Security and Privacy

Last Updated: Sep 8, 2025

This is a standalone application that runs locally on your system without relying on cloud-based systems or remote servers for core functionality.

The software communicates directly with email servers from the installed system without intermediaries. PRO versions offer optional integrations you can configure with external services like ChatGPT and webhooks for enhanced capabilities.

The software securely connects to mail servers using TLS 1.2+ encryption and fully supports two-factor authentication. For enhanced security, the application implements OAuth 2.0 protocol, allowing you to authenticate without ever sharing your password directly with the software.

As an end user, you are solely responsible for ensuring that you secure any downloaded or processed data and you abide by all applicable laws. The program does not scan the downloaded data for viruses. For more, refer to our End User License Agreement.

Paid versions include optional analytics (available in the Logs tab) that can be disabled. No sensitive information is sent to Analytics (see our Privacy Policy for more). We use this data solely to improve our products. Paid versions also require periodic connections to *.gearmage.com for license verification, which must be permitted for continued operation.

In summary, all your sensitive information including account credentials, passwords, tokens, and downloaded data is stored exclusively in the locations you configure. The only external data sharing occurs through analytics, which is optional and can be disabled in the paid versions.

Security Information

Support for TLS

The program supports TLS 1.2+ over IMAP, POP3, or Microsoft protocols (eg. Exchange, MsGraph) for transport security when connecting to a mail server. Only connections presenting valid certificates are accepted. This is turned on by default for most common mail servers and you can configure this if you are connecting to your own server. The program does not support the less secure STARTTLS protocol.

Secure storage of passwords and tokens

All credential information (like passwords or tokens) are securely stored in the windows credential manager for the account on the Windows user account (or service) and system where the software is installed. That is, they can't be accessed or tampered with without the right authorization to access the Windows account (or service credentials).

Support for OAuth or modern authentication

The program fully supports standards-based OAuth 2.0 also sometimes referred to as modern authentication.

The program, when using OAuth, will not know or store your password, instead the program stores a long-lived token instead of your password on the system that you can revoke by resetting your password on your email cloud provider or removing access in your email cloud provider.

The program defaults to OAuth for all popular email services such as Gmail, Outlook, and Office 365.

Custom application registration (or app-only access)

Alternative to using end-user based OAuth (where the end user is granting permissions to their account), you can optionally choose to provide a tenant id, client id and client secret in the app's Settings -> Custom App Registration tab for a given Account. This is also called the client credentials flow in the OAuth standard.

This is usually not recommended for native applications where end users use the program, however, you may choose to do this if this is running 24x7 as a Windows service for a specific purpose within a secure system (eg. native or cloud-based) to further control security. The benefit of this is that token revocation issues like password resets causing the program to require the user to re-authenticate will not be an issue. However, it also means that the client credentials need to be carefully provisioned and secured.

This will require you to register this program as a custom application in your email cloud provider (eg. Microsoft 365, Google etc.). Doing so will require you to provide necessary permissions (called scopes) to the program for it to function. You can then restrict scopes and further control what the program has access to.

To find out which scopes you need to provide the app access to, open the settings for the account from inside the program (Settings button next to the Account dropdown), and locate the Permissions tab. You will find the Requested and Granted scopes. Make sure the application has access to all the Requested scopes at a minimum.

Application password support

Alternative to using OAuth, you can use a custom application password generated by you and configured within your email provider for this application. This is less secure than OAuth, however, you may choose to do so if the circumstances require it. The program will still use TLS 1.2+ to connect and send the application password over that secure connection to authenticate itself.

If using this option, you will be entering this custom application password instead of your account password in the program to authenticate with the email provider.

Privacy Information

Please refer to our Privacy Policy for more information about how we use your data.

Processed or downloaded content (eg. emails, documents)

All downloaded content is stored only at the location you have configured within the program. This data is not sent to our servers or shared with any third-parties.

Logging and external communications

No credential information (such as passwords or tokens) are logged on the system or sent elsewhere. For example, when you enable verbose logging, your password or tokens are never logged in the logging files. All logs are only locally stored on the system where this is installed.

Moreover, there are no instances where the program will communicate any sensitive information such as credential information to any external party, servers, or entities outside of the system where it is installed except to the mail server that requires those credentials.

With the PRO versions you can turn off analytics that the program collects. We use analytics only to track how you use program for the purpose of fixing or improving our products and services. Analytics does not track sensitive information such as the contents of documents, emails, tokens, or passwords.