When CTD accesses company email via domain-wide delegation, you choose exactly how much access to grant. There are four scopes, each offering a different balance of capability and privacy.
The four access scopes
1. Metadata only
CTD reads: From, To, CC, BCC, Date, and Subject line.
CTD does not read email bodies, and cannot send emails.
Best for: Organizations with strict data privacy requirements. CTD can still build relationship graphs, score connections, and surface warm intro paths — the core value — from metadata alone.
2. Metadata + Send
CTD reads: all email metadata. CTD can also send emails on behalf of users — required for ghost emails.
Best for: Teams that want warm path intelligence and the ability to send ghost emails, without granting full email read access.
3. Read-only
CTD reads: all email metadata plus email bodies. This unlocks signature processing — CTD automatically extracts contact details from email signatures: phone numbers, Calendly links, job titles, and other contact info that people include in their signatures. CTD cannot send emails on this scope.
Best for: Teams who want to use CTD as a contact intelligence layer — viewing full email history with a contact during account research or meeting prep — but don't need ghost email.
4. Read-only + Send
CTD reads: full email read access including signature processing — phone numbers, Calendly links, job titles, and other contact details extracted automatically from email signatures. CTD can also send emails on behalf of users.
Best for: Enterprise rollouts that want the most complete experience — rich contact intelligence inside CTD, plus ghost email capability for the whole team.
Why Send permission matters: ghost emails
Ghost emails are one of CTD's most powerful features. You write an introduction request; CTD routes it to your connector for review; your connector decides to send it or decline it — from their own email address, as if they wrote it themselves.
See Ghost emails for the full walkthrough.