Security and Data Use

• TLS is required for all web traffic and provider API calls.
• Provider access tokens are stored server-side and refreshed securely.
• Authentication and billing are separated from add-in logic.
• Operational logs are used for reliability and abuse prevention.

• https://www.googleapis.com/auth/gmail.addons.execute
• https://www.googleapis.com/auth/gmail.readonly
• https://www.googleapis.com/auth/gmail.send
• https://www.googleapis.com/auth/script.external_request

• Threadclip uses Google user data only to perform user-initiated clipping and forwarding actions.
• Threadclip does not sell Google user data.
• Threadclip does not use Google user data for advertising.
• Threadclip does not transfer Google user data to third parties except as required to provide or secure the service, or to comply with law.

• Users can disconnect Google and Microsoft providers from settings at any time.
• Users can schedule account deletion from settings; provider access is disconnected immediately.
• Scheduled deletion cleanup removes user-linked Threadclip records after the deletion window, subject to limited legal, billing, security, and abuse-prevention retention.
• Threadclip stores clip and activity metadata for account history and support operations.

Report security concerns to admin@threadclip.com with reproduction details and impacted endpoint URLs.