OAuth data access verification stuck "under review" for 8+ weeks — sensitive scope only (spreadsheets), no Trust & Safety contact

Hi Trust & Safety team,

Our OAuth app’s data access verification has been stuck in “under review” for over 8 weeks with zero communication from your team and no email thread to reply to. This is well beyond the stated 4–6 week review window. Requesting a manual status check / escalation.

App name: VirtuOps

Homepage: https://virtuops.io

Project number: (PII Removed by Staff)

Project ID: virtuops

OAuth client ID (last 6 chars): 5r7jjm

Submitted for verification: April 26, 2026

Branding: approved and shown to users

Data access: “under review” continuously since submission

Requested scopes:

…/auth/spreadsheets (sensitive)

…/auth/userinfo.email (non-sensitive)

…/auth/userinfo.profile (non-sensitive)

Verification type: sensitive scopes only — NO restricted scopes, so a CASA / third-party security assessment is not applicable.

A detailed justification and a demo video (showing the full OAuth consent flow and exactly how the spreadsheets scope is used) were provided in the Data Access form. Domain ownership is verified, the homepage and privacy policy are live on the authorized domain, and the privacy policy includes the Google API Services User Data Policy / Limited Use disclosure.

We have received no email from Trust & Safety at any of the project’s contact addresses — checked Inbox, Spam and Trash on all associated accounts. We would appreciate either a status update or guidance on any pending action on our side. Thank you.

It is common for Google OAuth verifications to experience delays beyond the 4–6 week window, particularly for sensitive scopes. Because the Trust & Safety team’s direct responses sometimes get lost in spam or fail delivery, manual intervention via community forums is an established path to escalation.

Since your post is already live on the Google Cloud Community Forums or Google Developer Forum, you can optimize your chances of a quick resolution by taking the following steps

Immediate Next Steps to Escalate:Share the Community Link: Respond to your own thread or post on the Google Cloud Developer Forums and mention that you are proactively providing your Project ID to prevent any communication bottlenecks.Double-Check Requirements: Ensure your Privacy Policy is live on an authorized domain, accurately reflects Google’s Limited Use Requirements, and is fully accessible to the public without a login.

Check Google Search Console: Sometimes UI elements get locked due to Search Console domain property issues. Ensure your domain is verified in Google Search Console with the same account that owns your Google Cloud Project.