What we ask for. What we don't.
Half the trust signal is the scopes we deliberately do NOT request. We document both, in plain English.
OAuth scopes
- ✓gmail.send: to send pitches from your real Gmail account
- ✓gmail.readonly on threads we sent: to detect replies on our outbound threads only
- ✓userinfo.email, userinfo.profile: to identify your account
- ✕We do NOT request gmail.modify, gmail.compose, or gmail.labels
- ✕We do NOT read any inbound message that is not a reply to a pitch we sent
- ✕We do NOT access your contacts, calendar, drive, or any other Google service
- ✓Mail.Send: to send pitches from your real Outlook account
- ✓Mail.Read on threads we sent: to detect replies on our outbound threads only
- ✓User.Read: to identify your account
- ✕We do NOT request Mail.ReadWrite or Mail.Send.Shared
- ✕We do NOT read any inbound message that is not a reply to a pitch we sent
- ✕We do NOT access your contacts, calendar, OneDrive, or Teams
Data residency
Our default data residency is the United States (us-east-1). EU data residency (eu-west-1) is available on Enterprise plans. Data is encrypted at rest (AES-256) and in transit (TLS 1.3).
GDPR & DPA
We are GDPR-ready. A signed Data Processing Addendum (DPA) is available on request. Email security@pitchcentric.com.
Subprocessors
Incident response
In the event of a security incident affecting customer data, we will notify the primary admin of every affected workspace within 72 hours of confirmed detection. We will publish a public post-mortem within 14 days for any incident classified as High or Critical.
Security documentation
Security documentation, a signed DPA, and our subprocessor list are available on request. Email security@pitchcentric.com.
Security disclosure
Found something? Email security@pitchcentric.com . we will acknowledge within one business day.