Provenance · Sign in with Google

What signing in actually exposed — in honest tiers

Tier 0

What your login actually handed us

Returned by the basic profile + email scopes the instant you tapped “Allow.” This is the whole of what a plain Google login gives.
how: OAuth scopes: openid · email · profile
Email (verified) liam.foster@gauntletai.com — email scope returns the verified address. REAL
Email domain gauntletai.com — parse — REAL, fetched live REAL
Account type corporate domain — domain classify — REAL, fetched live REAL
Public profile (Gravatar) — — on sign-in
Profile name & photo (filled by a real Google sign-in) — profile scope returns name + photo. on sign-in
Google account ID (sub) (filled by a real Google sign-in) — the stable OpenID subject — your permanent key here. on sign-in
Tier 1

One more checkbox

Each of these is a separate scope on the SAME consent screen. Most people tap through without reading — and hand over far more than their profile.
how: Additional OAuth scopes (calendar.readonly, contacts.readonly, gmail.metadata, …)
Calendar ‘OB checkup Thu 2pm’, ‘daycare tour Sat’ — calendar.readonly — your events, titles included. ●●●●●
Contacts 1,840 contacts: partner ‘Jordan’, mom, an OB-GYN — contacts.readonly — your whole address book, with labels. ●●●●
Gmail metadata receipts from Pampers, BuyBuyBaby, a fertility clinic — gmail.metadata — senders + subjects reveal purchases without reading bodies. ●●●●●
Drive file list ‘Q3_budget.xlsx’, ‘offer_letter.pdf’, ‘custody_notes.docx’ — drive.metadata.readonly — file names, no contents needed. ●●●●●
YouTube history ‘newborn sleep’, ‘career switch at 34’ — youtube.readonly — watch + search history as interests. ●●●●
Fitness avg 6,200 steps, resting HR 64 — fitness.activity.read — steps, heart rate, workouts. ●●●●
Tier 2

Google has it — but won't give it to an app

Google collects and monetizes these, but exposes NO API that returns them to a third party. We can’t get them from your login — only infer or buy them.
how: No OAuth scope exists. (Maps Timeline API was shut down; ad/search profiles are internal.)
Ad-interest profile ‘new parents’, ‘career change’, ‘home improvement’ — Google’s ‘My Ad Center’ shows it to YOU; there is no API to hand it to an app. ●●●●
Search history (what you’ve Googled) — Stored in your account, shown to you — never exposed to a third party via OAuth. ●●●●●
Location timeline home, work, 2 hospital visits this month — Maps Timeline. The API that returned this was SHUT DOWN; it’s on-device only now. ●●●●●
Age / birthdate (Google may have it) — Only via the restricted ‘birthday’ scope, IF you set it visible AND the app is verified. Otherwise it is inferred or bought — see below. ●●●
Modeled demographics (Google’s internal ad model) — Google models age/income/household for ad targeting — internal, never handed out. ●●●●
Your login returned 6 fields. The 12 most personal facts are NOT from Google — they're inferred or bought from a data broker, keyed to the email your login just verified. That's the real value of the login: the verified key, not the data. ↓
Tier 3

Bought / inferred — the real “ultra-personalized” tier

This is where “we know everything” actually comes from: a data-broker append matched to the email your Google login just verified. Not your Google data — purchased.
how: Broker append (Acxiom / Experian / Epsilon), keyed on your verified email
Age 34 — Broker append on the email — not from Google. ●●●
Household income modeled $115–135K — Experian/Acxiom income model. ●●●●
Home & net worth owns a ~$540K home · net worth $250–500K — Property records + wealth model. ●●●●
Life events ‘new parent (0–6mo)’, ‘recently separated’ — Epsilon life-event triggers — the most sensitive, most traded. ●●●●●
Vehicle 2021 Subaru Outback — Polk / Oracle auto registration data. ●●●
Political & health audiences likely-Democrat donor · ‘new parent’, ‘allergy’ audiences — Voter file + health-adjacent ad audiences — protected/sensitive. ●●●●●
Cross-device & offline this phone + work laptop + home iPad · Target loyalty: diapers weekly — Identity graph (LiveRamp) + resold retail loyalty data. ●●●●●
No real broker/person data came back for this email. Connect People Data Labs (set PDL_API_KEY) to fetch real name/title/company/LinkedIn.

…and your personalized website — loaded from our database on sign-in