Most people don’t think of their email inbox as a personal archive. But in practice, that’s often what it becomes.
Years of receipts. Medical appointment confirmations. Bank statements and insurance documents forwarded to yourself. Personal correspondence from people who have died. Records of decisions, purchases, relationships, and crises. The things you emailed yourself to remember. The attachments you sent from work accounts before leaving a job.
Gmail is the world’s most widely used email service, and for many of its users, it’s also the most comprehensive personal record that exists about their lives. In late 2025, Google made a change that affects what happens to all of that: it enabled Gemini AI by default for Gmail, allowing Google’s AI to analyze the content of your emails.
What Gemini Does With Your Emails
Google Gemini — the AI assistant integrated into Google’s Workspace services — can read and process your Gmail content. The stated purpose is to provide features like:
- Email summaries at the top of long threads
- Smart replies and AI-drafted response suggestions
- The ability to ask Gemini questions about your inbox (“What did I agree to send Sarah last week?”)
- AI-powered search that understands semantic meaning rather than just keywords
- Suggestions for calendar events, tasks, and reminders pulled from email content
These are genuinely useful features. The privacy question is what it costs to have them.
When Gemini processes your email, your email content — the text, the attachments, the metadata of who sent what to whom — is processed by Google’s AI infrastructure. The content you’re asking AI to analyze is ingested, interpreted, and used to generate responses. The specific retention and use policies for that processing depend on which Google products you’re using and what settings are active.
The Default That Changed
Before late 2025, AI processing of Gmail content was opt-in. Users who wanted AI features had to actively enable them.
Google changed this. Gemini’s smart features became the default for Gmail users, turning them on automatically rather than waiting for users to seek them out. The opt-out still exists, but the opt-out model means the AI processes your email until you actively stop it — and most users don’t know the default changed.
This follows a pattern in how major tech platforms expand AI access to user data. Features start as opt-in novelties to demonstrate value, then become default once the feature is familiar, and eventually become deeply integrated enough that opting out means losing significant functionality.
For Gmail users who never changed their settings, Gemini has been processing their emails since the default changed. For users who actively disabled smart features earlier, re-evaluation may be necessary since the defaults and available options have changed across Google’s product updates.
What “Used to Improve Services” Means in Practice
Google’s terms state that it may use content from its services to improve those services. This language, which appears in various forms across Google’s products, is broad.
Practically, this means:
Training data: AI models improve through training. Content processed by Gemini can contribute to improving the AI, either through direct training or through the signals that model usage generates about what the AI got right or wrong.
Personalization: Gemini’s responses become more contextually relevant as it processes more of your content across Google’s services. Email content informs this personalization.
Cross-service intelligence: Google’s systems can draw connections across Gmail, Calendar, Drive, Search, and other services. An email referencing an upcoming trip can surface in Calendar. A document discussed in email can be suggested in Drive. The intelligence becomes more useful as more data is cross-referenced.
The distinction between “used to improve the service” and “used to target advertising” has become less meaningful as AI systems that improve on training data are also the systems that power ad relevance. Google doesn’t sell email content directly to advertisers, but the AI capabilities trained on email content make the advertising platform more effective.
Gmail Is Not Encrypted End-to-End
A foundational fact about Gmail that many users don’t fully appreciate: Gmail is not end-to-end encrypted by default. This is different from what many users assume after years of security improvements in consumer tech.
Gmail encrypts data in transit (between your device and Google’s servers) using TLS, and encrypts data at rest on Google’s servers. But Google holds the encryption keys. Google can technically read your email. Google can be compelled by legal process to produce your email content. A sophisticated breach of Google’s infrastructure could expose readable email content.
This is the standard architecture for virtually all major email providers except services like Proton Mail, which are designed around zero-knowledge encryption where the provider cannot read your content.
For most email — communications with businesses, newsletters, transactional emails from services — this isn’t a significant privacy concern. But email archives frequently contain sensitive personal records that users assume are protected in ways they structurally aren’t.
The Personal Archive Problem
The emails people treat as sensitive personal records include categories that, if the same information appeared on a server belonging to a healthcare provider or a bank, would be subject to specific regulatory protections. In Gmail, they’re governed by Google’s terms of service.
Medical correspondence: Appointment confirmations, prescription confirmations, results notifications, communications with providers. These are not covered by HIPAA when they’re in your Gmail inbox — HIPAA applies to the covered entities that sent them, but not to you or Google when the email is in your inbox.
Financial records: Bank statements, investment account summaries, loan documents, tax notices. These contain account numbers, balance information, and financial history.
Legal documents: Correspondence with attorneys, lease agreements, contracts, court documents, HR communications about employment disputes. Attorney-client privilege as traditionally understood doesn’t apply to email stored in plaintext on a third-party server.
Personal correspondence: Messages with family members, records of relationships, communications during difficult personal periods. The content of these emails tells a story about your life that you may never have intended to make accessible to a large technology company’s AI systems.
When Gemini analyzes your inbox to help you find a thread or draft a reply, it’s processing all of this — not just the innocuous work emails.
The Legal Process Exposure
Google receives hundreds of thousands of legal requests for user data per year. The company reports on these in its transparency report, but the aggregate statistics obscure the individual experience of having your Gmail produced to law enforcement or civil litigants.
Emails in Gmail can be compelled through:
- Criminal subpoenas issued to Google by law enforcement
- Civil discovery requests (in lawsuits where your email is relevant)
- Orders from government agencies with regulatory authority
Unlike content stored with end-to-end encryption, Gmail content can be produced in readable form because Google holds the keys. The content of your personal archive is accessible to Google’s legal compliance team when a valid legal order arrives.
This doesn’t mean Gmail users are being actively surveilled or that most users will ever be the subject of a legal request. It means the possibility exists in a way that it doesn’t for email content encrypted with keys only you hold.
The 2025 and 2026 Incidents
The risks of centralising personal records in Google’s infrastructure aren’t hypothetical.
In 2025, a Malwarebytes investigation confirmed that Gmail’s smart features — its AI capabilities — were reading email and attachment content to improve its AI systems, and that this was occurring without users having actively enabled the feature (or understanding that the feature had been turned on). Google clarified that users could opt out through the “Smart features and personalisation” setting, but the default had changed without clear communication.
In early 2026, a data incident involving 48 million Gmail credentials found in an unsecured database raised questions about the exposure of user account data in third-party systems that interface with Gmail. The credentials themselves were not attributed to a direct breach of Google’s own systems, but the incident illustrated how account access to Gmail translates into access to everything in a Gmail-based personal archive.
A California federal jury ordered Google to pay more than $425 million in a class action lawsuit relating to privacy practices. The specific claims involved conduct that the jury found violated users’ reasonable expectations about how their data was being used.
How to Audit Your Gmail AI Settings
If you want to understand and control how Gemini accesses your Gmail:
Find the Smart Features settings: In Gmail on desktop, go to Settings (gear icon) → See all settings → General. Look for “Smart features and personalisation.” This setting controls whether Gmail uses your email content for smart features that are unique to you. You can turn it off here.
Check Google Account-level AI settings: At myaccount.google.com → Data & Privacy → Web & App Activity. This broader setting affects how Google uses your activity across its services to personalise experiences. Pausing this limits how activity is used for AI improvement.
Review the Gemini Apps activity setting: If you use Google Gemini directly, its activity setting determines whether your Gemini conversations are used to improve AI models.
Turning these settings off doesn’t delete historical data that has already been processed. For that, use the Data & Privacy section to review and delete activity stored in your Google Account.
The Alternative Architecture
The underlying problem with using Gmail as a personal archive is architectural: Gmail is designed around communication, not personal record storage, and the business model depends on understanding the content of your communications.
For personal records that don’t need to be emailed — documents you want to store, notes about your life, files you want to keep accessible — a dedicated private storage service occupies a different position in Google’s ecosystem. Storing records in a separate service that doesn’t index content for AI training creates a boundary between your communications history (which is inherently harder to protect since it involves other parties) and your deliberate personal archive.
The practical limitation of this approach is changing habits. Emailing a document to yourself is fast and familiar. Saving it to a dedicated file storage service requires an extra step and an additional app.
But the architectural difference matters: a file stored in a service built around private personal storage, not advertising-funded communication, is subject to different privacy terms than the same file forwarded to yourself in Gmail.
What You Can Actually Do
Stop forwarding sensitive documents to yourself in Gmail. This is the most immediate change. Instead of emailing yourself a document to save it, save it to a dedicated file storage service from the start.
Download your email archive. Google Takeout (takeout.google.com) allows you to download your entire Gmail archive as an mbox file. This gives you a local copy of your email history that exists independent of Google’s systems, which you can store in a more private location.
Turn off Gemini smart features in Gmail. The setting exists; use it if you’d prefer your inbox not be processed for AI. Accept the tradeoff that you lose AI features like smart replies and thread summaries.
Consider what you’re emailing yourself. For one-off document transit, email is fine. For long-term storage of sensitive records, the email inbox is a poor choice of location: indefinite retention, AI processing, full content searchable by Google’s systems.
Separate your personal archive from your email account. Treat your email inbox as an inbox — a temporary holding place for things in transit — rather than a filing cabinet. Archive things that matter to a dedicated service. Delete things that don’t.
The Core Tension
Google’s AI features in Gmail are useful. Semantic search, thread summaries, and AI-drafted responses save time and reduce friction. Google has spent billions of dollars building AI infrastructure that genuinely improves these tools.
The cost of those features is Google’s access to the content of your email. For most of what goes through an inbox, that tradeoff is acceptable. For the personal records that accumulate over years in a Gmail archive — medical histories, financial documents, personal correspondence — the tradeoff is worth making explicitly, with clear understanding of what’s being exchanged.
The default, as of 2026, is Gemini on, AI processing active, content flowing into Google’s systems to power personalisation and feature improvement. That default reflects what Google has decided is the right balance for most users. Whether it’s the right balance for you, given what your inbox actually contains, is a decision worth making deliberately rather than by accident.
Your email inbox is a more complete record of your life than almost anything else in digital form. The privacy model that governs it deserves at least as much attention as the people you choose to share that record with.