Core Features
Email Integration
Automatically extract invoices, receipts, bills, and statements from your email inbox. Connect your Gmail, Outlook, or any IMAP email account and Sapoto will scan for PDF attachments from vendors you choose to track.
Gmail
Connect via Google OAuth 2.0. Sign in with your Google account and grant read-only access to your inbox.
Outlook
Connect via Microsoft OAuth 2.0. Sign in with your Microsoft account for Outlook, Hotmail, or Office 365 mailboxes.
IMAP
Connect any email provider that supports IMAP — Yahoo, iCloud, AOL, Fastmail, or your own mail server.
Supported Providers
Sapoto supports three connection methods, covering virtually every email provider:
Google Gmail
OAuth 2.0 authentication. Sign in with your Google account — no passwords stored. Supports Gmail labels for targeted scanning (e.g., only scan your “Receipts” label).
Microsoft Outlook
OAuth 2.0 via Microsoft Identity Platform (MSAL). Works with Outlook.com, Hotmail, and Office 365 mailboxes. Folder selection supported.
IMAP (Any Provider)
Connect Yahoo, iCloud, AOL, Fastmail, or any mail server that supports IMAP. Uses app-specific passwords — your primary password is never required. Credentials are encrypted and stored locally in your OS keychain.
How It Works
Email integration follows a three-step flow: connect, discover, sync.
Connect Your Email
Sign in with Google, Microsoft, or enter your IMAP server details. For Gmail and Outlook, this uses standard OAuth 2.0 — you authenticate directly with Google or Microsoft, and Sapoto receives a read-only access token. No username or password is ever sent to Sapoto.
OAuth tokens are stored encrypted on your local device. They are refreshed automatically when they expire. You can revoke access at any time from your Google or Microsoft account settings.
Discover & Approve Vendors
After connecting, use "Scan All Inboxes" to discover vendors that send you invoices. Sapoto searches your selected folders for emails with PDF attachments and groups them by sender domain. You choose which vendors to track — only approved vendors will be processed.
The scan is read-only and lightweight — it searches the most recent 200 emails with attachments per inbox. It checks email metadata (sender, subject) without downloading any files. No documents are processed and no billing credits are used during discovery.
Automatic Sync
Once vendors are approved, Sapoto automatically syncs on a daily schedule. It downloads PDF attachments from tracked vendors, extracts invoice metadata (vendor, amount, date, invoice ID), and saves documents to your local device.
Only emails from your tracked vendor domains are processed. Untracked senders are skipped entirely — no downloads, no credits used. Duplicate detection prevents the same document from being processed twice.
Vendor Whitelist
The vendor allowlist is the core of email integration. It gives you complete control over which emails get processed and ensures no unwanted documents consume your billing credits.
Inbox Scanning
Scan your inbox to discover vendors automatically. Sapoto finds emails with PDF attachments and groups them by sender domain. Select which vendors to track.
Manual Entry
Add vendors manually by entering a vendor name and email domain (e.g., “Stripe” + “stripe.com”). Sapoto will process any email from that domain.
Credit Protection
Only emails from tracked vendor domains are processed. This prevents random attachments from consuming your document credits.
Vendor Names
Rename vendors to whatever you prefer. The name you set becomes the definitive vendor label on all documents from that domain — no more inconsistent names from PDF extraction.
Security & Privacy
Email integration is designed with the same local-first, zero-knowledge principles as the rest of Sapoto. Your email credentials and documents never touch our servers.
No Credentials Stored
We never store your email username or password. Gmail and Outlook connections use OAuth 2.0 tokens that grant read-only access. IMAP credentials are encrypted in your OS keychain and never leave your device.
Read-Only Access
Sapoto only reads email metadata (sender, subject) and downloads PDF attachments. We cannot send, delete, or modify any emails in your inbox.
Local Processing
All document processing happens on your device. PDFs are downloaded directly from your email provider to your local disk — they are never routed through our servers.
Token Pass-Through
OAuth tokens from Google and Microsoft are used as a pass-through layer to authenticate API requests. Tokens are stored encrypted locally and refreshed automatically when they expire.
Frequently Asked Questions
Does Sapoto read all my emails?
No. Sapoto only searches for emails with PDF attachments in the folders you select. It reads the sender and subject line to identify invoice-like emails, but never reads email body content.
Can Sapoto send emails from my account?
No. The OAuth scopes we request are strictly read-only. Sapoto cannot send, delete, or modify any emails.
What happens if I revoke access?
You can revoke Sapoto's access at any time from your Google or Microsoft account settings. Sapoto will no longer be able to sync emails from that account. Documents already downloaded remain on your device.
Are my documents sent to the cloud?
No. Documents are downloaded directly from your email provider to your local device. The only cloud interaction is with our extraction API, which receives redacted text (with personal information removed) to identify the vendor, amount, and date.
How does the vendor allowlist work?
You control exactly which vendors Sapoto processes. Only emails from domains you've explicitly approved will be downloaded and counted against your document quota. This prevents processing unwanted attachments.
Can I connect multiple email accounts?
Yes. You can connect as many Gmail, Outlook, and IMAP accounts as you need. All accounts feed into the same vendor allowlist, and documents from all accounts appear in a single unified view.
© 2026 Sapoto. All rights reserved.