Cloudo AgentsCloudo Agents

Google integration

You connect Google through a small app you create in your own Google account, then your Agent asks for the smallest set of permissions it needs — and nothing more. This page lays out exactly what's requested, why, and what we promise not to do with the data.

Who's behind this

Cloudo is an independently operated service based in Australia. Cloudo hosts pre-built AI agents that small businesses connect to messaging channels and tools — including Google Workspace — so they can run scheduling, intake, and customer-facing workflows without writing any code. Google is connected using an OAuth app you create in your own Google account, so the consent screen and the app are yours; Cloudo stores the resulting credentials encrypted and uses them only to run your Agent.

OAuth scopes your Agent requests

Each Agent template asks for the narrowest scope it needs to do its job. If a template doesn't need calendar write access, it won't request it. The Google scopes that may be requested are listed below.

Calendar events (read + write)

https://www.googleapis.com/auth/calendar.events

What we use it for: Agents that book meetings or manage schedules — such as our Executive Assistant template — read your existing events to find free times and write new events for confirmed bookings on the customer's behalf.

What we don't do with it: We do not access calendars other than the ones the user has consented to. We do not read event content to train AI models. We do not share event details with third parties beyond the AI provider that responds to the immediate user request.

Read email

https://www.googleapis.com/auth/gmail.readonly

What we use it for: Agents that triage, summarise, or respond to incoming mail — such as Customer Support or an inbox assistant — read and search your messages to understand what's been asked.

What we don't do with it: We do not read mail to train AI models, build advertising profiles, or sell data. Only the Agent acting on your behalf reads it, and only to perform the task you asked for.

Send email

https://www.googleapis.com/auth/gmail.send

What we use it for: Agents that reply to customers or send confirmations send mail from your account so replies come from you, not a third party.

What we don't do with it: We do not send mail except as part of the workflow you configured. We do not send marketing on our own behalf from your account.

Drive files the Agent creates or opens

https://www.googleapis.com/auth/drive.file

What we use it for: Agents that save documents, attachments, or exports write them to your Drive, and read back the files they created or that you explicitly open with the Agent.

What we don't do with it: This scope does not grant access to your whole Drive — only files the Agent created or you opened with it. We do not scan your existing Drive contents.

Google Sheets (read + write)

https://www.googleapis.com/auth/spreadsheets

What we use it for: Agents that log bookings, intake, or tracking data read and append rows to the spreadsheets you point them at — for example a Sheet of appointments.

What we don't do with it: We do not read spreadsheets to train AI models or share their contents beyond the AI provider answering the immediate request.

Google Docs (read + write)

https://www.googleapis.com/auth/documents

What we use it for: Agents that draft, update, or summarise documents read and edit the Docs you point them at — for example appending notes to a running document.

What we don't do with it: We do not read documents to train AI models or share their contents beyond the AI provider answering the immediate request.

Limited Use commitment

Cloudo's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data to develop, improve, or train generalised AI/ML models. We do not transfer Google user data to third parties except as needed to provide the user-facing feature you asked for, to comply with applicable law, or as part of a merger or acquisition with notice to you. We do not use Google user data for advertising. We do not allow humans to read Google user data except with your explicit consent for specific messages, for security investigations, where required by law, or for internal operations on aggregated and anonymised data.

Storage and access

Both your Google app's client secret and the refresh token are encrypted at rest using envelope encryption before they're written to our database, and are decrypted only when an Agent acting on your behalf needs to call a Google API. Access tokens are short-lived (typically one hour) and are refreshed on demand. Only the Agent tied to your tenant can use them.

Revoking access

You can disconnect Cloudo from your Google account at any time. We honour the disconnect immediately and delete the stored refresh token within thirty days. You can do this from either side:

Questions or concerns

For any privacy or security question about the Google integration, contact our Privacy Officer at [email protected]. The full Privacy Policy is at /privacy.

Google integration — Cloudo