Is Mergo Safe? Understanding Its Permissions

Google recently updated how app permissions are reviewed and accepted when connecting an app to your Google account. This change is designed to give users more transparency and control over what apps can access.

If you noticed new permission screens or prompts, this is expected. In this article, we explain what changed and, most importantly, why Mergo remains safe to use.

Why Mergo Requests Permissions

Mergo works directly with Gmail, Google Sheets & Google Docs. To function correctly, it must access specific parts of your Google account.

Google now requires users to manually choose which permissions they grant when connecting an app. This change does not mean apps are less secure. It means Google is raising the bar for transparency.

To function properly, Mergo requires all requested permissions to be granted.

We only request the bare minimum permissions which allows Mergo to perform the core features you enable. Mergo does not ask for unrestricted access to your entire Gmail, access to personal emails, or access to any data unrelated to its features. If a permission is not essential, we do not ask for it.

How Mergo Uses These Permissions

Here's an explanation of each permission needed:

View your email messages and settings.

This permission allows Mergo to:

  • read the draft you choose to use for mail merge,
  • retrieve necessary information such as subject lines, recipients, and content placeholders,
  • apply your Gmail settings correctly when sending emails
Run as a Gmail add-on.

This permission allows Mergo to:

  • integrate directly inside your Gmail interface,
  • let you launch and manage mail merges without leaving Gmail,
  • interact securely with your account in real time.
Manage your sensitive mail settings, including who can manage your mail.

Google requires explicit authorization for apps that send emails on your behalf. This access is used to:

  • send merge emails from your account,
  • ensure proper authentication and delivery.

Mergo does not modify your security settings or grant access to anyone else.
Manage drafts and send emails

When running a merge, Mergo:

  • create draft emails for preview and validation,
  • send personalized emails in batches,
  • manage scheduled sending when enabled.

No drafts are created and no emails are sent without your action.
Read, compose, and send emails from your Gmail account.

Mail merge requires generating individualized messages. This access allows Mergo to:

  • compose personalized emails for each recipient,
  • insert dynamic data into your templates,
  • send messages directly from your Gmail account.

Only emails related to your merge are handled.
See and download all your Google Drive files.

Google uses broad wording for Drive permissions. In practice, this is used to:

  • access the spreadsheets you select as data sources,
  • retrieve attachments you choose to include,
  • ensure proper formatting and file compatibility.

Files you do not select remain untouched.
See, edit, create, and delete only the specific Google Drive files you use with this app.

This access is limited to files you actively connect to Mergo. It is used to:

  • update tracking columns in your merge spreadsheet,
  • store configuration data related to your campaign,
  • adjust documents involved in the merge process.

Mergo cannot modify files outside of those you explicitly use with the app.
See, edit, download, and permanently delete your contacts.

If you choose Google Contacts as a recipient source, Mergo may:

  • retrieve contact details for personalization,
  • access selected contact lists for your merge.

Contacts are not edited or deleted unless you deliberately trigger such an action.
See, edit, create, and delete all your Google Docs documents.

When Google Docs are used as templates or attachments, this access allows Mergo to:

  • read the document you select as a template,
  • generate personalized copies when needed,
  • update content linked to your merge.

Other documents in your Drive are not affected.
See, edit, create, and delete all your Google Sheets spreadsheets.

Google Sheets is commonly used as a merge data source. This access allows Mergo to:

  • read recipient data and personalization fields,
  • generate individualized emails from spreadsheet rows,
  • update sending status and tracking information.

Only spreadsheets you connect to Mergo are accessed.
Connect to an external service.

Mergo only connects to Google services, including:

  • Firebase (for authentication),
  • Google App Engine.
Send email as you. 

This authorization is required for Mergo to send emails directly from your Gmail account. It is used to:

  • send personalized merge emails under your name and address,
  • ensure recipients see you as the sender,
  • respect your Gmail sending configuration.

Emails are only sent when you explicitly launch a merge. Mergo cannot send messages without your action.
Allow this application to run when you are not present.

Some mail merge actions continue after you close Gmail, especially when sending messages in batches or at a scheduled time. This permission allows Mergo to:

  • complete ongoing merges even if your browser is closed,
  • process scheduled or delayed sending,
  • update tracking information once emails are sent.

It only runs tasks that you have initiated and approved. Mergo does not perform background actions unrelated to your merge.
View your country, language, and timezone.

This permission is required by Google to:

  • adapt the Mergo user interface to your language,
  • display dates and times correctly based on your timezone.
Display and run third-party web content in prompts and sidebars inside Google applications.

Mergo runs inside Google apps using secure web technologies. This permission allows it to:

  • display its interface within Gmail and other Google tools,
  • load configuration panels, previews, and merge settings,
  • process your inputs in real time.

This access is limited to powering the add-on interface and does not expose your data to external websites.

Mergo Is Safe To Use

Your Data Is Never Sold or Shared

Your trust is essential to us. Mergo does not sell user data, share data with third parties, or use your information for advertising or profiling purposes.

All data accessed by Mergo is used solely to provide the service you activate and nothing more.

Secure Infrastructure Powered by Google Cloud

All data handled by Mergo is stored and processed using secure Google Cloud infrastructure. This ensures industry standard encryption, strong access controls, and compliance with Google’s security and privacy requirements.

Mergo successfully passed a CASA security audit. CASA, Cloud Application Security Assessment, is Google’s independent audit framework designed to verify that apps accessing Google user data follow strict security and privacy practices.

In addition, Mergo is fully compliant with the GDPR and applies strong data protection measures to ensure user data is handled securely and responsibly.

Being Recommended for Google Workspace means Mergo is trusted by Google to integrate safely with Gmail, Drive and Docs while respecting user privacy.

You Stay in Control

You remain in full control of your data at all times. You can review Mergo’s permissions directly from your Google Account, revoke access instantly, or remove the app entirely whenever you choose. Nothing is hidden, and nothing remains active without your consent.

If you would like to learn more, our Privacy Policy page explains in detail how we protect and handle your data.

For more details, you can also read the official article from Google.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.