What You Need to Know about the Privacy of Your Email Signature Software

Find out about the difference between the client-side and server-side tools. Learn about the process of the email signature installation

The matter of privacy in today’s digital world is a sensitive issue, especially when it comes to email signature management. In some cases, it may become the key factor of choosing the tool for your business.

The benefits that businesses get from email signature software solutions are immense. However, it does not mean that you have to sacrifice your privacy to get the advantages.

In this article, we will compare server-side and client-side email signature management tools by pointing out their advantages and disadvantages, and how they affect your privacy.


What Email Signature Management Is and Why You Need It

Email signature management tools are software solutions that simplify the process of creating and managing professional email signatures for the whole organization

Email signature software solutions provide central control over the email signatures of all employees in your domain, ensuring consistency and flexibility of your communication. 

The software solutions allow you to create any email signatures that meet your needs and can be applied to all users in your organization within seconds. 

When it comes to data storage most of the modern email signature management tools are cloud-based.

‘Cloud-based’ means that digital data is stored, managed, and processed on a network of remote servers hosted on the Internet, rather than on local servers or personal computers.

However, email signature management tools are different in terms of how they apply email signatures. In modern practice, there are two major types of email signature solutions — client side and server side

Client-Side Email Signature Management Tools: Pros and Cons

You might be wondering what ‘client side’ means?

In web development, ‘client side’ refers to everything in a web application that takes place on the client (end-user device)

This includes what the user sees, such as text, images, and the rest of the UI along with any actions that the application performs within the user’s browser

This way client-side email signature management tools apply email signatures to the settings of the users.

Most of the email signature management applications you can find on Google Workspace Marketplace are client-side. The email signature installation process using these tools goes through Gmail Web Client’s Settings.

Such client-side tools as BulkSignature can provide email signature management services to Outlook desktop users. However, in order to make it work users need to download client-side Outlook extension for Windows or Mac.


  • Reduced privacy and security risks:

    • No rerouting of your emails to a separate server.

    • The content of your emails is never accessed or stored by third-party apps.

    • You can remove permissions for the app, using built-in Google Workspace security.

  • Easy to use, takes less time to learn

  • Lower costs, the client-side signature management apps don’t require you to pay for the server

  • The signatures appear on user’s end almost immediately


  • Limited in functionality:

    • Google Workspace Marketplace apps can’t prevent employees from editing their own signatures.

    • One person can have only one signature.

    • The inability to set up rules and filters based on sender and a receiver.

  • API limitations:

    • Email signatures for replies and forwarded email cannot be set up on API level.

    • Gmail API compresses the images and lowers their quality.

The difference between client-side and server-side email signature management tool

Server-Side Email Signature Management Tools: Pros and Cons

On the other hand, ‘server side’ means that all the changes and activities happen on the server

In the past, nearly all business logic ran on the server side, and this included rendering dynamic webpages, interacting with databases, identity authentication, and push notifications. 

Server-side email signature management tools attach signatures after emails are sent, which means users don’t see the signature while composing the email. 

This procedure is known as ‘rerouting’. 

‘Rerouting’ implies that emails are going through third-party servers, where the email signatures are applied, before forwarding them to the intended recipients. 

In other words, with server-side solutions, your emails are first received by servers, then processed, and finally forwarded to the recipient’s mailbox with the selected email signature.


  • Flexibility in functionality:

    • You can create the email signature for certain senders and receivers of emails.

    • Ability to include complex rules/filters, and attach email signatures based on those rules.

    • One person can have as many signatures as needed.

  • Works on every platform imaginable. Email platforms’ compatibility is not an issue since the email signatures are attached on the server.

  • Users cannot change their email signature, since they do not see them while composing emails so the content of the signatures can’t be modified. The signatures will only be displayed after an email is sent based on the defined rules.


  • Potential for privacy and security issues:

    • There is a middle man for every email going out of your server.

    • Your email is fetched by the server in the process.

    • There is a risk that your security could be compromised.

  • Higher costs:

    • Server-side apps have higher running costs because you have to pay for the server.

    • Additional features and functionality that is provided by server-side solution affects final pricing.

  • More complicated to learn and use:

    • These apps require training and are not as simple and self-explanatory as client-side signature management apps.

    • In some cases, training is required and may occupy more than 24 hours.

How to Compare Server-Side and Client-Side Email Signature Management Tools

The most important thing to understand is that Google Workspace API apps are much more secure due to the following reasons:

  1. The permissions for each app can be controlled individually

  2. Every app that you install from the Google Workspace Marketplace can access only certain parts of your domain

  3. Google Workspace applications request permission to manage the specific features for you

  4. Permissions for the installed applications can always be revoked if you no longer need the app to operate in a certain way

  5. Google Workspace API supports OAuth2 scope

What is OAuth2 Scope?

OAuth 2.0, which stands for “Open Authorization”, is a standard designed to allow a website or application to access resources hosted by other web apps on behalf of a user.

It replaced OAuth 1.0 in 2012 and is now the de facto industry standard for online authorization.

OAuth 2.0 provides consented access and restricts actions of what the client app can perform on resources in the name of the user without ever sharing the user’s credentials. 

It also allows users to share specific data with an application while keeping their usernames, passwords, and other information private. 

For example, an application can use OAuth 2.0 to obtain permission from users to store files in their Google Drives. This is how OAuth 2.0 flow works for user authorization.

Why Google Workspace needs Permissions when Installing the App

To define the level of access granted to your app, you need to identify and declare authorization scopes. An authorization scope is a OAuth 2.0 URI string that contains the Google Workspace app name, what kind of data it accesses, and the level of access.

Google Cloud Storage uses scopes to determine what permissions an identity has on a specified resource. Google scopes are formatted as urls. There are three basic types: read-only, read-write and full-control. read-only. Only allows access to read data, including listing buckets.

Why BulkSignature is the Best Choice for Your Privacy Needs

The key advantage of such client-side applications as BulkSignature is about limited access to its users’ data. BulkSignature operates without getting access to the user emails or any other sensitive data, such as usernames, passwords, etc.

OAuth 2.0 is supported by BulkSignature and users can see what the tool gets access to. Using the scope BulkSignature can automatically install email signatures to users’ settings. 

Although the application has permissions to the enlisted points, BulkSignature uses the minimum to set up the email signatures.

We use the Google Workspace Admin platform for transferring information about your company so that the app could use it for your email signatures.

The detail information about your privacy and permissions on BulkSignature

You may edit some of the information related to your company in Google Workspace from our platform. For example, you may edit personal details of your employees, their groups and organization units, company information from our web app. 

We will use those changes only for the creation of signatures and we do not push the modified data back to your Google Workspace account. We may also get the new updated data once you press the import button.

For the seamless work of our application we access, collect and store the following data from your Google Workspace Admin account:

  • User/admin profile details: such as full name, email, phone number, address, organization name, etc

  • Employee details and users of a domain: first and last name, email address, phone number, mailing address, department name, assigned group, and organizational unit of all employees active in G Suite account

  • Details about groups: such as a list of group names and group subscriptions. We will also access the data about which employees belong to which group

  • Organizational units. We collect names and descriptions of organizational units, their nested hierarchies, and the information about members of organizational units

  • User schemas on your domain. We can view certain details (e.g., custom field names and types) of user schemas on your domain

  • Basic Gmail setting. We can access the following basic settings on Gmail: primary email address, primary reply-to, display name and signature, view and manage filters

  • Sensitive Gmail settings that include forwarding rules and aliases

Control your access on BulkSignature

In the process of installing BulkSignature, you can choose whether you want to share access to the Gmail settings of all users or only specific ones.

BulkSignature takes your privacy to the next level by letting you skip importing some organizational units. This feature is available only on request. If you wouldn’t like to disclose the list of the user names on your domain, you can contact us and the app will import only some organizational units to the BulkSignature app.

You can always revoke permissions when terminating the subscription easily. On top of that, according to GDPR compliance, we can always delete your data from BulkSignature’s databases on request.