Suppose your organization enforced strict security rules to protect your data or your customers’ data. In that case, you want to ensure that you are compliant with the level of expectations from your client/company when using YAMM. This article explains what permissions are needed, and why YAMM asks them during installation.
Which authorization scopes are needed for YAMM?
When you install YAMM, you are asked to accept many authorizations.
Authorization scopes | What does it mean? | Why does YAMM need these access? |
---|---|---|
|
This scope is required to read all resources and their metadata - no write operations. |
|
|
This scope is required to manage sensitive mail settings, including forwarding rules and aliases. Note: Operations guarded by this scope are restricted to administrative use only. They are only available to Google Workspace customers using a service account with a domain |
|
|
This scope is required to create, read, update, and delete drafts. Also, to use your drafts to send messages. |
|
|
All read/write operations except immediate, permanent deletions of threads and messages, bypassing Trash. |
|
|
This scope is required only to retrieve personalized attachments uploaded in Drive folder. |
|
|
This scope is required to import contacts. |
YAMM needs total access to your contact list: |
|
Like the scope 'Send email as you', many essential functions are done from within your Google Sheets (writing in your spreadsheet, adding filters to segment your recipient list etc.). |
YAMM needs total access to your spreadsheets:
|
|
This scope is required to send/retrieve information from Firebase, a real-time database from Google. Even if this authorization is described as an 'external service', it still stays within Google environment. |
|
![]() |
This scope is required to send emails. |
For the very core function of YAMM: To know more: [DATA PROCESSING] How are your emails being sent out? |
|
This scope is required to send emails later, to track your emails, to send email notifications on Form submissions or trigger. |
|
|
This scope is required to display sidebars inside Google applications. |
As YAMM is displayed inside Google Sheets, the access is needed:
|
Why does YAMM need those permissions?
Yet Another Mail Merge, as an add-on for Google Sheets, is well integrated within Google Workspace apps like Google Sheets, Gmail, Google Contacts and Google Drive.
It requires access to the Google environment to provide its services seamlessly across the Google Workspace apps.
So YAMM only requests the above permissions which are necessary for its functionality.
Review of permissions
Should you need to review the permissions you granted for YAMM, you can check it under Security settings of your Google Account at any time.
How safe is your data?
We commit ourselves to use these permissions only to be able to offer you the service that you have signed up for.
YAMM requires full access to your Drive folders and Gmail inbox, only to allow actions to be performed on your behalf. In no case the content of your spreadsheets and emails are stored or will be used for any other purposes or shared with any third-party services.
YAMM can't access to your Google account or your password at any time.
Beyond this, YAMM stores your name, email address and collects some usage information as you use YAMM. You can read a detailed article on this here: ‘[DATA STORAGE] How and which data do we store?’
Granting explicit access to your Google Sheets to the YAMM Support team
We, the YAMM Support team, may ask you to share your Google Sheets with edit permission or share your Gmail draft, to assist you with a question or an issue. That will enable us to troubleshoot your issue. You must explicitly share the relevant files/folders for us, but please be assured that:
- We will use the access only for the specified purpose and for the required duration of the investigation.
- We won’t make a copy of your spreadsheet data unless we want to show you an example, after which we will permanently delete the copy.
- We don't change the sharing settings or share the file with anybody else.
- We prompt you to stop sharing the files/folders with us, once our investigation is over.