Sortd uses the industry standard OAuth process to authenticate you and access your Google account.
During the OAuth process you will be asked to give Sortd permission to access your Google account. These permissions are required in order for Sortd to work.
Additional permissions may be requested depending on which Sortd tools you make use of; for example the Sortd Chrome Extension will ask for permissions that are unique to Chrome Extensions, whereas the mobile application(s) and Gmail Add-on will ask for different sets of permissions.
Types of Permissions
Google OAuth Permissions
These are the initial permissions you grant when logging in to Sortd for the first time and are required in order to make use of the Sortd.
These permissions enable Sortd to access to your Google account, through Google controlled interfaces for activities which cannot be done simply through the Gmail website. These permissions also allow Sortd to obtain some basic information about you, such as your email address and name.
By providing these permissions Google provides Sortd security tokens, using the industry standard OAuth mechanism. Sortd never receives your Gmail password, and you can revoke the Sortd security tokens (and hence permissions) at any time via the Google security tools.
During the OAuth process Sortd will request permissions to Gmail, which Google may display as, the ability to:
Read, compose, send, and permanently delete all your email from Gmail
Have Offline access
These permissions are required in order to allow Sortd to interact with your email and to perform offline actions such as sending reminders even when you are not in front of your computer using the Sortd.
The permissions are required, because of the way the permissions system works on Gmail. Sortd does NOT read the content of your email, additionally Sortd will never delete your email unless you specifically ask it to, or it is performing a shared email email sync which causes the old email to be replaced by a newer updated version of the shared email thread.
Sortd Chrome Extension Permissions
The main component of Sortd is implemented as a Chrome Extension, which requires permissions in order to be installed into your Chrome browser.
The Chrome Extension will request the following permission:
Read and change your data on app.sortd.com and mail.google.com
This permission allows Sortd to load when you open Gmail (mail.google.com) and interact with the Sortd backend services (app.sortd.com).
Sortd Gmail Add-on Permissions
These are the permissions that you are requested to provide when you install the Sortd Gmail Add-on.
The Sortd Gmail Add-on allows Sortd to provide functionality inside the Gmail mobile application on Android and iOS (and web browser, if you don’t have the Chrome Extension installed).
The Add-on will ask for the following permissions, which are inherent to all Gmail add-on’s and not specific to Sortd:
View your email message metadata when the add-on is running
Run as a Gmail add-on
Connect to an external service
View and manage data associated with the application
Why does Sortd need so many Permissions?
Much of the functionality that Sortd provides require access to Gmail via the Gmail API. This is a backend system that Google makes available for services such as Sortd to provide enhanced capabilities, over and above what is ordinarily available in Gmail. The Gmail API requires each Google user to authorise Sortd's access to their email.
Sortd does not store email content, but only certain email metadata such as the MessageId, Sender, Subject and Date are then only when certain Sortd features are used.
Sortd does not store the actual email content (body), but may store the email metadata mentioned above in cases such:
the email message is added to a Sortd Board, and/or
the email message is ‘snoozed’ or has a reminder set on it
Simply reading email inside Sortd does not result in Sortd storing any data of any kind.
Sortd security processes are audited by Google on an annual basis to ensure that Sortd is protecting users from malicious actors.