Why your email isn't private (and what to do about it)
Gmail, Outlook, and most free email services scan your messages. Here's what that means and what private email actually looks like.
Updated 2026-04-11
What Google sees in your Gmail
Gmail is free because your data funds the business. Google scans email content to personalise advertising, populate Google Calendar events, and train its AI models. Google's terms give them broad rights to process your messages. Crucially, Google holds the encryption keys — meaning they can read your email, and so can anyone with a lawful request or a security breach.
The metadata problem every email service has
Even if an email provider encrypts message bodies, they almost always retain metadata: who you emailed, when, how frequently, and from what device. This metadata alone can reveal sensitive relationships, health concerns, legal situations, and financial activity. The NSA famously argued that metadata surveillance was acceptable precisely because it said nothing about content — despite metadata being extraordinarily revealing.
What private email actually looks like
Genuinely private email requires end-to-end encryption — where only sender and recipient hold decryption keys, not the provider. Proton Mail (Switzerland) and Tutanota (Germany) implement this model. Neither company can read your messages even with a court order. Note: end-to-end encryption only applies when both parties use the same system, or when you manually encrypt outbound messages.
Practical steps you can take today
You don't need to abandon Gmail entirely. Start by using a private email provider for your most sensitive communications — health, legal, financial. Use strong, unique passwords and two-factor authentication on any email account. Be aware that even if you switch providers, people emailing you from Gmail are sending your conversation through Google's servers.
Ready to act on this?
We've reviewed the tools so you don't have to.