To work properly, your CryptUp browser extension needs to connect to the Gmail API. This allows you to encrypt and decrypt messages when you choose to.

When you connect to Gmail, the plugin will receive API Tokens to access Gmail. These tokens, and all related privileges (to send and read messages) will strictly stay within your own browser, stored locally in your computer for maximum security.

The code running CryptUp is open-source and anyone can verify the underlying security. Visit CryptUp Sources Repository to learn more or inspect the code. Alternatively, please ask me directly at tom@cryptup.org