizer name and email
- Attendee names and emails
- Event location
- All-day event status
- Event recurrence information
Does NOT Access
- Calendar settings or preferences
- Other users' calendars — except for Workspace plan users who have explicitly granted team access by subscribing to a teammate's calendar in the Workspace dashboard
- We never create, modify, or delete any events
Data Retention
Calendar data is processed in the user's browser by default. Data exists in browser memory only during the active session. If you enable automated email reports, encrypted tokens are stored server-side to fetch events on your behalf. If you use AI features, event metadata is sent to Google Gemini for real-time processing on the paid API tier (not used for training or human review; retained only transiently for abuse monitoring). On the Workspace plan, when you track calendars from the Workspace dashboard, a server-side sync fetches events from those calendars and stores them in our database to power team analytics — synced events older than approximately 18 months are automatically deleted; events synced from calendars you connected yourself are deleted when you delete your account, while events synced into a Workspace you are a member of are retained under that Workspace owner's account until they remove the calendar or delete their account (or on request).
userinfo.emailPurpose
Read the email address of the connected Google account so the app can show which account is providing calendar data and associate it with your Stintt connection.
Why This Scope Is Needed
Stintt reads your account email purely to label the connected account in the UI and to keep the connected calendar correctly associated with your Stintt account. It grants no access to calendar content beyond the calendar.readonly scope above.
Data Accessed
- The email address of the connected Google account
Does NOT Access
- Your name, profile photo, or any other Google profile information
- Contacts, files, Gmail, or any other Google account data
Data Retention
The connected account email is stored with that connection's record — in your browser, and (when the encrypted token is synced server-side for email reports or Workspace analytics) alongside that token. It is deleted when you disconnect the source or delete your account.
Microsoft
Calendars.ReadPurpose
Read-only access to Microsoft 365 / Outlook calendar events for timesheet generation.
Why This Scope Is Needed
Same as Google Calendar — we pull calendar events to generate timesheet rows. Read-only access is sufficient; we never create or modify events.
Data Accessed
- Event titles, start/end times, descriptions
- Organizer and attendee information
- Event location and recurrence
Does NOT Access
- Calendar settings, mailbox contents, mail, or files
- We never create, modify, or delete events
Data Retention
Processed client-side by default. If you enable automated email reports, encrypted tokens are stored server-side to fetch data on your behalf.
Microsoft
Calendars.Read.SharedPurpose
Read-only access to calendars and events that colleagues have shared with you, so shared meetings appear in your timesheet alongside your own.
Why This Scope Is Needed
Many users are invited to meetings on shared team or delegate calendars. Read-only access to calendars shared with you lets those meetings be included in your timesheet.
Data Accessed
- Event titles, start/end times, descriptions, organizer, attendees, and location on calendars shared with you
Does NOT Access
- Calendars or mailboxes that have not been explicitly shared with you
- Mail, files, or any other Microsoft 365 data
- We never create, modify, or delete events
Data Retention
Processed client-side by default. If you enable automated email reports, encrypted tokens are stored server-side to fetch data on your behalf.
Microsoft
User.ReadPurpose
Retrieve the user's email and display name to show which Microsoft account is connected.
Why This Scope Is Needed
Displays the connected Microsoft account in the UI for user confirmation.
Data Accessed
- Email address
- Display name
Does NOT Access
- Directory data, organizational info, or other users' profiles
- Mail, files, or any other Microsoft 365 data
Data Retention
Stored locally in the browser. Cleared on disconnect.
Microsoft
OnlineMeetings.ReadPurpose
Read-only access to Microsoft Teams meeting details for timesheet generation.
Why This Scope Is Needed
Teams meetings are a significant part of many users' work schedules. We pull meeting data to include meeting time in timesheet exports alongside calendar events.
Data Accessed
- Meeting titles, start/end times, duration
- Meeting type and status
- Attendee information
Does NOT Access
- Meeting chat messages, recordings, or transcripts
- We never create, modify, or delete meetings
- Other participants' personal information beyond attendee list
Data Retention
Processed client-side by default. If you enable automated email reports, encrypted tokens are stored server-side to fetch data on your behalf.
Zoom
user:read:user, meeting:read:list_meetingsPurpose
Planned — not yet connectable. Read-only access to past and upcoming Zoom meetings to include meeting time in timesheets.
Why This Scope Is Needed
Zoom meetings are a significant part of many workers' schedules. We pull meeting data to include meeting time in timesheet exports alongside calendar events.
Data Accessed
- Meeting titles, start/end times, duration
- Meeting type and status
- User profile (name, email) for the connected account
Does NOT Access
- Meeting recordings, chat messages, or transcripts
- We never create, modify, or delete meetings
- Other participants' personal information
Data Retention
Processed client-side by default. If you enable automated email reports, encrypted tokens are stored server-side to fetch data on your behalf.
Atlassian (Jira)
read:jira-work, read:jira-user, offline_accessPurpose
Read-only access to Jira issues and worklogs to include task time in timesheets.
Why This Scope Is Needed
Many users track work in Jira. We pull issues with worklogs to auto-populate timesheet rows with task names and time spent. offline_access allows token refresh without requiring the user to re-authenticate every hour.
Data Accessed
- Issue titles, descriptions, and status
- Worklog entries (time spent)
- User display name and email
Does NOT Access
- Jira admin settings, permissions, or project configurations
- We never create, modify, or delete issues or worklogs
- Attachments or comments content
Data Retention
Processed client-side by default. If you enable automated email reports, encrypted tokens are stored server-side to fetch data on your behalf.
ClickUp
tasks:readPurpose
Read-only access to ClickUp tasks and time entries for timesheet generation.
Why This Scope Is Needed
ClickUp users can include their tracked tasks and time entries in exported timesheets.
Data Accessed
- Task names, descriptions, and status
- Time tracking entries
- Workspace and space names
Does NOT Access
- We never create, modify, or delete tasks or time entries
- Workspace settings, members, or billing information
Data Retention
Processed client-side by default. Because ClickUp's API blocks direct browser requests, API calls are relayed through our server in real time without being stored. If you enable automated email reports, encrypted tokens are stored server-side to fetch data on your behalf.
Asana
tasks:read, projects:read, stories:read, teams:read, time_tracking_entries:readPurpose
Planned — not yet connectable. Read-only access to Asana tasks, projects, and time tracking for timesheet generation.
Why This Scope Is Needed
Asana users can include their tasks and tracked time in exported timesheets.
Data Accessed
- Task names and descriptions
- Project names
- Story/activity data (for task context)
- Team and workspace information
- Time tracking entries
Does NOT Access
- We never create, modify, or delete tasks, projects, or time entries
- Workspace admin settings, billing, or member management
Data Retention
Processed client-side by default. If you enable automated email reports, encrypted tokens are stored server-side to fetch data on your behalf.
Monday.com
boards:readPurpose
Planned — not yet connectable. Read-only access to Monday.com boards and items for timesheet generation.
Why This Scope Is Needed
Monday.com users can include their board items and time data in exported timesheets.
Data Accessed
- Board and item names
- Column values (status, dates, time tracking)
- User information
Does NOT Access
- We never create, modify, or delete boards or items
- Account settings, billing, or admin configurations
Data Retention
Processed client-side by default. If you enable automated email reports, encrypted tokens are stored server-side to fetch data on your behalf.
Toggl Track
API TokenPurpose
Planned — not yet connectable. Access to Toggl Track time entries for timesheet generation.
Why This Scope Is Needed
Toggl Track is a popular time tracking tool. We pull time entries to include tracked work in exported timesheets.
Data Accessed
- Time entry descriptions and durations
- Project and workspace names
- Start/end timestamps
Does NOT Access
- We never create, modify, or delete time entries
- Billing, invoicing, or team management data
- Other team members' time entries
Data Retention
Processed client-side by default. The API token is stored encrypted in the user's browser. If you enable automated email reports, encrypted tokens are stored server-side to fetch data on your behalf.
Google API Services User Data Policy Compliance
Stintt's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- Google user data is used only to provide the timesheet generation features described in our Privacy Policy.
- Google user data is not transferred to third parties, except as necessary to provide or improve user-facing features, with user consent, or for security or legal purposes.
- Google user data is not used for advertising.
- Humans do not read Google user data, except with user consent, when required for security or legal compliance, or when the data has been aggregated and anonymized.
Revocation and Data Deletion
Users may disconnect any integration at any time from within Stintt or by revoking access from the provider's own permissions page (for example, Google Account permissions or Microsoft Account app access).
All locally stored data — including tokens, cached events, and settings — can be removed using the “Delete All My Data” option on our Privacy Policy page.
Questions about our OAuth scopes or data practices? Contact us at privacy@stintt.com