Here's a breakdown of the Google permissions we ask for—specifically, what we actually see and why. Beyond Basic Account Info (which is table stakes if you're building off Google apps), we ask your permission to access two things: Google Drive and Google services.
"View and manage Google Drive files and folders that you have opened or created with this app" and "Add itself to Google drive"
What it does: This inserts Coda into your Google drive setup. It means your Coda docs show up in your Drive list as if they were any other file. And you can also create a new Coda doc directly from Drive. This does not allow Coda to see any info about your other Google Drive files: only files and folders that you have opened or created with this app.
Why we do it: This lets you organize your Coda docs alongside Google docs and other file types, and keeps everything in one searchable place. It also means we're able to support searching for content in Coda from your Google Drive landing page.
"View users on your domain"
The other permission we ask for is to view users on your domain but we won't ask you for this permission until you go to share a document or invite someone to Coda. We do this so you can seamlessly share Coda docs if/when you choose to do so. To be super precise, it enables us to autocomplete your coworker's email address when inviting collaborators. Don't worry, we never pull random addresses. We can't see anybody's login password, we won't email your address book, or anything scary like that.
We think this is standard stuff. If it makes you more comfortable, by all means please look it up yourself. Here's an official Google Drive API Permissions link: https://developers.google.com/identity/protocols/googlescopes#drivev3