Read-Only Gmail Access
Dispose requests Gmail read-only access so it can verify Gmail connectivity and organize messages by alias. Dispose does not request Gmail send, modify, delete, archive, or forwarding permissions.
OAuth Tokens
Google OAuth tokens are stored server-side so Dispose can verify and display alias inboxes for authenticated users. Tokens are not exposed to the browser and are used only to request fresh Gmail access tokens when the user keeps Gmail connected.
Least Privilege
The app is built around the narrowest Gmail capability needed for alias inbox separation: read-only access.
User Control
Users can revoke Google access at any time from Google Account permissions. Once revoked, Dispose can no longer access Gmail data for that account.
Review Scope
The Gmail connection page shows the granted scope and alias inbox results so users can confirm what access is active.
Reporting Issues
To report a security concern, contact us through the contact page and include enough detail to reproduce the issue.