Bliss AI Bliss AI
Safe Gmail MCP

Safe Gmail MCP Privacy Policy

Last updated: May 27, 2026

Safe Gmail MCP is a local Model Context Protocol server by Bliss AI. It lets compatible AI clients use selected Gmail actions on your computer. This policy explains what Gmail data the tool can access and how that data is handled.

Gmail scope requested:

https://www.googleapis.com/auth/gmail.modify

Safe Gmail MCP uses this scope to list unread message headers, read a message body only when explicitly requested, send messages through Gmail after confirmation, and apply the Safe Gmail MCP/Processed label to messages it has handled.

Gmail data the tool may access:

  • Message IDs, thread IDs, labels, dates, senders, recipients, subjects, and snippets for header lists
  • Plain text and HTML body content only when a body-read tool is called for a specific message
  • Outgoing email recipients, subject, and body when you prepare or confirm a send
  • The processed label used to avoid repeatedly handling the same messages

What the tool does not do:

  • It does not delete Gmail messages.
  • It does not change Gmail settings, filters, forwarding rules, or mailbox configuration.
  • It does not download arbitrary attachments in v1.
  • It does not send email from a single MCP tool call.

Where data is stored:

OAuth tokens, pending sends, local config, and audit logs are stored on your machine under ~/.safe-gmail-mcp/. Safe Gmail MCP does not use a hosted token broker, and your Gmail OAuth tokens and Gmail message contents do not reach Bliss AI servers.

Default OAuth app metadata:

The installed package may fetch a default Google OAuth client ID and client secret from a Bliss-controlled HTTPS endpoint. That endpoint returns OAuth app metadata only. It does not receive your Gmail tokens or Gmail data. Users may instead bring their own Google OAuth app in the local connect screen.

Sharing and sale:

Bliss AI does not capture, store, or sell Gmail data. Gmail data accessed through Safe Gmail MCP is not used for advertising, is not shared with third parties, and does not reach Bliss AI servers. All data remains on your local machine.

Disconnect and delete local data:

  1. Run safegmail disconnect to delete the local Gmail token.
  2. Run safegmail disconnect --all to delete all local Safe Gmail MCP state, including tokens, saved OAuth app credentials, pending sends, config, and audit logs.
  3. You can also revoke access in your Google Account under Security, then Third-party access.

Contact:

For Safe Gmail MCP privacy questions, contact dhruv@meditatewithbliss.com.