Gmail API — Limited Use Disclosure

Last updated: May 27, 2026 · For: Clouget Punto de Venta (Desktop)

This page formally discloses how Clouget Punto de Venta, developed by TECNOMADE S.A., uses information received from the Gmail API, in compliance with the Google API Services User Data Policy, including the Limited Use requirements for sensitive scopes.

      TL;DR: Clouget POS uses the gmail.send scope solely to send the user's own invoices and notifications from the user's own Gmail account to the recipients chosen by the user (the business's own customers). We never read, list, modify, or delete emails. We don't see message contents — they go directly from the user's Gmail to the recipient. We do not use Gmail data for ads, training models, or any purpose unrelated to the invoice-sending feature explicitly requested by the user.
    

1. Application overview

Name: Clouget Punto de Venta
Developer: TECNOMADE S.A. (Ecuador, RUC 0993377128001)
Type: Desktop application (Windows, built with Tauri 2)
Purpose: Point-of-Sale software for small businesses in Ecuador (invoicing, inventory, customers, electronic SRI invoices, etc.)
Website: https://pos.clouget.com
Privacy Policy: https://pos.clouget.com/privacidad/
Terms of Service: https://pos.clouget.com/terminos/

2. Google scopes requested

Clouget requests only three Google API scopes, and only when the user explicitly clicks "Connect my Gmail" in the POS settings:

Scope	Type	Why we need it
`https://www.googleapis.com/auth/gmail.send`	Sensitive	To send electronic invoices (SRI-authorized PDFs and XML files) from the user's own Gmail address to the email address the user enters for each of their customers. The feature is invoked only when the user explicitly chooses to email an invoice. We do NOT read, list, modify, or delete any email — `gmail.send` grants send-only access.
`https://www.googleapis.com/auth/userinfo.email`	Non-sensitive	To display the email address the user just connected, so they can confirm which Gmail account is being used to send invoices (e.g. shown as "Sending from: tienda@gmail.com" in the POS settings UI).
`https://www.googleapis.com/auth/userinfo.profile`	Non-sensitive	To display the user's name in the "From" field of outgoing emails (e.g. "From: Tienda Don Pepe <tienda@gmail.com>") so the user's customers recognize the sender.

We deliberately use the most restrictive sending scope available. We do NOT request the broader scopes gmail.modify, gmail.readonly, gmail.compose, or the full https://mail.google.com/ scope.

3. How Gmail data is used

Clouget's use of Gmail API data is limited to the following operations:

The user clicks "Connect my Gmail" in Settings → Email accounts.
The OS web browser opens at Google's consent screen; the user signs in and authorizes Clouget POS.
Google returns a refresh_token + the user's email + display name, which the POS receives via a deep-link callback (clouget://oauth-email-callback).
The POS stores the refresh_token + email + display name in its local SQLite database on the user's PC. Tokens are never sent to TECNOMADE servers nor stored in any third-party database.
When the user (the business owner/cashier) emits an invoice and clicks "Send to customer", the POS sends to the email service the following: { refresh_token, sender_email, sender_name, recipient_email, subject, html_body, pdf_attachment, xml_attachment }.
The email service obtains a fresh access_token from Google using the refresh_token, constructs the email in RFC 5322 format, and POSTs to gmail.googleapis.com/.../messages/send.
The email is sent directly from the user's Gmail account to the recipient. The email service does not retain the message body, tokens, or recipient information after the API call completes (stateless processing).

4. Limited Use compliance (formal statement)

Clouget POS's use and transfer to any other app of information received from Gmail APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, Clouget POS:

4.1 Allowed use cases — we ONLY use Gmail API data to:

Provide the user-facing feature that the user explicitly activated: sending the user's own invoices from the user's own Gmail account to recipients chosen by the user.
Comply with applicable law (e.g. tax authorities requiring proof of invoice delivery).

4.2 Prohibited use cases — we DO NOT:

❌ Use Gmail API data for serving advertisements.
❌ Use Gmail API data to develop, improve, or train generalized AI/ML models.
❌ Read, list, modify, or delete any of the user's existing emails (the gmail.send scope does not grant any of these abilities).
❌ Send emails to recipients not explicitly chosen by the user.
❌ Transfer Gmail data to others unless necessary to provide or improve the user-facing feature, comply with the law, or as part of a merger, acquisition or sale of assets (with prior user notice).
❌ Allow humans to read user data, except:
- With the user's explicit prior consent.
- For security purposes (e.g. to investigate abuse).
- To comply with applicable law.
- For operations where the data are aggregated and anonymized for internal operations.

5. Data storage and processing

Refresh tokens are stored exclusively on the user's local PC, inside the POS's SQLite database. They are never transmitted to TECNOMADE persistent storage.
Email contents (subject, body, attachments, recipient) flow through the email microservice email.clouget.com only for the duration of one API call to Gmail. They are not logged, not cached, not stored. The service is stateless with respect to message content.
Sender's email address and display name are stored in the POS local database so that the UI can show "Sending from: X". They are not shared with TECNOMADE servers.
OAuth client secret is held in environment variables of the email microservice (server-side only). It is never embedded in the desktop application.
The email service runs on TECNOMADE's own VPS (Quebec, Canada — provider OVH). Communication with Google APIs uses TLS 1.3.

6. Data sharing with third parties

Clouget POS does not share Gmail user data with any third party other than Google itself (the destination of the API calls).

The email microservice email.clouget.com is operated by TECNOMADE S.A. and is the only intermediary between the user's POS and Google's servers. It exists for two reasons:

To keep the OAuth Client Secret out of the distributed desktop binary (security best practice).
To allow the same backend to support multiple email providers (Gmail OAuth, SMTP fallbacks) without requiring the user to configure each one manually.

7. User control and revocation

Users can revoke Clouget's access to their Gmail at any time:

From the app: Configuration → "Mi Gmail para enviar facturas" → "Disconnect". This removes the refresh_token from the local database.
From Google directly: https://myaccount.google.com/permissions → search for "Clouget POS" → Remove access. This revokes all tokens server-side at Google.

Upon revocation, no further emails will be sent from the user's Gmail. Already-sent emails remain in the user's Gmail "Sent" folder as they would for any normal email.

8. Security measures

All communications with Google APIs use HTTPS/TLS 1.3.
Refresh tokens stored locally are protected at the OS file-system level (the SQLite database lives under %LOCALAPPDATA%/CloudgetPOS/ with default user-only permissions).
The OAuth Client Secret is held in environment variables on a private VPS and never shipped in the desktop binary.
The email microservice runs in a hardened Docker container, isolated from other services, with only port 443 exposed via reverse proxy (nginx).
Email message processing is stateless: no message body, recipient, or token is logged or persisted beyond the duration of the API call.

9. Compliance with Google policies

Clouget POS follows:

Google API Services User Data Policy
Limited Use Policy
OAuth 2.0 best practices
Gmail API Scopes guidelines (we use the minimum scope for our purpose)

10. Contact

For questions about this disclosure or our use of Gmail API:

Email: jviera@tecnomade.net
Address: TECNOMADE S.A. — Andrés Marín 108 y Aguirre, Ecuador
RUC: 0993377128001