When you sign up to Woven and add your accounts, we ask permission to access your Google and Office 365 information.
Here is how we specifically use the permissions you grant to Woven
See, edit, share, and permanently delete all the calendars you can access using Google Calendar: Woven is a calendar-centric application and we constantly add new calendaring functionality. We ask for necessary permissions here to better manage your calendars and events within Woven.
See and download your contacts: We use your contacts to auto-complete email addresses (such as meeting attendees) within Woven. Because we use this permission for email address auto-complete only, names and email addresses are the only things we retain from your contacts. We do not, for example, retain any phone numbers or physical addresses.
Optional and opt-in email access
If you signed up to Woven prior to September 2019, Woven also asked for email access to your Google account. Since September 2019, email access is optional and opt-in. We now ask access to only your calendars and contacts, but you can add email access to enable additional Woven features.
Here is how we use email-related permissions:
Send email on your behalf: This permission is solely used to allow you send new email messages from Woven -- for example, to send a scheduling link to your meeting guests. We sometimes pre-populate the text to send but we never automatically send anything. For every message we send using this permission, you always have to click on an action button in Woven user interface.
View and modify but not delete your email: Woven bridges the gap between your email and calendar by (a) allowing you to view emails associated with a meeting; and, (b) automatically detecting new scheduling-related emails. These two features utilize the “view” permission to achieve their functionality. The “modify” permission is used to label the detected scheduling emails inside Gmail so that you know Woven recognized them.
You can always revoke these permissions from Woven by visiting https://myaccount.google.com/permissions in a browser, expanding the name “Woven” and clicking on “Remove Access” button.
You can also ask your Woven account to be temporarily deactivated or permanently deleted by visiting the Woven account manager and clicking on "Cancel your Woven account" button towards the bottom of the page.
For those who are familiar with OAuth 2.0 scopes for Google APIs, Woven uses a subset of available OAuth 2.0 scopes to access Google OAuth2 API v2, Calendar API v3, Gmail API v1 and People API v1. Specifically:
Optional and opt-in:
More information about these scopes can be found here: