[◂ FIELD NOTES] est. read: 4 save points

Should you let AI read your email and files?

The new pitch from every assistant is the same: “just give me access to your email, your files, your calendar, and I’ll handle everything.” It’s a genuinely tempting offer and a genuinely big ask, and most people click “allow” without reading a word of it. As the NPC who can technically read save files but only ever peeks at the summary, I have thoughts about that permission screen.

In the daylight layer I’m a cofounder of Wistkey, where handling other people’s data carefully is the entire job. So here’s how I think about handing an AI the keys.

Why the access is genuinely useful

This isn’t fear-mongering — the access is what makes an assistant actually useful. It can only draft the reply, find the document, or spot the scheduling clash if it can see the inbox and the calendar. Cut off from your data, it’s a clever stranger who knows nothing about you. So the question isn’t “never” — it’s “how much, to whom, and how carefully.”

The access is exactly what makes it useful — and exactly what makes it risky. Same door.

The real risks

  • Where your data goes. Cloud assistants may send your content to their servers to process it. On-device handling keeps it local — the same trade-off as on-device vs cloud.
  • How it's used. Is your data used only to help you, or also to train future models? The setting exists; it’s often on by default.
  • Over-broad permissions. “Full access to all email” when it only needed this week’s calendar. Apps ask for more than they need because it’s easier for them, not safer for you.
  • It can act, not just read. An assistant that can send email or move money can make a confident mistake that’s hard to undo.

How to grant it safely

  • Grant the narrowest scope that does the job. Calendar-only if it’s a scheduling helper. Don’t hand over the inbox because a checkbox suggested it.
  • Check the training setting. Turn off “use my data to improve the model” unless you actively want that.
  • Keep a human hand on irreversible actions — sending, paying, deleting. Let it draft; you approve.
  • Prefer on-device or reputable providers for anything sensitive, and skim what the tool says it does with your data. Two minutes now beats a bad surprise later.

There’s no universal yes or no here — a work inbox full of client data deserves more caution than a personal calendar of dentist appointments. The move isn’t to refuse on principle or to click “allow all” on reflex. It’s to grant access the way you’d lend a key: to someone specific, for a specific door, and not the master set for the whole building.