Should You Allow CRED Access to Gmail? Risks, Rewards, and Revocation Guide

In today’s digital era, apps like CRED have become popular for offering financial rewards and tools to manage credit card bills. However, many users don’t realize the extent of the data these apps can access. When you connect an app like CRED to your Gmail, it may gain permissions to read your emails, including sensitive personal and financial information such as bank statements, OTPs, and transaction details. If you’re feeling uneasy about this, it’s wise to revoke these permissions. Here’s a comprehensive guide to help you do just that.

Understanding the Risks of Email Access

When you grant apps access to your Gmail, they can:

1. Read Personal and Financial Data: Apps with email access can scan your inbox for bank statements, credit card usage, and other sensitive information.

2. Profile Your Behavior: Apps like CRED may use your data to create a financial profile, which can be used for targeted marketing or other services.

3. Expose You to Data Breaches: Even if the app is secure, data stored with third-party services may be at risk in case of a cyberattack.

4. Retain Data Even After Revocation: Unless explicitly deleted, the data accessed while permissions were active may remain with the company.

If you no longer feel comfortable with CRED’s access to your Gmail, follow the steps below to revoke permissions.

Are CRED Financial Rewards Meaningful?

CRED offers a variety of financial rewards for timely credit card bill payments. Users can earn “CRED Coins” by paying their bills through the app, which can then be redeemed for exclusive deals, discounts, and rewards from partnered brands. While these rewards can be enticing, their true value depends on how relevant they are to your spending habits and preferences. For example, if you frequently shop at brands partnered with CRED, the rewards can be significant. However, if the rewards don’t align with your lifestyle, their perceived value may diminish. Additionally, some users have reported that redeeming rewards isn’t always seamless, as deals often come with specific conditions or limited availability.

Ultimately, the meaningfulness of CRED’s rewards will vary from person to person. It’s worth exploring the rewards catalog to determine whether the benefits justify the app’s access to your personal data.

Step-by-Step Guide to Revoke Permissions for CRED on Gmail

1. Log in to Your Google Account

• Open a web browser and visit Google Account Settings.

• Log in using the Gmail account linked to CRED.

2. Navigate to Security Settings

• On the left-hand menu, click on Security.

• Scroll down to the section titled Third-party apps with account access.

3. Manage Third-Party Access

• Click on Manage third-party access to see a list of apps and services with access to your Google account.

4. Locate CRED in the List

• Review the list to find CRED.

• Under the app name, it will display the permissions it has, such as Read, Compose, Send, and Permanently Delete Your Email.

5. Revoke CRED’s Access

• Click on CRED to expand its details.

• Click the Remove Access button.

6. Confirm Revocation

• A confirmation prompt will appear. Confirm your choice to revoke CRED’s access.

What Happens After Revocation?

Once you remove access:

1. Immediate Stop to Access: CRED will no longer be able to read or analyze your Gmail data.

2. Data Previously Accessed: Revoking permissions does not automatically delete the data CRED has already collected. For example, CRED may still retain your financial and transactional data unless you explicitly request its deletion.

Cred shares every details about you with 3rd parties including your phone number, address and financial details. Every company shares the data but this more than that and is extremely dangerous🚨#cred #personal #creditcard #credapp #Analytics pic.twitter.com/r7qjjqadbI

— Sriram (@sriram_v_r) February 17, 2024

How to Ensure Your Data is Deleted

To protect your privacy further, you can ask CRED to delete any data they’ve accessed while permissions were active. Here’s how:

1. Contact CRED Support

• Use the CRED app’s support section or email their support team to request data deletion.

• Mention that you have revoked Gmail access and request the deletion of all previously collected data.

2. Grievance Redressal

• CRED, like all companies operating in India, is required to appoint a Grievance Officer under Indian data protection laws. If your initial request is not addressed, escalate the matter to the Grievance Officer.

3. Monitor Your Inbox

• Keep an eye on your email for confirmation of data deletion. Retain records of your request for future reference.

Why It’s Important to Revoke Unnecessary Permissions

Revoking permissions isn’t just about privacy; it’s about controlling how your data is used. Companies like CRED may have robust security measures, but the less access third-party apps have to your data, the lower your risk of exposure.

Proactive Steps to Protect Your Privacy

1. Review App Permissions Regularly: Periodically review third-party apps connected to your Google account to ensure you’re comfortable with their access.

2. Enable Two-Factor Authentication (2FA): For added security, enable 2FA for your Google account. This ensures that even if your credentials are compromised, unauthorized access can be prevented.

3. Use Separate Email Accounts: Consider creating a separate email account for signing up for apps and services. This isolates your primary email from potential misuse.

4. Stay Informed About Privacy Policies: Always read the privacy policies of apps you use to understand how they handle your data.

Legal Safeguards in India

India’s Digital Personal Data Protection Act (DPDP), 2023 offers some protection against misuse of data. Key provisions include:

• Right to Consent: Companies must obtain clear and explicit consent before collecting and processing data.

• Data Minimization: Apps can only collect data necessary for the purpose specified.

• Right to Erasure: You have the right to request deletion of your personal data.

• Grievance Mechanism: If a company violates these laws, you can escalate the matter to India’s Data Protection Authority (DPA).

Conclusion

Granting apps like CRED access to your Gmail can make managing your finances more convenient, but it also exposes you to privacy risks. If you’re not comfortable with this level of access, revoking permissions is a straightforward process that can give you peace of mind. By following the steps outlined above and taking proactive measures, you can better protect your personal and financial information.