How We’re Making Folio Even More Secure with Google

Amitree

May 17, 2019

Facebook
Facebook
Twitter
LinkedIn

You may have seen some news about Google’s move to more tightly regulate what third party companies can do with access to users’ Gmail. We couldn’t be more excited to participate in this process, as it will make Gmail safer, more secure, and build more trust in using products like Folio in Gmail.


So what’s happening?

Companies like us, Copper, Streak, Mixmax and many others rely on what’s called the Gmail API (which stands for Application Programming Interface, fancy-speak for a pipe that our software talks to Gmail through). With the Gmail API, we’re able to do all the magical things like organize email by business deal, client, and extract key information that makes creating transaction or project timelines a snap. Our algorithms are able to process millions of emails a day to know what goes where and that forms the basis of our email assistant. We also do this in Outlook/Office365 through Microsoft’s API.


Some third party services, however, have used the Gmail API in ways that weren’t really clear to the user. Some companies would pitch their users on the ability to unsubscribe from multiple annoying newsletters at once — for free! But, behind the scenes, they were making money by selling data about their users’ emails to big companies. Google did the right thing here and announced that they won’t be allowing companies to use their Gmail API in that way any longer. And they’re backing their announcement up with action: each company who wants to access the Gmail API from now on has to prove they’re only using it to deliver direct value to the email user and that they’re taking measures to keep your data secure and private.


The Audit

Google decided the best way to make companies like us prove they’re using the Gmail API within the guidelines is to put each one through a rigorous audit. Since February 2019, Google has been looking at our security practices, our data science practices, our privacy policy, what information we retain about our users and what we do not, what access our employees have to individual emails (only in cases of investigating a security breach or when aggregated and anonymized), and myriad other practices we employ to deliver Folio to our users. It’s a tremendous amount of work for each company that goes through this, and it doesn’t come cheap. But, we think it’s the best thing for the ecosystem that Google is actually going through each company with a fine-toothed comb, because one bad actor can truly ruin the bunch. Our business depends on trust — and so we’ve been eager to do whatever it takes to complete Google’s audit.


Soon, Folio will be a Verified Google API Company

So what comes at the end of all this? As we’re now in the final stages of the audit, we’re expecting to receive our verification that we comply with all the regulations, restrictions, and best practices outlined by Google to keep its Gmail users as secure as possible. We’ll be shouting this from the mountaintops, because we think it’s massive badge of honor to adhere to such a high bar of excellence and receive validation for the security and privacy practices we’ve been employing since day one.


Google’s messaging around compliance: what to expect

In the meantime, Google is responding to a high volume of submissions from companies participating in their audit, so the timeline for compliance has been extended from May 15 to June 26. Google may communicate with Gmail users and G Suite administrators in advance of that deadline to give a head’s up that a third party company (like us) is accessing the Gmail API and hasn’t completed their compliance review yet. If you receive something like this about Folio, don’t be alarmed. We’re confident we’ve now completed all the required steps and proven that we comply with all their requirements, so it’s just a matter of days or weeks until we get our big gold star of compliance.


Questions? Feel free to comment below or shoot us a note at folio@amitree.com with the subject line “Google Compliance”.

Who we are

We've built Folio: the first AI email assistant for professionals.

Folio plugs directly into your work email inbox and automatically organizes your email, giving you contextual access to all the information you need to increase your productivity in minutes.

We are a team of passionate product people and engineers that gets excited about solving complex processes and creating value for people.

We're a venture funded company backed by Accel Partners, Vertical Venture Partners, and other leading venture capital firms and angel investors such as Ash Patel and Jerry Yang.

Subscribe