Integrations & Connector Disclosures

Last updated: April 24, 2026

Outpost lets you deploy Scouts that work with third-party services you already use. This page lists every connector available in Outpost, the authorization scopes each one requests, what Outpost does with the data it accesses, and how to revoke access. It supplements our Privacy Policy and Terms of Service.

General principles

  • Connections are optional. Outpost does not request access to any third-party service at signup. You only authorize a connection when you build or run a Scout that needs it.
  • Just-in-time, minimum scope. We request only the scopes necessary for the feature you are enabling, and we request them only at the moment they are first needed.
  • Run-time retrieval. Third-party data is fetched at the time a Scout runs. It is passed to an AI model selected and managed by Outpost to produce the Scout result, then stored with the run record under our seven-day retention policy.
  • No training.Data accessed through any connector is never used to develop, improve, or train generalized or non-personalized artificial-intelligence or machine-learning models — by Outpost or by any subprocessor.
  • Revocation at any time. You can disconnect any connector from the Connections page in your Outpost settings; you may also revoke access directly with the third-party provider.
  • Encrypted credentials. All OAuth access and refresh tokens are encrypted at rest in a managed secret vault and are only decrypted at run time to call the third-party API on your behalf.

Google (Gmail, Calendar, Drive)

  • When requested: only when you build or run a Scout that accesses Gmail, Google Calendar, or Google Drive.
  • Scopes requested:
    • https://www.googleapis.com/auth/gmail.modify — read messages, labels, and threads in your Gmail account, and send mail on your behalf. Outpost does not delete email; the “modify” capability is used only to label or archive when a Scout explicitly does so.
    • https://www.googleapis.com/auth/calendar.events — read and manage events on your Google Calendar.
    • https://www.googleapis.com/auth/drive.file — per-file access. Outpost can only see files or folders you explicitly pick for a Scout via the Google Picker; everything else in your Drive remains private to Outpost.
    • https://www.googleapis.com/auth/drive.appdata — access to a private, hidden, app-only folder in your Drive for Scout-internal state. Does not grant access to any of your visible Drive files.
  • Per-Scout file picking (Drive):when you build a Scout that uses Google Drive, Outpost opens a Google Picker dialog and asks you to select the specific file(s) or folder(s) the Scout should access. The Scout can only operate on what you pick. You can change the selection at any time from the Scout’s edit page.
  • Data accessed: Gmail messages and labels, calendar events, and the contents of Drive files you explicitly picked.
  • How it’s used: content is fetched at run time, passed to an AI model selected and managed by Outpost, and rendered into the Scout result delivered to your Outpost Inbox.
  • Retention: run inputs and outputs are stored in our US-based database for up to seven (7) days, then purged.
  • Training:Google user data is never used to train AI or ML models and is never shared with a subprocessor that would retain or train on it. Outpost’s handling of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.
  • Revocation: Outpost Connections page, or https://myaccount.google.com/permissions.

GitHub

  • When requested: only when you build or run a Scout that monitors GitHub repositories or notifications.
  • Scopes requested: repo, notifications, read:user.
  • Data accessed: repository content, issues, pull requests, and notifications visible to the authenticated account.
  • How it’s used: fetched at run time and passed to an AI model selected and managed by Outpost to produce the Scout result.
  • Retention: seven (7) days.
  • Revocation:Outpost Connections page, or GitHub → Settings → Applications → Authorized OAuth Apps.

Slack

  • When requested: only when you build or run a Scout that reads from or posts to a Slack workspace.
  • Scopes requested: channels:read, channels:history, groups:read, groups:history, chat:write, users:read, channels:join.
  • Data accessed: channel lists, message history in channels you authorize, workspace member information, and message-post capability on your behalf.
  • How it’s used: fetched at run time and passed to an AI model selected and managed by Outpost to produce the Scout result; Scouts may also post summaries or notifications to channels you configure.
  • Retention: seven (7) days.
  • Revocation:Outpost Connections page, or your Slack workspace admin’s App Management page.

HubSpot

  • When requested: only when you build or run a Scout that reads from or writes to your HubSpot CRM.
  • Scopes requested: crm.objects.contacts.read, crm.objects.contacts.write, crm.objects.companies.read, crm.objects.deals.read.
  • Data accessed: contact, company, and deal records in your HubSpot account; the ability to create or update contacts when a Scout is configured to do so.
  • How it’s used: fetched at run time and passed to an AI model selected and managed by Outpost to produce the Scout result.
  • Retention: seven (7) days.
  • Revocation:Outpost Connections page, or HubSpot → Settings → Integrations → Connected Apps.

Stripe

  • When requested: only when you build or run a Scout that reports on your Stripe account activity.
  • Scopes requested: read_only.
  • Data accessed: charges, customers, and related read-only objects in your Stripe account.
  • How it’s used: fetched at run time and passed to an AI model selected and managed by Outpost to produce the Scout result. Outpost cannot create charges or modify Stripe data through this connection.
  • Retention: seven (7) days.
  • Revocation:Outpost Connections page, or Stripe → Settings → Authorized applications.

Notion

  • When requested: only when you build or run a Scout that reads or writes Notion pages or databases.
  • Scopes requested:Notion does not use OAuth scopes. Access is controlled by the Notion integration configuration — you choose which pages and databases the Outpost integration can see when you install it.
  • Data accessed: the pages and databases you explicitly share with the Outpost integration.
  • How it’s used: fetched at run time and passed to an AI model selected and managed by Outpost to produce the Scout result.
  • Retention: seven (7) days.
  • Revocation:Outpost Connections page, or Notion → Settings → Connections.

Discord

  • Authorization model: Outpost provides a shared Discord bot. You invite the bot to your Discord server. No personal OAuth grant is required; the bot only sees the channels it has been invited to.
  • Data accessed: channel lists, recent messages, and server membership for the servers the bot has been invited to; the ability to post messages the Scout is configured to send.
  • How it’s used: fetched at run time and passed to an AI model selected and managed by Outpost to produce the Scout result; summaries or updates may be posted to channels you specify.
  • Retention: seven (7) days.
  • Revocation: remove the Outpost bot from your Discord server.

Platform tools (no connection required)

Some Scout tools are operated by Outpost directly and do not require you to connect a third-party account. They use Outpost-managed API keys.

  • Web Search— public web search for current information.
  • Web Fetch— retrieves the content of a specific public URL or PDF.
  • Code Execution— runs code in a sandboxed environment for calculations and data processing.
  • X Search— searches posts on X.
  • Weather— current and forecasted weather data.
  • HTTP Request— calls a public HTTP endpoint you specify.
  • Scout State— persistent per-Scout storage for memory across runs, operated in our US-based infrastructure.

When a Scout uses these tools, the queries and responses are part of that Scout’s run data and are subject to the standard seven-day retention policy.

Adding new integrations

We update this page whenever we add a new connector or change the scopes requested by an existing one. Material changes are also reflected in the Privacy Policy changelog.

Questions

Questions about any integration or the data it accesses can be sent to hello@getoutpost.io.