Gmail / Google Workspace Integration

How Rapitek CRM uses your Gmail data

Rapitek CRM is a multi-tenant SaaS Customer Relationship Management application built and operated by Rapitek (Istanbul, Türkiye, founded 2018). When you connect your Gmail account, Rapitek CRM syncs your business email conversations into the matching customer records so your sales and support teams have a complete history of customer communication on one screen — without copy-pasting emails or installing Chrome extensions.

This page describes — for users, IT administrators, and Google's OAuth reviewers — exactly what Google account data Rapitek CRM accesses, why each scope is requested, how the data is stored and protected, and the user controls available for revoking access or deleting data.

What the integration does

📥 Inbound email sync

When a Gmail message arrives from (or is sent to) an email address that matches a Lead, Contact, or Account in your CRM tenant, Rapitek pulls the message metadata + body and attaches it to that customer record's activity timeline. Threading is preserved — replies append to the existing thread.

📤 Outbound send-on-behalf

Sales reps can send emails to customers from inside Rapitek CRM. The message is delivered through your Gmail (so it appears in your "Sent" folder and uses your real "From" address) and simultaneously logged to the customer record in CRM.

📊 Open + click tracking (opt-in per email)

For sales-cadence emails, the user can opt in per-message to a tracking pixel + link rewriting that records when the recipient opens the email or clicks a link. Open/click events are stored on the customer activity timeline. Standard transactional emails are not tracked.

🤖 AI email features (powered by Anthropic Claude)

When a sales rep asks the AI assistant to draft an outreach or reply, the AI may read the most recent thread context (last few messages from the matched contact) to generate a personalized draft. Drafts always require human review and one-click approval before sending — the AI does NOT autonomously send messages.

OAuth scopes requested and why

When you click "Connect Gmail" in Rapitek CRM Setup → Email, you are taken to Google's standard consent screen. The exact scopes requested:

Scope	Why we need it
`https://www.googleapis.com/auth/gmail.readonly`	Read message metadata + body for conversations matching CRM contact email addresses, so they can appear inside the matching contact record. We do not read messages for non-CRM addresses; results are filtered server-side before any storage.
`https://www.googleapis.com/auth/gmail.send`	Send emails composed inside Rapitek CRM ("send on behalf"), so the user's "From" address and Sent folder reflect the real sender.
`https://www.googleapis.com/auth/gmail.modify`	Apply a "Synced to Rapitek CRM" Gmail label to processed messages so users can audit which messages have been synced. We do not delete messages, do not move them between folders unless the user explicitly archives via the CRM UI, and do not modify message content.
`https://www.googleapis.com/auth/userinfo.email` `openid`	Identify which Google account is being connected, so we associate the OAuth tokens with the correct Rapitek CRM user.

We do NOT request the broader gmail.full scope, contacts scopes, drive scopes, or any other Google services scopes.

Google API Services User Data Policy — Limited Use disclosure

Rapitek CRM's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

✓ We use Gmail data only to provide and improve user-facing features that are prominent in the requesting application's user interface (i.e. the Rapitek CRM email inbox / customer activity timeline that users explicitly choose to use).
✓ We do not transfer Gmail data to others except as needed to provide or improve user-facing features that are prominent in the requesting application's user interface, in compliance with applicable law, or as part of a merger / acquisition / sale of assets (with your continued consent).
✓ We do not use Gmail data for serving advertisements, including retargeting, personalized, or interest-based advertising.
✓ We do not allow humans to read Gmail data unless we have your affirmative agreement for specific messages (e.g. you flag a message for support investigation), it is necessary for security purposes (e.g. investigating abuse), to comply with applicable law, or for operational purposes against aggregated and anonymized data.
✓ We do not use Gmail data to train or improve generalized AI / ML models. The AI email-drafting feature uses Anthropic's Claude API in stateless mode — Anthropic does not retain or train on the content per their commercial API terms.

How Gmail data is stored and protected

Storage location: Synced messages are stored in your tenant's private MySQL database, hosted in the European Union (Hetzner Helsinki — GDPR-compliant data center). Each Rapitek CRM customer (tenant) has a physically separate database; one customer cannot read another's data even at the database layer.
Encryption: Data in transit is protected by TLS 1.3 (Cloudflare in front of nginx). Data at rest is on AES-256-encrypted volumes. OAuth refresh tokens are stored encrypted at rest with Fernet (symmetric authenticated encryption).
Access controls: Only authenticated users belonging to your tenant can read your synced Gmail data, and only via the application's role-based access controls. Rapitek staff do not access tenant data unless the tenant explicitly opens a support ticket asking us to investigate a specific issue, and access is logged in an immutable audit log.
Retention: Synced messages stay in your tenant database for as long as the matched customer record exists. When you delete a customer record, all attached email threads are soft-deleted (90-day grace) then hard-deleted. When you disconnect Gmail or delete your Rapitek CRM account, all stored messages and OAuth tokens are deleted within 30 days.
Sub-processors: We use Hetzner (Germany / Finland — infrastructure hosting), Cloudflare (USA — DDoS / CDN, no message bodies pass through Cloudflare's logs), and Anthropic (USA — Claude API for opt-in AI email drafting, stateless / no training).

How to revoke access or delete data

1. Disconnect from inside Rapitek CRM: open Setup → Email → click "Disconnect Gmail" next to your Google account. This invalidates the OAuth tokens on our side and stops all sync immediately. Already-synced messages stay attached to customer records (you can delete them per record). Re-connecting later is a fresh OAuth consent.
2. Revoke from your Google Account directly: visit myaccount.google.com/permissions, find "Rapitek CRM," and click "Remove Access." Google immediately invalidates the tokens; our scheduled sync detects the revocation on its next run and stops attempting access.
3. Delete all synced messages: contact us via the contact form with the email "Delete my synced Gmail data" and we will hard-delete all stored messages from your tenant within 7 business days. (Soft-delete via the CRM UI is also available per record.)
4. Close your Rapitek CRM account: contact us via the contact form. On account closure your entire tenant database (including all synced Gmail data) is wiped within 30 days.

Compliance & legal

KVKK (Türkiye)

Data controller: Rapitek. Tenant-segregated storage, consent log with IP, full data subject access / deletion request handling.

GDPR (EU)

EU-resident data centers, lawful basis = contract performance + legitimate interest, DPA available on request, 72-hour breach notification policy.

Google API Policy

Limited Use compliant (see disclosure above), in-scope verification ongoing, restricted scopes only when required.

Privacy & Terms: Privacy Policy · Terms of Service · Contact form · Security overview