Security is one of our top concerns, and we're looking into different ways to make it as airtight as possible. We'll have more info on security before we launch.

At the moment, we're integrating through GMail through their API, so you can revoke access at any time, and we never see your password.

Hey, GMail doesn't have a public API does it? Could you tell us a bit about how you integrate with gmail, I thought they kept it pretty locked down?

You mean other than SMTP or POP? Those are both definitely public APIs.

And you can set separate passwords for various applications if you enable two-factor authorization.

Those also require your password, as far as I'm aware.

Baudehlo is correct. Gmail provides a SASL extension called XOAuth that allows you to authenticate IMAP/SMTP with OAuth tokens.

Well, that's cool.

Yes, you OAuth and then you can use IMAP with XOAUTH login.

but you must still store the emails in your own database correct? or do you never store them at all?

Same. I don't like each and every proposed solution that all the recent email clients have, but I live a life which, like it or not, involves a hell of a lot of email. So against all odds, seeing people trying to seriously tackle email from different angles is exciting.

I had a long conversation with a friend over lunch once where we both started by imagining a severely improved client, and eventually concluded that once you had traction with that the real benefits would come from a severely improved protocol. A lot of what makes email suck seems pretty baked into it historically.

Yeah, I agree. We came to a similar conclusion and that's definitely one of our long term goals.