Skip to main content

Outlook Integration: Technical Details and Data Security

Learn how Demodesk integrates with Outlook, what permissions are required, how data is handled, and common concerns clarified.

Raj Kumar Lohana avatar
Written by Raj Kumar Lohana
Updated today

What is Demodesk?

Demodesk is a meeting automation platform for sales and customer success teams.

With our Scheduling product, users can:

  • Share personalized booking links (e.g. https://demodesk.com/book/max-muth/talk)

  • Let guests book time slots

  • Automatically send calendar invites, confirmation emails, reminders, and follow-ups

All of this is done securely using integrated tools like Outlook.

Outlook Integration & Authorization

Demodesk connects to your Outlook account using a Microsoft-supported OAuth 2.0 app.

This is a user-level integration. Demodesk does not request tenant-wide access and cannot access data from accounts that haven’t explicitly connected Outlook to Demodesk.

Permissions Requested

We use delegated Microsoft Graph API scopes, meaning Demodesk acts on behalf of the logged-in user. Here's a breakdown of the scopes:

OpenID Scopes

  • email

  • offline_access (used to refresh tokens without repeated login)

  • openid

  • profile

Microsoft Graph API Scopes

  • Calendars.ReadWrite: To view and create calendar events

  • Mail.Send: To send emails (confirmations, reminders, etc.)

  • OnlineMeetings.ReadWrite: To create Microsoft Teams meetings

  • OnlineMeetingArtifact.Read.All: To access meeting artifacts (e.g., recordings)

  • Contacts.Read: To improve scheduling features (optional)

  • User.Read: To identify the user

We request only the permissions necessary to provide scheduling functionality and avoid any read-access to emails.

Duration of Access

Access can be revoked at any time:

  • From your Demodesk account (Connections settings)

  • Directly from your Microsoft/Outlook account

Access ends immediately and irreversibly upon disconnection.

Data Storage and Persistence

Calendar Events

Demodesk only persists events in these cases:

  • The event was created through Demodesk scheduling

  • The event is recorded with Demodesk Notetaker

All other events:

  • Are not stored in Demodesk systems

  • May be temporarily cached in memory for up to 24 hours, but only include:

    • Start and end time

    • Availability status (e.g., "Busy")

This caching helps us quickly check calendar availability without persisting full details. For audit purposes, Admins can view integration logs. Admin permissions are configurable at the customer level.

Email Data

Demodesk does not store any emails sent on your behalf. Emails are triggered via API and sent through your Microsoft account with no content stored in our systems.

Microsoft Teams Data

If you're using the Demodesk Notetaker for Microsoft Teams meetings, we store:

  • The meeting recording (video file)

  • AI-generated summary

  • Meeting transcript

The retention period for these artifacts can be controlled in your Demodesk settings.

How We Process Outlook Data

Demodesk uses Outlook calendar data in the following ways:

  • Display available time slots in booking pages

  • Check internal team availability for group scheduling

  • Let users view their Outlook calendar inside Demodesk for easier meeting setup

Additional Notes:

  • Only the user’s default calendar is accessed

  • Meeting titles are shown for events visible in Outlook, but no guest lists or descriptions are displayed or stored unless:

    • The event was created by Demodesk

    • The functionality (e.g., handover classification) specifically requires it

Special Functionality: Handover & Classification

In handover scenarios, Demodesk checks if a colleague is available based on:

  • Event organizer

  • Guest list

  • Busy status

This data is processed in real-time and never stored. The behavior mirrors how Outlook handles shared calendars: only what the user is permitted to see is accessible.

Security & Privacy Concerns: Addressed

We’ve heard a few common concerns. Here’s how Demodesk addresses them:

“Demodesk has too many permissions and sees all user calendars”

❌ Not true. Demodesk only accesses calendars of users who’ve explicitly connected Outlook to Demodesk.


✅ We only access the default calendar and process minimal data required for scheduling.

“Demodesk stores calendar titles and guest lists”

❌ Not for external events.


✅ Only Demodesk-created events are persisted. For others, only start/end times of “Busy” events are cached (24h).

“Other tools like Calendly offer better security”

🔍 Calendly’s Outlook Add-In has similar permissions and access levels.


🛡️ Demodesk uses OAuth with delegated permissions and minimizes data use wherever possible.

Disclaimer

This document was created to the best of our knowledge and has been reviewed internally several times. The status of the statements is August 2023.

Contact Us

For questions, please contact:

Related Articles
How to integrate Salesforce with Demodesk
Get started with Demodesk Scheduling: Users
API Reference
Everything about the Demodesk Notetaker
Zoom Notetaker integration
Did this answer your question?