Leave Me Alone logoLeave Me Alone

Security at Leave Me Alone

We take security and data privacy very seriously at Leave Me Alone, and we are proud to be open and transparent about how we operate.

What permissions do we ask for?

We only ask for the permissions we need to operate. The following sections explain what permissions we need for each mail provider and what we use them for.

Gmail and Google Workspace

When we connect to your Gmail or Google Workspace (formerly G Suite) account we need the following OAuth scopes (read more about OAuth scopes here).

  • gmail.modify - View and modify but not delete your email.
    • View - We use this to identify subscription emails and display them to you.
    • Modify - We use this to move emails to a specified folder (if enabled). We do not create or send mail, and we cannot delete your mail.
  • profile - View your basic profile info. We use this to show your name and display picture when you log in with Google.
  • email - View your email address. We use this to identify your account and to display which account you are logged in with or have connected.

You can view your Google App permissions or revoke access to Leave Me Alone at any time here.

Gmail permissions requested
Google VerifiedSecurity Audited & Certified

Leave Me Alone is a Google Verified Application. The permissions we need from Google to access your account are restricted scopes, and to access these we have been audited and certified by a Google-approved security assessment company. This is what that means;

  • security assessment - our company, code, and practices were questioned and audited to ensure we are compliant with Google's security standards.
  • vulernability testing - our servers, code, and databases were tested for security vulnerabilities.
  • progressive scopes - the scopes we request were checked to ensure they are as minimal and unobtrusive as possible for us to operate.
  • audited every year - our security practices are audited yearly by an independant organisation in order to be granted access to these scopes by Google.
Connect Google account

Microsoft Office365 (Outlook, Hotmail, Live etc)

When we connect to your Microsoft account we need the following OAuth scopes (read more about OAuth scopes here).

  • Mail.ReadWrite - Read, update, create, and delete your emails.
    • Read - We use this to identify subscription emails and display them to you.
    • Update - We use this to move emails to a specified folder (if enabled). We do not create or delete mail, and we cannot send mail.
  • profile - View your basic profile. We use this to show your name when you log in with Microsoft.

You can view your Microsoft App permissions or revoke access to Leave Me Alone at any time here.

Outlook permissions requested
Connect Microsoft account

Yahoo, Fastmail, iCloud, AOL & Other IMAP

When we connect to your mailbox using IMAP we need:

  • email address - Your mailbox email address. We use this with your app password to connect to your mailbox using the IMAP protocol.
  • app password - This is a Leave Me Alone specific passcode that gives Leave Me Alone permission to access your mail.

Some mail providers may or may not require an app password, but the same security precautions are still applied to your credentials.

You can remove Leave Me Alone's access to your mailbox at any time by removing your account.

Connect your mailbox now

What data do we store?

When you connect your email account we search and fetch the subscription emails from that account, and store the metadata of these emails in our database.

If you use our Unsubscribe feature we store the metadata of the emails you unsubscribe from.

If you use our Rollups feature, when you add emails to a Rollup then we fetch, encrypt, and store the content of those emails in order to create your Rollup.

If you use our Inbox Shield feature, we monitor emails that arrive in your email account and store their metadata for the use of our Inbox Screener.

We also store some completely anonymous data which falls into two categories:

  • Statistical data which you see on our homepage and open page. This consists of counts of events such as number of users, number of emails we have seen, number of emails unsubscribed from, total revenue etc.
  • Algorithmic data which you see in your mail list when using the app. This consists of metadata about senders such as email frequencies and unsubscribe rates.
envelope with padlock

Want to know more?

We are proud to be open and transparent about our service in every way we can.

If you have any more questions about how we operate then please get in touch - we will be happy to help!

Start unsubscribing now
squarecat.io logo Made by Squarecat