Claude Connectors Setup: Minimum Scope, No Privacy Leaks (2026)

Set up Claude's Gmail, Drive, and custom MCP connectors the safe way: narrow OAuth scope, monthly audits, and exactly where to revoke. Tested June 2026.

TL;DR

Claude’s Connectors Directory crossed 375+ integrations as of June 2026 (Gmail, Google Drive, Notion, Slack, GitHub, Jira, Salesforce, Stripe, and more), plus custom connectors you build over remote MCP. The trap is not setup difficulty — it is scope creep. Every connector you enable widens what Claude can read, search, and accidentally surface back to you. The fix is one connector, one job, narrowest OAuth scope, and a five-minute monthly revoke ritual. This guide covers what to enable, how narrow to scope it, how to test for permission leaks, and the two places you must revoke (Claude and the source tool).

Who this is for

Claude Free, Pro ($20/mo, or $17/mo annual — bundles Claude Code and Cowork), Max ($100 or $200/mo), Team, and Enterprise users who connected Google Drive once, saw it work, and now have eight connectors they cannot remember authorizing. Especially relevant if you share an account or your work email carries personal mail.

What connectors actually exist (June 2026)

There are two distinct kinds, and the privacy math differs:

Connector typePlansHow it connectsNotes
Google Workspace (Gmail, Calendar, Drive)All Claude + Claude Desktop usersDirect OAuth via the + menuMost-used; Gmail can read and draft but not send
Directory connectors (Notion, Slack, GitHub, Jira, Stripe, etc.)Varies by plan; Team/Enterprise need an Owner to enable firstOne-click OAuth375+ in the directory as of June 2026
Custom connectors (remote MCP)Free, Pro, Max, Team, Enterprise (beta)You paste a remote MCP server URLFree plan is capped at one custom connector

Source: Anthropic’s connectors overview.

Before you start

  • Decide what you are willing to send. Raw content pulled through a connector (including remote and local MCP) is not used to train Claude’s models, per Anthropic’s training policy. But anything you copy from a connector result back into the chat is eligible if your consumer training toggle is on.
  • Know your retention. On Free/Pro/Max with the training toggle on, chats are retained up to 5 years; turn it off and you revert to the 30-day standard. Team, Enterprise, and Claude for Work do not train on your data at all, and Enterprise can request Zero Data Retention.
  • List the external tools you touch weekly. Mark which are mostly work and which mix work with personal content.
  • Pick one connector and one use-case for your first install. Resist adding three at once.

Step by step: connect Google Drive (the safe path)

The Google Workspace connectors are the fastest to set up and the easiest to scope wrong, so they make the best worked example.

  1. In any chat, click the + button and choose Add from Google Drive (Gmail and Calendar appear the same way).
  2. Authenticate with the Google account that holds the least personal data. If your only Google account mixes work and personal mail, that mixing is now Claude’s problem too.
  3. On the Google consent screen, read what is requested. Gmail asks for read and draft access plus label management — Claude reads emails and creates drafts only with your explicit approval, and the send function is not enabled. Drive asks to search, read, and upload.
  4. Test with a benign query before trusting it: List the last 5 emails from a specific named coworker. Confirm it returns only what you expected. If results look broader than authorized, disconnect and reconnect with a tighter account.
  5. Save a default prompt template that names the tool explicitly so you reuse the same narrow path: Search my Drive for files about [topic] and summarize the 3 most recent.

Step by step: add a custom connector (remote MCP)

For a tool not in the directory, you connect your own remote MCP server:

  1. Go to Customize > Connectors (individual plans). On Team/Enterprise, an Owner does this in Organization settings > Connectors first, then members enable it.
  2. Click +, then Add custom connector.
  3. Paste the remote MCP server URL. If the server needs it, add the OAuth Client ID and Secret under Advanced settings.
  4. Click Add, then authenticate. The server must be reachable over the public internet from Anthropic’s IP ranges — a VPN-only or firewalled server will not connect.

Test for permission leaks

This is the step most people skip and later regret.

  1. Connect Drive scoped to the smallest account possible and put exactly 3 sample files in a folder named AI-shared.
  2. Ask: List the files Claude can see in my Drive and summarize the most recent one in 5 bullets.
  3. Confirm the response stays grounded in those files — quoting names, not inventing summaries. If Claude references anything outside what you intended, your account scope is too broad; disconnect and use a narrower Google account.
  4. On a shared workspace, have a teammate run the same prompt from their account. If they can surface your private files through Claude, the org-level scope is wrong — fix it in Organization settings > Connectors before anyone relies on it.

The monthly revoke ritual

Connectors decay in value but never in permission scope. Once a quarter someone discovers a connector they have not used since onboarding still holding a live OAuth grant.

  1. Open Customize > Connectors. Count what is connected.
  2. Click Disconnect on anything you have not used in 30 days.
  3. Revoke in the source tool too. Disconnecting in Claude alone can leave a grant lingering — for Google, also clear it at myaccount.google.com/connections. Two revokes, not one.
  4. Re-test the survivors with a benign prompt to confirm scope did not silently widen after an app update.

Weekly competitor research that pays for the connector: keep a Drive folder named competitors, then each Monday prompt Find files added to my competitors folder in the last week, summarize the key claims, and flag anything that contradicts our positioning. Save the summary to Notion via its connector. Disconnect before extended leave so Claude is not pulling fresh data while you are away.

FAQ

  • Which plans have connectors? Google Workspace connectors (Gmail, Calendar, Drive) work for all Claude and Claude Desktop users. Directory connectors and custom remote-MCP connectors span Free, Pro, Max, Team, and Enterprise, with Free capped at one custom connector. Custom connectors are in beta as of June 2026.
  • Is connector data used to train Claude? Raw content fetched through a connector (including MCP) is not used for training. But text you copy from a connector result into the chat is eligible if your training toggle is on (Free/Pro/Max). Team, Enterprise, and Work plans do not train on your data.
  • Can a connector send email or post on my behalf? Gmail can draft but not send. For write actions like posting to Slack, creating a Notion page, or sending a message, Claude requires your explicit confirmation each time — you preview and approve before anything executes.
  • My connector worked yesterday and now Claude says it has no access. A dropped OAuth grant or a tool disabled for your plan both surface as “I don’t have that tool.” See Claude tool unavailable.
  • How do I fully revoke a connector? Disconnect in Customize > Connectors and remove the grant in the source tool’s OAuth-apps page (myaccount.google.com/connections for Google). One without the other leaves a live grant.
  • Why is my connector slow? Every query hits the external API. Noisy inboxes and huge folders compound latency. If a query takes 10+ seconds, the scope is usually too broad — point the connector at a dedicated folder or label.

Common mistakes

  • Authorizing a Google account that mixes work and personal mail when a clean account would do — Claude does not distinguish the two.
  • Copying sensitive connector results into the chat while the training toggle is on, which makes that pasted text eligible for training.
  • Connecting a tool and never building a workflow around it, so every chat pays the latency tax for no benefit.
  • Acting on a connector summary without review. Always sanity-check before you send the draft or merge the PR.
  • Revoking only in Claude and forgetting the source tool’s OAuth page, leaving a dormant grant.
  • Approving the OAuth screen during a busy moment and never re-checking scope. Those screens are built for “approve and move on.”

Advanced tips

  • Name each connector by job — “Drive: competitor research,” “GitHub: weekly PR review” — so future-you remembers why it exists.
  • For Gmail, work from a specific label or sender so the connector never touches your whole inbox.
  • Keep one dedicated AI-shared folder in Drive or Notion as the connector surface. Move things in deliberately; nothing leaks by accident.
  • On Team/Enterprise, use the Owner-level toggle in Organization settings > Connectors as a kill switch — it disables a connector org-wide faster than chasing individual revokes.

Tags: #Claude #Tutorial #Workflow