Update, Sept. 24, 2024: This story, originally published Sept. 23, now includes new information regarding the automatic deletion of other data used by Google.
While users of the world’s largest free email service, Gmail, will hopefully by now be well aware that Google deletes inactive accounts after a two-year hiatus, there’s another deletion process that I wager the vast majority of its 3.45 billion users are unaware of. It is possible to send a private email message using Gmail’s confidential mode with a user-defined expiration date. What’s more, once the expiration date is reached for the recipient and you delete the original, it will be permanently deleted from your account after 30 days and can’t be recovered. Here’s everything you need to know about using confidential mode with Gmail.
What Is Gmail Confidential Mode?
It’s probably best to start with what Gmail’s confidential mode is not: it’s not end-to-end encrypted, nor does it add any further layers of encryption to the default transport layer security encryption that applies to all Gmail messages. If you want genuinely private email you need to look at something like Virtu for adding end-to-end encryption to the Gmail platform or changing to an encryption-focused email service like Proton Mail.
Confidential mode in Gmail allows users to send emails and attachments with added protections that enable senders to define the parameters by which authorized recipients can read the message. So, as the sender, you can set an expiry date for the email, after which the recipient can no longer have access to it, as well as revoke that access at any time of your choosing. You can also require the recipient to enter a verification code sent by SMS in order to open the email.
Forwarding, copying, printing and downloading of the email will also be disabled. However, Google makes it quite clear that confidential mode cannot prevent someone from taking a screenshot of an email and forwarding that to someone else or keep for as long as they want. Indeed, Google goes so far as to warn that malware “may still be able to copy or download your messages or attachments.” So it’s far from a truly confidential solution, but perhaps best thought of as a simple privacy-protecting mechanism for sensitive (but not critically so) emails.
There are some differences in how a recipient deals with confidential mode messages depending upon whether they use Gmail or another email provider. Gmail users just open the email as normal (unless a code has been mandated) while non-Gmail users open the email, click on a link to view the message and are taken to a page where they must enter their Google account credentials to access it.
Make Confidential Mode Messages Disappear From Gmail After 30 Days
Gmail’s confidential mode doesn’t delete messages from both the recipient and sender perspectives by default. Once an email expiration date is reached, then the message itself disappears from the recipient’s inbox or any other folder it has been moved to. However, it remains in the senders sent mail folder. Unless, that is, the sender also deletes it. This is when the 30-day deletion process kicks in: “You can’t recover messages that are permanently deleted or messages that have been in the trash for more than 30 days,” Google said. So, if you want your email to permanently vanish, you need to send a message using confidential mode with an expiry date and then delete the message from your sent folder.
How To Use Confidential Mode In Gmail
The precise user-interface mechanics of confidential mode will vary between Android, iOS and desktop users, but the principle remains the same across platforms.
Open the email compose window.Select confidential mode from the three-dots menu.
Choose your expiry date and whether to require an SMS passcode for verification.
Send the message.
If you opted for access verification by a code, you must add the recipient’s mobile number after hitting send.
There are separate guidelines for commercial users of Google Workspace, which can be found here.
Automatic Deletion Extends Further Than Just Gmail’s Confidential Mode
It’s not just your email messages that can be set to expire and automatically get deleted from the recipient’s inbox; Google also has privacy options in place to enable users to set automatic delete in place for their data as well. Specifically, Google will allow you to set an expiry-date limit that applies to what it calls your web and app activity data. This includes almost everything you do regarding Google services and devices that use them, as well as sites and apps. While the data that Google keeps from your activities is designed to enable a more personalized user experience, think along the lines of personally relevant content recommendations and faster searching; for example, not everyone wants to trade privacy for usability. Thankfully, Google has a My Activity hub that gives users control over such things. You can see your captured activity data and either delete it manually right there and then or choose to delete selected data automatically.
Head to your Google account and the My Activity hub and click on the auto-delete option. This will open a new dialog titled “Choose an auto-delete option for your web and app activity.” This gives you three auto-deletion timescales to choose from: 3, 18 or 36 months.
Google warns that some activity, depending on its precise nature, can expire sooner than the option you have chosen here. So, for example, device general area and IP address data is automatically deleted from the web and app section after just 30 days. Your location and YouTube history can be deleted from the same starting point, which offers the same three automatic deletion options for both.
Some Google data may be saved to other places, such as the data associated with the Maps timeline feature. “You can delete most of your activity that’s saved in those places,” Google said.