Skip to content
English
Go to timetoreply.com
  • There are no suggestions because the search field is empty.

Smart features permission and access

What controls Smart access?

Smart access is governed in layers. Company-level enablement decides whether Smart can be used at all. Mailbox-level participation decides where Smart experiences apply. Body-ingestion participation affects whether Smart text outputs and some Smart experiences are available.

This layered approach lets customers start with a small pilot group and expand only after admins have reviewed signal quality, privacy expectations, and operational impact.

Microsoft permissions

Microsoft OAuth scopes used by timetoreply include:

  • Standard mailbox connection: offline_access, User.Read, Mail.ReadBasic.
  • Login-only flow: offline_access, User.Read.
  • Body access / fallback re-authentication: offline_access, User.Read, Mail.Read.
  • Bulk/admin consent: offline_access, User.ReadBasic.All, Directory.Read.All, Mail.ReadBasic, Mail.Read.
  • Calendar sync, where enabled: Calendars.Read.

In customer terms, Mail.ReadBasic supports metadata-oriented mailbox reporting, while Mail.Read is required when email body content must be read for Smart body ingestion.

Google permissions

Google OAuth scopes used by timetoreply include:

  • Standard mailbox connection: https://www.googleapis.com/auth/gmail.metadata.
  • Google Workspace service account access: https://www.googleapis.com/auth/gmail.metadata.
  • Bulk/admin access: https://www.googleapis.com/auth/gmail.metadata, Directory user read-only, and Directory group read-only.
  • Calendar sync, where enabled: Calendar events read-only.
  • Body ingestion: https://www.googleapis.com/auth/gmail.readonly.
  • Chrome extension sign-in/profile: userinfo.email, openid, and userinfo.profile.

Existing Google mailboxes may need to be re-authenticated before email bodies can be ingested for Smart features.

Mailbox participation

Company admins can control mailbox participation so Smart-enabled workflows can be rolled out gradually instead of enabled everywhere at once.

Use this for pilot rollouts, sensitive-team exclusions, or staged adoption across departments. Participation should be documented for each pilot so managers know which mailboxes should show Smart context.

Body-ingestion participation

Smart body ingestion pulls in email text content in addition to the email metadata already used for reporting. Body ingestion is required for Smart features that depend on message text, such as summaries, evidence snippets, and some classifications.

Customers have two levels of control:

  • Pause Smart features: reversible; stops Smart body-ingestion workflows while retaining existing Smart data until deletion is requested.
  • Delete all Smart data: permanent; schedules deletion of stored Smart-derived insights and encrypted email body content.

If body ingestion is disabled, some Smart fields or text outputs may be unavailable even when other Smart controls are enabled.

Company-level Smart controls

Company-level Smart enablement acts as the top-level control. Mailbox-level participation determines where Smart experiences apply beneath that setting.

A practical way to explain this is: company-level access decides whether Smart can be used, while mailbox participation decides where it is used.

Admin role boundaries

Company admins control Smart rollout settings, including company-level Smart participation, privacy mode, and mailbox-level participation. Some internal rollout or support controls remain timetoreply-only.

For account-specific permission review or escalation, contact your account manager or support@timetoreply.com.