Help Center
DocsConnecting Your Inbox
What Gmail and Outlook permissions Laureo requests, what we read, and how the staging-review gate works.
Why connect an inbox?
Step 2 of the onboarding wizard offers Connect Gmail or Connect Outlook as a quicker alternative to a CSV upload. Once connected, Laureo looks at your sent-mail history to suggest people you regularly correspond with, classifies each candidate for quality (active conversation vs. one-off vs. marketing), and stages them for your review before anything lands in your CRM.
What permissions we request
Google (Gmail).We request four Google scopes during signup: read & modify Gmail messages, manage your calendar, per-file Drive access, and read-only access to Meet recordings & transcripts. The Gmail scope is required so you can read and send mail from inside Laureo — onboarding only uses your address book and recent sender history, not the bodies of your messages.
Microsoft (Outlook).We request read & write access to Mail, Calendar, Contacts, and Tasks under your Microsoft 365 account, plus per-file OneDrive access. Contact discovery during onboarding uses Contacts and the People API — message bodies are not read until you start using the email inbox feature.
The staging-review gate
Discovered contacts are written to a staging area — a separate table from your live people records. Nothing reaches your live CRM until you review and approve the list.
Each row carries a quality signal so you can triage quickly:
- Active — 5+ exchanges within the last 90 days. Pre-selected for import.
- One-off — single exchange. Reviewable but not pre-selected.
- Marketing — sender domain or name matches a newsletter pattern, or the thread contained an unsubscribe link.
- Internal — same-domain teammate. Skipped by default (invite them via Step 4 instead).
- Auto-reply — vacation responders / out-of-office. Not a real contact.
- Unknown — no rule fired; grouped under "review."
Approve a row to commit it to your live people table. Reject it to leave it staged but unimported.
What happens to rows you don't approve
Staged contacts that are neither approved nor explicitly rejected are auto-purged 24 hours after they were staged. A scheduled cron sweeps the staging tables on a fixed cadence. If you come back later and want to redo the import, just run the inbox sync again — the staging snapshot is rebuilt from your most recent mail history.
Revoking access
Disconnect at any time from Settings → Integrations. Disconnecting stops all background syncs (Gmail push, Outlook delta, contact sync), revokes the stored tokens, and unsubscribes any Pub/Sub watches. You can also revoke directly from your Google account permissions or your Microsoft work-account portal.
If you authorize Gmail but never finish signup
If you authorize Gmail during signup but never complete account setup (closed the tab, payment failed, abandoned mid-onboarding), the OAuth grant you gave Google is still sitting in our system but not tied to any workspace. Laureo cleans these up automatically on a two-stage lifecycle so nothing lingers indefinitely:
- 24-48 hours after authorization— A “Complete your signup” email is sent to the address on the OAuth grant. One nudge per user, deduped on a per-user basis so you don't get a flood if you authorized multiple times.
- 7 days after authorization— If you still haven't completed signup, the orphan token is hard-deleted, the Gmail Pub/Sub watch is stopped, and the cleanup is logged to the security audit trail. The Google OAuth grant on Google's side remains until you explicitly revoke it — visit your Google account permissions to revoke it manually.
No further action is required on your part. If you do come back to finish signup within 7 days, the existing authorization is automatically attached to your new workspace and the cleanup is skipped.