Privacy Using eM Client

I would like to use eM Client to access my Gmail but I am concerned about the privacy of my Gmail account and email.

Does using eM Client expose ANYTHING from my Gmail account to ANYONE except Gmail?

Does using eM Client to access my Gmail give anyone at eM Client or anyone else access to my Gmail password or login credentials my Gmail emails or any part of those emails?

Do any of the Gmail emails pass through any other server at eM Client or anywhere else other than the normal path that they take using Gmail?

Gmail has access to my emails and login credentials and email messages of course. I do not want to allow anyone else to have access to them so this is a critical question for me before deciding to use eM Client.

Thank you for a precision answer.

“Precision answer”… might want to start with eM Client Sales/Support

Thanks for the help. Free version doesn’t offer that option.

This may be (partially) solved assuming it is current. I found this in their privacy policy updated June 28,2019.

Information You Never Give Us. eM Client is a desktop application and allows users
to set up accounts to online services such as G Suite, iCloud, Office365 and other
services. For its operation, it needs to cache some of this data on the local computer.
However, the Company never retrieves and has no access to this data. This
includes account data, passwords, e-mails, calendars, tasks, notes, contacts and chat
messages. The Company will never access this data for any purposes. All the
information we receive from you is listed in the previous paragraph.

However. It does not answer whether or not the data is stored on their server or other third party server. It only says the “Company” has no access and won’t access it. It doesn’t say that no third party has access.

If it is ever stored or passes through their server or a third party server that eM Client uses it can potentially be accessed. I would like a statement saying that it does not.

Hackers have “no access” to government servers, but they still manage to get the data. The only thing that can absolutely prevent it is if the data is never on their computers in the first place.

1 Like

Good luck… This VOLUNTEER avoids that which is above his pay grade…
Be a little innovative and you may be able to figure out what email address might help

The privacy policy seems to be very clear to me. However, if you use Gmail, I suppose that you are not too concerned about privacy anyway.

1 Like

Thanks, very helpful reply.

Em Client does not save your emails to their servers at all. That would be wasteful resources. It also uses secure standard OAuth2 to sign in to your Google account, and you can check account activity (e.g. if you thought em client was logging in remotely and spying on you. Which they are not; that would be a huge scandal). Your data’s safe-ish, though you should remember, email is unencrypted by default (unless you use custom encryption included in Em Client and Postbox, or just scramble the text of your emails); by default, Google can read your Gmail and use information gleaned for marketing purposes. If the US Govt. or an allied nation requests access to your Gmail emails, Google can potentially provide them, or police could copy the email files from your PC hard-drive.

That said, I believe Em Client does conduct telemetry on users (beta users may recall seeing “Do you wish to submit this telemetry data?” prompts). I don’t know what data they collect there, though I’d imagine it’s more like your computer specs, maybe buttons pressed, crash logs, etc. and they typically offer you the choice of sending it or not.

1 Like

Hi Ryan,
the automatic setup in eM Client uses Google’s oAuth authetication method - this method open a separate browser window, so you give your password only directly to the Google server which then creates an access token for the eM Client installed in your device.
So even eM Cient on your device never gets access to your password. This is the most secure login option Google accounts have.

Using this access token the data from your Gmail account is synchronized only to your eM Client in your device. Your actuall messages, events, contacts, etc. never go through nay of our servers, the connection is strictly from your device to the Gmail server.

1 Like

Honestly though Ryan0… If you don’t want your emails analysed and the data sold to the highest bidder and value the privacy of your emails then…

  1. You could conclude that you are using the wrong communication method for that data (unless it is PGP encrypted - or similar). I was always told that you should never put anyting in an email that you wouldn’t want everyone to see as it very “un-private”

  2. Gmail (Google) is not really your “go-to” provider for anyone who has any care for (or concerns over) their privacy. That is a well known fact and it widely discussed everywhere.

  3. Even if you manage to find a mail provider who fully repects your privacy then don’t assume that the people you are sending to have the same level of prvacy. Someone may well be able to read your email on their servers.

Them’s is the facts.
Paul

1 Like

Thank you to Darren7, Olivia_Rust and Paul23 for your useful replies.

Yes, I am aware that Google has full access to my emails. I know that they are not “private” and could be accessed for the purposes mentioned or for more nefarious purposes as well. I don’t like the fact that Google has access to them, but I have consciously made the choice to give up privacy to them for convenience as I think the vast majority of Internet users have. Frankly I think “complete” privacy on the Web is a myth. If it ever existed, I don’t think it exists anymore regardless of the measures taken.

Unfortunately, I occasionally have lawyers and CPAs who send me confidential information by ordinary email. You’d think they would know better but some don’t. I don’t want anyone to have access to that information, but the best I can do is try to limit access.

The purpose of my question was to determine if by using eM Client I would then be exposing my emails to further potential access by additional entities other than the ones I am already exposing it to using the Google client on the Web. The more entities that have access to it, the more the possibility of abuse. I don’t think that statement can be disputed.

Thank you for the input. It at least explains how things SHOULD be working.

One last comment. With all due respect to the developers of eM Client (and they do deserve much respect, it seems like an excellent client) there have been far bigger scandals in far bigger entities than the scandal of violating eM Client users’ email privacy would be. I am not suggesting at all that this is happening, or that anyone at eM Client would engage in such activity, only that the fact that such a breach would be a scandal is scant reason to feel reassured that it couldn’t happen.

In other words… just because you’re paranoid doesn’t mean they’re not out to get you. :wink:

1 Like

Hi Ryan0.

Where are you based? If you are in the EU (I can only speak for the EU as I don’t know the laws outside) then the lawyers (and any other business) are bound by the EU laws on GDPR. If they are a financial institution then they are further bound by the laws of that EU country’s financial regulator and if a lawyer they are most likely bound by the laws and rules of thier own professional bodies.

If they are sending personally identifying information by insecure means then they are very likely breaking one or several laws. If they are not making all necessary efforts to pretect your personal data then they are liable for a very (and I mean very very) large/unlimited fines. You should report them if they do this. In the UK this would be to the ICO (Information Comissioners Office). As a bare minimum they should be sending any personal information in a strongly encrypted document (AES 128bit minimum but preferably 256bit) with a complex password that is not shared by the same route that the document is delivered via (i.e. an SMS or Phone call to tell you the password would be sufficient) or using a commercially available secure messaging service like DocuSign. If they were not doing this then they deserve to be reported and fined and deserve to go out of business.

Just my 5 cents worth as they say.