Overview
This page explains, in plain English, what happens when you connect your Gmail account to ClaimStation. We wrote it so you can read it in five minutes before granting access, and so Google's OAuth-verification reviewers can confirm we operate within the Google API Services User Data Policy, including the Limited Use requirements for Gmail data.
01Why you might connect Gmail#
Public adjusters live in their inbox. Carrier denials, reservations of rights, settlement offers, engineer reports, payment notices, they all arrive there, mixed in with marketing, family email, and other noise. ClaimStation connects to your Gmail so we can:
- Pull inbound carrier and client emails into the matching claim record, so the file is complete and the next-step prompt in your dashboard is accurate.
- Surface time-sensitive carrier messages (a denial, a ROR, a settlement counter) at the top of your inbox view so you don't miss a statutory deadline.
- Let you press a button and have a reply drafted into Gmail for your review and sending. The system drafts; you commit. We never auto-send.
02Scopes we request and why#
| Scope | What it allows | Why ClaimStation needs it |
|---|---|---|
gmail.readonly | Read your Gmail messages, headers, attachments, and labels. | To find carrier and client emails relating to your claims and pull them into the corresponding claim record. Without read access, the claim correspondence inbox cannot exist. |
gmail.compose | Create draft messages in your Gmail account. | To support the "Draft a reply" button. ClaimStation drafts a response into your Gmail Drafts folder; you review, edit, and click send inside Gmail. We do not send anything on your behalf. |
openid + userinfo.email | Your Google account email address. | To confirm which Gmail inbox is connected so we can show it to you in Settings and refuse to mix two inboxes' content. |
We do not request gmail.send, gmail.modify, or any "full mailbox" scope. The minimum set above is what the product requires.
03What we do with the data, concretely#
- You authorize. You click "Connect Gmail" inside ClaimStation. Google shows you the standard consent screen. You see the scopes above and click Allow.
- We store the refresh token. Encrypted at rest with AES-256-GCM, server-side only. The plaintext token never leaves the server boundary.
- We watch for new mail. Either via Google Pub/Sub push notifications (recommended), or by polling every few minutes. Either way, ClaimStation only acts on newly arriving messages.
- We apply the privilege filter. Before any message body reaches the AI classifier or our database, it passes through a hard-coded filter that drops messages from attorney domains and family-court / custody-app domains. Those messages are not stored beyond a one-line audit log entry. This filter cannot be disabled by your firm's admin; it can only be extended to add more privileged domains.
- We classify the message. Non-privileged messages are sent to Anthropic's Claude (Haiku 4.5) under our zero-data-retention enterprise tier. The classifier decides whether the message is carrier correspondence, a settlement offer, a denial, a ROR, an engineer report, or something else, and which claim it belongs to.
- We file it. The message body, sender, timestamp, and Gmail message ID are written to the
correspondencetable, scoped to your firm's workspace. You can read it from the claim screen, mark it as handled, or delete it. - You draft a reply (optional). If you press "Draft reply," ClaimStation creates a draft inside your Gmail Drafts folder using the
gmail.composescope. You open it in Gmail, edit, and send from Gmail. ClaimStation never sends.
04The Limited Use commitments#
ClaimStation's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- Only for the features described above. Gmail data is used only to provide the claim-correspondence inbox and the reply-drafting feature. Not for any other product, not for any other purpose.
- No advertising. ClaimStation does not serve advertising. We do not use Gmail data for advertising, profiling, or analytics-by-third-party.
- No transfer to third parties except as strictly necessary to provide the features (e.g., temporarily passing message text to Anthropic's classifier under a DPA and zero-retention terms), or as required by law.
- No humans reading your mail. ClaimStation employees do not read your Gmail data except (i) with your explicit consent, (ii) to investigate suspected abuse or a security incident, (iii) to comply with law, or (iv) where the data is aggregated and anonymized for our own operations.
- Never used for AI training. Gmail data is never used to develop, improve, or train generalized or generative AI / ML models, neither ClaimStation's, nor any third party's.
05Disconnecting#
You can disconnect at any time from Settings → Integrations → Gmail → Disconnect. On disconnect:
- We call Google's revoke endpoint to invalidate the refresh token server-side.
- We delete the encrypted credential row from our database. After this point we have no further ability to read your Gmail.
- Imported correspondence that we already stored in your firm's claim records remains, those are your work product. You can delete individual messages from the claim view, or delete the claim entirely, or delete your account at /data-deletion.
You can also revoke ClaimStation from your Google account at myaccount.google.com/permissions. Doing it that way produces the same result on our side: API calls fail and the stored token becomes useless.
06Security#
- OAuth tokens encrypted with authenticated AES-256-GCM at rest.
- Tokens never logged, never sent to the browser, never available outside the server boundary.
- Webhook endpoints validated with a Pub/Sub verification token.
- Row-level security in Postgres scoping every read to the authorized workspace.
- See our security overview for the full set of controls.
07Questions#
Email privacy@claim-station.com. We'll answer in business-day time.