Security at Leave Me Alone

We take security and data privacy very seriously at Leave Me Alone, and we are proud to be open and transparent about how we operate.

What permissions do we ask for?

We only ask for the permissions we need to operate. The following sections explain what permissions we need for each mail provider and what we use them for.

Gmail, Yahoo, Fastmail, iCloud, AOL & Other IMAP

When we connect to your Gmail and most other mailboxes we need:

  • email address - Your mailbox email address. We use this with your app password to connect to your mailbox using the IMAP protocol.
  • app password - This is a Leave Me Alone specific passcode that gives Leave Me Alone permission to access your mail.

We have taken several precautions to ensure the safety of your password and your account. Here's how we secure your information.

When we scan for mail:

  • master password encryption - Your authentication details are encrypted by your personal master password (the password you sign in to Leave Me Alone with), and can only be decrypted when you login and fetch your mail.
  • password manager standards - This is similar to security methods used by password management systems, so we are confident your details are secure.
  • session security - When you login, your authentication details are only stored on your session, and are wiped when you log out. There is no way for someone else to access them, even if they were able to get into our system.

When we watch your mail for the Rollups and Shield features:

  • These features require a consistent connection to the email provider.
  • This means that we store your password encrypted in our database in a way that means we can re-use it if we need to reconnect to your account.
  • You can revoke app passwords at any time to force us to disconnect from your email provider.

Other mail providers may or may not require an app password, but the same security precautions are still applied to your credentials.

You can remove Leave Me Alone access to your mailbox at any time by removing your account.

Connect your mailbox now

Google Workspace
(formally G Suite)

When we connect to your Google Workspace account we need the following OAuth scopes (read more about OAuth scopes here).

  • gmail.modify - View and modify but not delete your email.
    • View - We use this to identify subscription emails and display them to you.
    • Modify - We use this to move unsubscribed emails to a specified folder (if enabled). We do not create or send mail, and we cannot delete your mail.
  • profile - View your basic profile info. We use this to show your name and display picture when you log in with Google.
  • email - View your email address. We use this to identify your account and to display which account you are logged in with or have connected.

You can view your Google App permissions or revoke access to Leave Me Alone at any time here.

Gmail permissions requested
Connect Google account

Microsoft (Outlook, Hotmail, Live etc)

When we connect to your Microsoft account we need the following OAuth scopes (read more about OAuth scopes here).

  • Mail.ReadWrite - Read, update, create, and delete your emails.
    • Read - We use this to identify subscription emails and display them to you.
    • Update - We use this to move unsubscribed emails to a specified folder (if enabled). We do not create or delete mail, and we cannot send mail.
  • profile - View your basic profile. We use this to show your name when you log in with Microsoft.

You can view your Microsoft App permissions or revoke access to Leave Me Alone at any time here.

Outlook permissions requested
Connect Microsoft account

What data do we store?

If you only use our unsubscribe feature we never store the content of your emails in any form.

If you use our Rollup feature, when you add emails to a Rollup then we fetch, encrypt, and store the content of those emails in order to create your Rollup.

We also store some completely anonymous data which falls into two categories:

  • Statistical data which you see on our homepage and open page. This consists of counts of events such as number of users, number of emails we have seen, number of emails unsubscribed from, total revenue etc.
  • Algorithmic data which you see in your mail list when using the app. This consists of metadata about senders such as email frequencies and unsubscribe rates.
envelope with padlock

Want to know more?

We are proud to be open and transparent about our service in every way we can.

If you have any more questions about how we operate then please get in touch - we will be happy to help!

Start unsubscribing now