Skip to main content

Tool Permissions Overview

Every tool in ZeroTwo requires specific permissions to function. Understanding these permissions helps you make informed decisions about which tools to enable and what data they can access.
ZeroTwo follows the principle of least privilege - tools only receive the minimum permissions needed to function.

Permission Types

Different permission categories control what tools can access.
What tools can see in your chatsPermission levels:None:
  • Tool cannot access conversation history
  • Operates independently
  • Example: Image generation (doesn’t need chat context)
Current Message Only:
  • Access to the message that invoked the tool
  • No historical context
  • Example: Web search (only needs current query)
Recent Context:
  • Last 5-10 messages for context
  • Enough for understanding current topic
  • Example: Code interpreter (needs recent code snippets)
Full Conversation:
  • Access to entire conversation history
  • Required for context-aware tools
  • Example: Memory system (needs full context to store properly)
You can see what level each tool requires in Settings > Tools > [Tool Name] > Permissions.

Granting Permissions

How to approve tool access.

First-Time Tool Use

1

Enable tool

When you first enable a tool or integration
2

Permission dialog

ZeroTwo shows what the tool will access:Example for Gmail tool:
Gmail Integration requests permission to:
✓ Read your email messages
✓ Search your inbox
✓ Send emails on your behalf
✓ Create and modify drafts

This tool will NOT be able to:
✗ Delete emails
✗ Access other Google services
✗ Change account settings
3

Review carefully

  • Read what data will be accessed
  • Check what actions are possible
  • Note what is explicitly blocked
  • Review privacy policy link
4

Approve or deny

Approve: Tool gets requested permissionsDeny: Tool cannot be usedCustomize (Pro/Enterprise): Select specific permissions
You can always revoke permissions later in Settings.
5

OAuth flow (if needed)

For third-party integrations:
  1. Redirected to service (e.g., Google)
  2. Sign in if needed
  3. Approve ZeroTwo access
  4. Redirected back
  5. Tool is connected

Permission Prompts During Use

Some tools ask for additional permissions when needed: Example: Canvas wants to export to Google Drive 
Canvas requests permission to:
✓ Create files in your Google Drive
✓ Access "ZeroTwo Exports" folder

Allow once | Allow always | Deny
Your options:
  • Allow once: Just for this action
  • Allow always: Remember choice
  • Deny: Cancel the action

Managing Tool Permissions

Review and modify permissions anytime.

Viewing Active Permissions

1

Open settings

Settings > Tools & Integrations > Permissions
2

View by tool

See all tools and their current permissions:Example list:
📧 Gmail
  ✓ Read emails
  ✓ Send emails
  ✓ Manage drafts
  Last used: 2 hours ago
  [Manage] [Revoke All]

💻 Code Interpreter
  ✓ Read uploaded files
  ✓ Execute Python code
  ✓ Create result files
  Last used: 5 minutes ago
  [Manage] [Revoke All]

🔍 Web Search
  ✓ Access conversation context
  ✓ Make web requests
  Last used: 1 day ago
  [Manage] [Revoke All]
3

Click Manage

View detailed permissions for any tool

Modifying Permissions

1

Select tool

Click Manage next to the tool
2

Toggle permissions

Enable/disable specific permissions:Gmail example:
  • ✅ Read emails (required)
  • ✅ Search inbox (required)
  • ☑️ Send emails (optional - toggle off)
  • ☑️ Create drafts (optional - toggle off)
Disabling required permissions will prevent the tool from working properly.
3

Save changes

Click Save to applyTool will use new permission set immediately

Revoking Access

Complete revocation:
1

Open tool settings

Settings > Tools > [Tool Name]
2

Click Revoke Access

Click Revoke All Permissions or Disconnect
3

Confirm

Confirm you want to revoke accessWhat happens:
  • All permissions removed
  • OAuth tokens revoked (if applicable)
  • Tool disabled
  • Integration disconnected
  • No more data access
4

Re-enable anytime

You can re-connect and grant permissions again later

Data Privacy

How ZeroTwo protects your data when using tools.

Data Storage

ZeroTwo data storage:Conversation data:
  • Encrypted at rest (AES-256)
  • Stored in secure databases
  • Regional data centers
  • Regular backups
File uploads:
  • Encrypted in transit and at rest
  • Secure object storage
  • Access-controlled
  • Retention policies applied
Integration credentials:
  • OAuth tokens encrypted
  • API keys in secure vault
  • Never logged or exposed
  • Automatic rotation (when supported)
Data residency options available on Enterprise plans.
How long data is kept:Conversation history:
  • Kept until you delete
  • Auto-deletion after inactivity (configurable)
  • Deleted on account closure
Files:
  • Kept until you delete
  • Project-based retention policies
  • 30-day recovery after deletion
Logs:
  • Activity logs: 90 days
  • Security logs: 1 year
  • Audit logs: 7 years (Enterprise)
Tool data:
  • Cleared when tool disconnected
  • Cache expires automatically
  • No persistent storage by tools
Who can see your data:Never shared:
  • Personal conversations (unless you share)
  • Private project data
  • API credentials
  • Payment information
Shared with AI providers:
  • Message content (to generate responses)
  • Tool call results
  • NOT stored for training by default
  • Opt-out available for all providers
Shared with integrations:
  • Only data you explicitly grant access to
  • Controlled by OAuth scopes
  • Revocable anytime
  • Logged for audit
ZeroTwo never sells your data or uses it for advertising.

Privacy Controls

Settings you can control:
Control AI provider data usage:Settings > Privacy > AI Provider DataOptions:
  • Zero data retention: Providers delete data after response (default)
  • ☑️ Allow training: Let providers use for model training (opt-in)
  • ☑️ Allow improvement: Anonymous usage for improvements
Per-provider settings:
  • OpenAI: Zero retention available
  • Anthropic: Zero retention by default
  • Google: Zero retention available
  • Others: Check provider policies
Free plans may require allowing some data usage. Paid plans offer zero retention.

Security Best Practices

Monthly security check:
  • Review all connected tools
  • Revoke unused integrations
  • Check permission changes
  • Verify OAuth tokens haven’t expired
  • Review activity logs
  • Update security settings
Set calendar reminder for monthly reviews.
Minimize access:Do:
  • Grant only required permissions
  • Use read-only when possible
  • Revoke when not needed
  • Segment data by project
  • Use separate accounts for sensitive work
Don’t:
  • Grant “allow all” permissions
  • Keep unused tools connected
  • Share credentials
  • Mix personal and work accounts
Handle confidential data carefully:For sensitive projects:
  1. Mark project as confidential
  2. Disable non-essential tools
  3. Enable stricter access controls
  4. Turn on audit logging
  5. Require explicit consent for tools
For regulated industries:
  • Use compliance templates
  • Enable enhanced encryption
  • Implement data retention policies
  • Regular compliance audits
  • Business Associate Agreements (if needed)
Never share passwords, API keys, or payment information in conversations.
Secure your account:Settings > Security > Two-Factor AuthenticationBenefits:
  • Prevents unauthorized access
  • Protects tool permissions
  • Secures OAuth connections
  • Required for compliance
Methods:
  • Authenticator app (recommended)
  • SMS (less secure)
  • Hardware key (most secure)
  • Backup codes
Watch for unusual behavior:Activity monitoring:
  • Unexpected API calls
  • Large data downloads
  • Failed auth attempts
  • Permission escalations
Set up alerts: Settings > Security > Alerts
  • Email on suspicious activity
  • Slack notifications
  • Daily summary reports
Review logs: Settings > Security > Activity Logs

Compliance & Regulations

Tool privacy in regulated environments.
European data protection:User rights:
  • Right to access: Export all tool data
  • Right to erasure: Delete all data
  • Right to portability: Download data
  • Right to object: Opt out of processing
Tool compliance:
  • Data processing agreements (DPAs)
  • Consent management
  • Purpose limitation
  • Data minimization
Enable GDPR mode: Settings > Compliance > GDPR

Tool Security Features

Built-in security mechanisms.

Sandboxing

Isolated execution: Code Interpreter:
  • Runs in E2B sandbox
  • No network access by default
  • Limited file system
  • Resource limits (CPU, memory, time)
  • Automatic cleanup
Custom Extensions:
  • Isolated processes
  • Limited permissions
  • Network restrictions
  • API rate limiting

Data Encryption

Always encrypted:
  • In transit: TLS 1.3
  • At rest: AES-256
  • OAuth tokens: Secure vault
  • API keys: Hardware-encrypted
Key management:
  • Automatic rotation
  • Separate per organization
  • Hardware security modules (Enterprise)

Audit Logging

What’s logged:
  • Tool activation/deactivation
  • Permission grants/revokes
  • API calls made
  • Data accessed
  • Errors and failures
  • Configuration changes
Log retention: 90 days to 7 years (configurable) Access logs: Settings > Security > Audit Logs

Troubleshooting

Why this happens:
  • Tool updated with new features
  • More permissions needed for full functionality
  • Previous permissions revoked
What to do:
  1. Review what permissions are requested
  2. Check tool changelog for updates
  3. Contact support if suspicious
  4. Deny if uncomfortable
  5. Use alternative tool if needed
Possible issues:
  • Some permissions are required
  • OAuth session hasn’t expired
  • Cache needs clearing
Solutions:
  • Disconnect integration completely
  • Revoke from provider’s side (Google, GitHub, etc.)
  • Clear browser cache
  • Contact support if stuck
If you’re worried:
  1. Review tool documentation: Privacy policy, data handling
  2. Check permissions: What it actually accesses
  3. Read reviews: Other users’ experiences
  4. Test in isolation: Use in test project first
  5. Contact support: Ask specific questions
  6. Don’t use: If still uncomfortable
Red flags:
  • Requesting excessive permissions
  • No privacy policy
  • Poor reviews about privacy
  • Unclear data handling

Next Steps

Custom Extensions

Build and add custom tools

Data & Compliance

Learn about data protection

Security Settings

Configure security options

Integrations

Explore integration options
Understanding tool permissions helps you use ZeroTwo safely and confidently while protecting your data!