When authorizing the Hubbl Diagnostics connected app during the org scanning process, you'll be prompted to grant four specific permissions: 

1. Access the identity URL service: Hubbl Diagnostics retrieves a limited set of user information for troubleshooting and the confirmation page scan flow.
2. Manage user data via Web browsers: This permission allows Hubbl Diagnostics to capture certain org information not accessible through APIs but visible in Setup pages.
3. Manage user data via APIs: Hubbl Diagnostics requires this permission to collect metadata, configuration details, usage limits, and aggregate record and field count information.‍
4. Perform requests at any time: This permission enables Hubbl Diagnostics to support scheduled and repeating scans. For one-time scans, access tokens are automatically deleted upon scan completion, ensuring that Hubbl cannot reconnect post-scan regardless of this permission.