Google Data Access and Gmail Import
Foldly allows workspace owners to connect a Gmail account and import historical email attachments into their workspace. This page explains what data Foldly accesses, what it stores, how it processes imported content, and what controls are available to the user.
This page is specific to the Gmail import feature. For general security and data handling information, see Security & Data Handling.
Overview
The Gmail import feature is designed for users who want to bring email attachments (such as client documents, tax forms, or signed agreements) into their Foldly workspace without downloading and re-uploading them manually.
Connecting Gmail is entirely optional. The feature must be initiated by the workspace owner from the Settings page. Foldly does not access any Gmail data unless the user explicitly connects their account and starts an import.
What Access Foldly Requests
Foldly requests the gmail.readonly OAuth scope. This grants read-only access to the connected Gmail account. Foldly cannot send, delete, modify, or label emails in the user's inbox.
The OAuth consent flow is initiated when the user clicks "Connect Gmail" in the Settings page. Google displays a consent screen describing the requested permissions before the user authorizes access.
What Data Foldly Reads
When an import job runs, Foldly reads the following data from the connected Gmail account:
Email headers: Sender name and address, recipient addresses, subject line, and date for each email that contains file attachments.
Body preview: A short plain-text preview of the email body, limited to 500 characters. If the email is HTML-only, the HTML tags are stripped to produce a plain-text preview. This preview provides context for the imported attachments.
Attachment file contents: The binary content of file attachments (PDFs, documents, images, spreadsheets, and other files) attached to emails.
Message identifiers: Gmail message IDs and thread IDs, used to prevent importing the same attachment more than once across overlapping import jobs.
Foldly filters for emails that contain attachments. Emails without attachments are not fetched or stored. Inline images (such as tracking pixels, email logos, and signature icons) are filtered out during import and are not treated as attachments.
What Data Foldly Stores
After an import job completes, the following data is persisted:
Stored in the database:
Sender email address, sender display name, and sender domain
Email subject line
Body preview (up to 500 characters of plain text)
Gmail message ID and thread ID (for deduplication)
Date the email was sent and received
Per-attachment processing records (filename, MIME type, size, processing status)
Stored in workspace file storage (Supabase Storage or Google Cloud Storage):
Imported attachment files, stored in the same private buckets as files uploaded through shareable links or email ingestion
Imported files are treated identically to any other file in the workspace once stored. They appear in the workspace file browser and are subject to the same access controls, storage limits, and deletion behavior.
What Foldly does not store:
Full email body text beyond the 500-character preview
Email recipients other than the sender (not persisted in the email metadata record)
Draft emails, sent mail, or any email content unrelated to attachments
Labels, folders, or organizational data from the Gmail account
How Imported Content Is Processed
Background Import Jobs
Gmail imports run as background jobs. When the user starts an import, Foldly creates an ingestion job that runs in batches through a scheduled worker (every 5 minutes). The user can monitor import progress from the Settings page.
The import process follows these steps:
Discovery: Foldly queries the connected Gmail account for emails containing attachments within the requested date range.
Deduplication: Each attachment is assigned a dedup key based on the Gmail message ID and attachment ID. Attachments that were already imported in a prior job are skipped.
Download and storage: Attachment file contents are downloaded from Gmail and stored in the workspace's file storage.
Security scanning: Imported files pass through the same content-level scanning applied to other uploads (magic byte verification, dangerous content pattern detection) and are scanned for malware via VirusTotal.
Record creation: A file record and email metadata record are created in the database, linking the imported file to its source email context.
Import jobs support pause, resume, and cancel controls from the Settings page. Paused jobs can be resumed later. Canceled jobs stop processing and cannot be resumed.
If a job is interrupted (for example, by a deployment or timeout), it resumes from where it left off on the next worker tick. Failed attachments are retried up to three times before being marked as permanently failed.
AI Processing
Imported attachments may be processed by AI for classification, summarization, data extraction, and automated filing. This uses the same AI pipeline as all other files in the workspace. AI processing sends file content to external AI providers (currently NVIDIA NIM by default; additional providers may be configured).
Each AI provider's own data handling and retention practices are governed by their respective terms of service and privacy policies.
OAuth Token Handling
Token Storage
When the user completes the Gmail OAuth consent flow, Foldly receives an access token and a refresh token from Google. Both tokens are encrypted at rest using AES-256-GCM before being written to the database. The encryption key is separate from the key used for link password encryption.
Tokens are stored in the email_connections table alongside the connected email address, granted scopes, and connection status.
Token Refresh
Gmail access tokens are short-lived. When a token expires during an import job, the Google API client automatically refreshes it using the stored refresh token. The refreshed token is re-encrypted and persisted to the database so that subsequent jobs can use it without requiring the user to re-authorize.
OAuth State Security
The OAuth authorization flow uses signed, time-limited state parameters with HMAC verification and browser cookie nonce binding. A one-time nonce is consumed via Redis to prevent replay attacks. The state token expires after 10 minutes.
User Controls
Connecting Gmail
The user initiates the Gmail connection from the Settings page. Google's consent screen is displayed before any access is granted. The user must explicitly approve the gmail.readonly scope.
Monitoring Imports
Active and completed import jobs are visible on the Settings page. The user can see progress (messages scanned, attachments discovered, attachments processed, files created) and job status (queued, running, paused, completed, failed, canceled).
Pausing and Canceling
Running import jobs can be paused or canceled from the Settings page. Paused jobs can be resumed later. Canceled jobs stop processing and cannot be resumed.
Disconnecting Gmail
The user can disconnect their Gmail account at any time from the Settings page. Disconnecting:
Sets the connection status to "revoked"
Deletes the stored encrypted access token, refresh token, and token expiry from the database
Preserves the connection record itself for audit trail purposes (with all sensitive token fields cleared)
Previously imported files and their associated email metadata remain in the workspace until the user explicitly deletes them.
Revoking Access at the Google Level
Disconnecting within Foldly removes Foldly's stored tokens, but does not revoke Foldly's authorization at the Google level. To fully revoke Foldly's access to the Gmail account, the user should visit their Google Account permissions page and remove Foldly from the list of authorized applications.
Deleting Imported Files
Imported files can be deleted individually or in bulk from the workspace, the same as any other file. Deleting a file removes it from both storage and the database, including any associated AI analysis results. Email metadata associated with deleted files is retained for audit purposes but does not reference the deleted file.
Limitations
Foldly currently supports Gmail as the only inbox connector. Other email providers are not available at this time.
Gmail access is read-only. Foldly cannot modify, delete, label, or send emails in the connected account.
Files larger than the workspace's plan-level size limit are rejected during import.
Inline images smaller than 5 KB, tracking pixels, and email decoration images (GIF, SVG, ICO) are automatically filtered out and not imported.
Import jobs process attachments in batches. Large mailboxes may require multiple cron cycles to complete.
Only one active import job can run per connected account at a time.
Google API Compliance
Foldly's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Related Pages
Trust Center: Overview of all published trust documentation
Security & Data Handling: General security, storage, and data handling overview
Upload Links and Access Controls: Link types, roles, editor verification, and owner-configurable protections
Subprocessors: Full list of third-party service providers and data categories
Privacy Policy: Full privacy policy including Google User Data section
Terms of Service: Terms of service
Questions
For questions about Foldly's Gmail integration or data handling practices, contact [email protected].
Last updated: March 29, 2026
Last updated
Was this helpful?