Security Notice

Effective date: March 12, 2026

Authentication

OAuth 2.0 is used for Gmail API access. Access tokens are scoped to read/modify Gmail only.

Operational Security

• The app supports local execution and does not require third-party data sharing for core features.
• Users should protect local files and environment secrets.
• Revoke OAuth access immediately if unauthorized access is suspected.

Incident Response

Critical scan failures are logged with timestamps in observability alerts for troubleshooting.