Connecting any tool to your Gmail means handing over access to some of your most sensitive information. Here's an honest, detailed look at exactly how MailWise protects yours — and what to check in any tool before you connect your inbox.
Your Gmail inbox contains more sensitive information than almost any other system you use. Client contracts. Financial discussions. Personal conversations. Login credentials forwarded in emails. Business strategies.
When you install a Gmail productivity tool, you're granting it access to all of that. The question most people forget to ask is: what does it do with that access?
Does the tool store your email content on their servers — and who has access to it?
Does it ask for only what it needs, or full unrestricted access to your Gmail?
Is your email data encrypted at rest, or stored in plaintext on a third-party server?
Many Gmail tools request full inbox access even when they only need a fraction of it. That's not just a privacy concern — it's a security risk that violates Google's own developer policies.
When a Gmail tool asks for permission to access your account, it requests specific "scopes" — essentially a list of what it's allowed to do. There are two types:
Only requests what the tool actually needs:
MailWise uses only these three.
Requests unrestricted access to everything:
Common in tools that haven't completed Google's security review.
Requesting broad scopes when they aren't needed is a red flag. It usually means the tool either wasn't built with security in mind, or hasn't gone through Google's official verification process.
Security wasn't an afterthought in MailWise. It was a design requirement from day one — because we built it for people whose inboxes contain genuinely sensitive business information.
All Gmail refresh tokens and sensitive credentials are encrypted using AES-256-GCM — the same standard used by banks and governments. Even if our database were breached, your credentials would be unreadable.
We request only three Gmail permissions — readonly, send, and modify. Nothing more. We never request full inbox access or unapproved scopes. Your account access is strictly limited to what MailWise needs to function.
MailWise has completed Google's CASA (Cloud Application Security Assessment) Tier 2 verification through the App Defense Alliance. This is Google's official security review for third-party Gmail integrations.
Every piece of data in our database is protected by row-level security policies. Your emails are completely isolated from other users — no shared tables, no cross-user data access, ever.
MailWise processes email metadata — sender, subject, thread status — to power its features. Full email body content is never stored in plaintext on our servers.
Full GDPR compliance with clear data retention policies, right to deletion, and transparent privacy documentation. Your data belongs to you — always.
CASA (Cloud Application Security Assessment) is Google's official security verification program run through the App Defense Alliance. Tier 2 is the highest level available for Gmail third-party integrations.
A third-party security firm audits the app's code, infrastructure, and data handling — not just a self-assessment.
Google verifies that the app only requests the OAuth scopes it genuinely needs. Unnecessary permissions are flagged and rejected.
CASA is not a one-time badge. Apps must maintain compliance and re-verify when significant changes are made.
MailWise has completed CASA Tier 2 verification — Google's official, independently-audited security review for third-party Gmail integrations, and the single most meaningful security credential a Gmail tool can hold.
Whether you choose MailWise or any other email tool, here's what's worth verifying before granting it access to your inbox:
Does it request minimal OAuth scopes?
It should ask only for what it needs (read, send, modify) — not full, unrestricted account access.
✓ MailWise requests only gmail.readonly, gmail.send, and gmail.modify.
Is it CASA verified?
CASA Tier 2 is Google's highest independent security verification for Gmail integrations — check the App Defense Alliance registry.
✓ MailWise has completed CASA Tier 2 verification.
Is your data encrypted at rest?
Stored credentials and sensitive data should be encrypted with a strong standard like AES-256 — not stored in plaintext.
✓ MailWise encrypts all credentials with AES-256-GCM.
Does it isolate your data from other users?
Look for row-level security or equivalent database-level isolation, so your data can never be accessed cross-account.
✓ MailWise enforces row-level security (RLS) on every table.
Is there a clear, published privacy policy?
You should be able to see exactly what's collected, how it's used, and how to delete it — in plain language.
✓ Read MailWise's full Privacy Policy.
If your Gmail inbox contains anything you'd be uncomfortable sharing publicly — client data, financial discussions, business strategy — the tool you use to manage it needs to meet a security standard.
CASA Tier 2 verification, AES-256 encryption, and minimal OAuth scopes aren't marketing language. They're the baseline you should expect from any tool that touches your inbox — and they're exactly what MailWise was built on.
CASA Tier 2 verified. AES-256 encrypted. Minimal OAuth scopes. Try MailWise free — no credit card required.