13 Nov 2020

eM Client never sells your data

We take the protection of your data very seriously. Unlike the case of many other services, your data is completely safe with eM Client as we never provide it to any third-party – simply because, by definition, we cannot even access the data ourselves.

Let’s take a closer look at all the data eM Client does or doesn’t store about you.

Safety

Can we read you emails?

You often ask whether we can access your emails – don’t worry, eM Client is a desktop app and therefore stores the data only on your device (Windows or Mac) and communicates directly with the online services servers you access via eM Client (Gmail, Exchange, Outlook and any other IMAP, CalDAV, CardDAV or XMPP services).

The data you synchronize flows exclusively between your eM Client and a server and it’s always encrypted (as long as the server supports data encryption, or unless you explicitly switch off the encryption, of course).

We simply have no means of getting to your emails, even if we actually wanted to or had any time to do that.

Can we access your passwords?

Can we view your passwords? What about if you ask for a password renewal? Can we steal your passwords in any way?

Don’t worry – eM Client saves your passwords only locally and moreover in an encrypted form, which means we have no way of accessing them. Additionally, if you use your own password to protect the app on launch, not even people with direct access to your device can access your passwords via eM Client.

Can someone misuse my license data?

No, it’s just not possible. In order to verify your license and prevent its misuse we rely on:

  • a unique hardware key of your PC/Mac (consisting of a numeric combination of the BIOS identifiers, different device parts and occasionally the device’s name)
  • activation key
  • IP address
  • your email address

This data is only accessible on our Licensing server which is protected by a security certificate and the data as such is saved to the Microsoft Azure platform. The data is used strictly for license verification purposes and we never provide any of the data to third parties. Additionally, we can delete the data on your request at any time.

To sum it up:

  • We never read your emails or any other data
  • eM Client uses encrypted communication for all services (unless the user chooses otherwise)
  • We can do TLS 1.2 security policy (as well as TLS 1.3 in the future)
  • Account passwords are saved in a database encrypted by an AES cypher
  • The license verification process is encrypted and runs on a certified Microsoft Azure platform
  • We support S/MIME and PGP encryption and use RSA algorithm with a 4096 bit key by default, but we can do elliptic curves as well. Read more about Message encryption in eM Client
  • We of course fully comply with all the GDPR requirements
  • And last but not least – unlike Google or Facebook we never sell, analyze or make profit of your data