DarwinMail's core technology works in the following four steps:
The user logs into DarwinMail.app,
DarwinMail makes a login request to Google's servers,
Google logs the user in,
DarwinMail asks for the users emails at which point this data is rendered in the user's browser.
None of this email data is stored on DarwinMail's servers. There is no need! Think of all the space it would take up and the time that would be spent retrieving the data.
Google's API & servers do the heavy lifting. DarwinMail allows you to view your emails just like Inbox, and hopefully provides (or will soon provide) the same kind of functionality :)
The following is taken straight from Google's documentation, describing the exact process.
This OAuth 2.0 flow is called the implicit grant flow. It is designed for applications that access APIs only while the user is present at the application. These applications are not able to store confidential information.
In this flow, your app opens a Google URL that uses query parameters to identify your app and the type of API access that the app requires. You can open the URL in the current browser window or a popup. The user can authenticate with Google and grant the requested permissions. Google then redirects the user back to your app. The redirect includes an access token, which your app verifies and then uses to make API requests.
Please feel free to check out the official documentation from Google for further reading.