Industry-Standard Security
For users who want to use MailToDoList on multiple devices, MailToDoList stores user data in a Google Cloud Firestore online database.
MailToDoList encrypts that information before it leaves your device using AES-GCM encryption and a 256-bit primary key.
MailToDoList uses your secret passphrase and the PBKDF2 algorithm with 310,000 iterations to derive an AES-GCM 256-bit secondary key.
It encrypts your primary key using your secondary key.
It stores the encrypted primary key on your device inside Chrome-managed storage.
If you have Chrome set to sync extension data via your Google account, Google syncs that encrypted primary key to your other devices.
(If you do not have Chrome set to sync extension data, you will only be able to use MailToDoList from one device.)
When MailToDoList needs to encrypt or decrypt your data, it uses your passphrase to re-derive your secondary key, it uses your secondary key to decrypt your primary key, and it uses your primary key to encrypt or decrypt your data.
What this means is that MailToDoList's developer cannot read your email.
Furthermore, if you do not need to use MailToDoList on multiple devices, you can set MailToDoList to store its encrypted user data only on your device, not in MailToDoList's online database.
Work smarter and be less stressed with MailToDoList.