Frequently Asked Questions

XtractBot ingests email messages, extracts document data from attachments, and routes output to review workflows and connected finance systems. For the Gmail ingestion model used by XtractBot, see Gmail push notifications.

Gmail ingestion is currently supported. Microsoft connectivity is supported for sign-in, and mailbox ingestion rollout can vary by deployment. Related Microsoft identity docs: OAuth 2.0 auth code flow.

Xero integration is supported for accounting sync workflows. See Xero docs: OAuth 2.0 overview and Accounting API overview.

XtractBot calls Gmail `users.watch`, receives notifications through Pub/Sub, and then fetches message history and message details for processing. See users.watch and users.history.list.

Gmail watch subscriptions expire and must be refreshed periodically. XtractBot re-establishes watches to keep ingestion active. See Gmail push lifecycle docs: Watch expiration and renewal.

Use the Watch Settings offcanvas in XtractBot and run "Verify via Gmail API" to resolve current labels. Gmail label metadata docs: users.labels.list.

Standard OIDC scopes are used for SSO (`openid`, `email`, `profile`). See Google OpenID Connect.

Gmail mailbox access typically uses read-only Gmail scope plus user email scope. See Gmail API scopes.

Disable the connection in XtractBot, then revoke the app in the provider account: Google permissions and Microsoft consent management.

Yes, XtractBot immediately suspends ingestion for that connection. You should also confirm provider-side revocation in your OAuth app permissions to ensure end-to-end discontinuation.

Yes. XtractBot supports multi-tenant access and tenant switching. Data isolation should still be validated with your internal access policy and role model.

XtractBot uses tenant-level controls and database access policies to isolate data between organizations. Row-level policy concepts: Supabase/Postgres RLS.

Attachment binaries are stored in Cloudflare R2 when configured, with metadata retained for retrieval and deletion workflows. See Cloudflare R2 docs.

Mailbox events are processed asynchronously using queue consumers. See Cloudflare Queues docs.

Retention is governed by service policies and configurable settings where applicable. Deletion workflows are permanent and non-reversible once completed.

XtractBot’s policy is to use data only for delivering the service. If AI APIs are used in your deployment, review provider data handling terms directly, e.g. OpenAI API data controls.

XtractBot uses Stripe for billing flows including checkout, subscription status, and invoice visibility. See Stripe Billing overview.

Yes. Plan and billing controls are available through account/admin workflows depending on your role and tenant configuration.

Verify that the exact callback URL used by XtractBot is listed in your OAuth client configuration (scheme, host, and path must match exactly). Google guidance: Redirect URI validation.

Message IDs from history events can become unavailable (deletions/moves) by the time detailed fetch occurs. This is expected in some mailbox state transitions. Gmail history/message refs: history.list and messages.get.

Watch and ingestion filters are both required for strict behavior. If unexpected items appear, re-save watch settings, run Gmail API verification, and confirm provider-side app permissions and mailbox label behavior.

Runtime behavior depends on your Cloudflare worker/queue deployment and provider integrations. Platform references: Cloudflare Workers and Cloudflare Queues.