This article explains what access Claap has to your mailbox, who can see imported emails, and the safeguards that keep personal and private emails out of the shared view.
For setup, see How do I connect my mailbox? For how matching works, see How does email sync work?
Read-only access
The mailbox connection is read-only. Claap cannot send, edit, or delete email on your behalf. When you connect, Claap requests these scopes only:
Gmail: read-only mail access + your email address
Outlook: read mail + basic profile (User.Read)
Not every email is read or stored: only emails that match a CRM deal are ever imported (see the matching and exclusion rules below).
Who can see the email content
Emails that get matched to a deal become visible to the whole workspace, not just the person who connected the mailbox.
Any workspace member who can see a deal can read the emails surfaced onto that deal, including the body, subject, and participants, regardless of which colleague's mailbox they came from.
There is currently no per-user privacy restriction on imported emails beyond the workspace boundary and the matching/exclusion rules.
This is by design (a shared view of the deal). The exclusion rules below are what protect personal and private emails from ever reaching that shared view.
Which emails are automatically excluded
Only emails that can be matched to a CRM deal are imported. On top of that, several filters automatically drop emails before they ever reach the shared view. These run automatically and cannot be configured per customer today:
No deal match > excluded. An email that can't be tied to a deal is never stored or shown.
Sensitive or private subjects > excluded. If the subject line contains privacy keywords, the email is skipped. The list is multi-language (EN/FR/ES/DE) and includes terms such as confidential, private, personal, privileged, sensitive, interview, offer letter, 1:1 / one-on-one, 401k, and their French, Spanish, and German equivalents (confidentiel, privé, entretien, vertraulich, Vorstellungsgespräch, etc.). This is the main guardrail against personal HR, recruiting, or private mail reaching the shared deal view.
Automated / no-reply senders > excluded. Emails from around 160 known automated or shared-inbox sender names are dropped, for example no-reply, noreply, notifications, support, billing, invoice, marketing, newsletter, sales, info, hello, receipts, calendar-notification, jira (matched on the part before the
@).Auto-replies & bulk mail > excluded (detected via standard email headers).
Calendar invites / meeting notifications > excluded (including Zoom, Google Calendar, and Microsoft Teams notification senders).
Mass emails > excluded. Anything with more than 50 total recipients (to + cc + bcc) is skipped.
Which folders Claap reads
Claap only reads specific folders, and never touches the rest:
Gmail: Inbox and Sent only
Outlook: Inbox only
Spam, Trash, Drafts, and other folders are never read.
What happens to your data when you disconnect
Future syncing stops, and Claap removes its raw copy of your mailbox data.
Emails already surfaced on deals are not deleted, they remain visible in the workspace's Activities. Disconnecting is not a way to pull back emails that have already been shared.
Gmail: Claap's access grant is revoked automatically only if this was your last Claap connection for that Google account across all workspaces.
Outlook: Claap deletes its data and token, but does not revoke access on Microsoft's side automatically. To fully revoke access, remove Claap in your Microsoft account settings.