Leave Me Alone logoLeave Me Alone

Security at Leave Me Alone

We take security and data privacy very seriously at Leave Me Alone, and we are proud to be open and transparent about how we operate.

What permissions do we ask for?

We only ask for the permissions we need to operate. The following sections explain what permissions we need for each mail provider and what we use them for.

Gmail and Google Workspace

When we connect to your Gmail or Google Workspace (formerly G Suite) account we need the following OAuth scopes (read more about OAuth scopes here).

  • gmail.modify - View and modify but not delete your email.
    • View - We use this to identify subscription emails and display them to you.
    • Modify - We use this to move emails to a specified folder (if enabled). We do not create or send mail, and we cannot delete your mail.
  • profile - View your basic profile info. We use this to show your name and display picture when you log in with Google.
  • email - View your email address. We use this to identify your account and to display which account you are logged in with or have connected.

You can view your Google App permissions or revoke access to Leave Me Alone at any time here.

Gmail permissions requested
Google VerifiedSecurity Audited & Certified

Leave Me Alone is a Google Verified Application. The permissions we need from Google to access your account are restricted scopes, and to access these we have been audited and certified by a Google-approved security assessment company. This is what that means;

  • security assessment - our company, code, and practices were questioned and audited to ensure we are compliant with Google's security standards.
  • vulernability testing - our servers, code, and databases were tested for security vulnerabilities.
  • progressive scopes - the scopes we request were checked to ensure they are as minimal and unobtrusive as possible for us to operate.
  • audited every year - our security practices are audited yearly by an independant organisation in order to be granted access to these scopes by Google.
Connect Google account

Microsoft (Outlook, Hotmail, Live etc)

When we connect to your Microsoft account we need the following OAuth scopes (read more about OAuth scopes here).

  • Mail.ReadWrite - Read, update, create, and delete your emails.
    • Read - We use this to identify subscription emails and display them to you.
    • Update - We use this to move emails to a specified folder (if enabled). We do not create or delete mail, and we cannot send mail.
  • profile - View your basic profile. We use this to show your name when you log in with Microsoft.

You can view your Microsoft App permissions or revoke access to Leave Me Alone at any time here.

Outlook permissions requested
Connect Microsoft account

Yahoo, Fastmail, iCloud, AOL & Other IMAP

When we connect to your mailbox using IMAP we need:

  • email address - Your mailbox email address. We use this with your app password to connect to your mailbox using the IMAP protocol.
  • app password - This is a Leave Me Alone specific passcode that gives Leave Me Alone permission to access your mail.

We have taken several precautions to ensure the safety of your password and your account. Here's how we secure your information;

When we scan for mail:

  • master password encryption - Your authentication details are encrypted by your personal master password (the password you sign in to Leave Me Alone with), and can only be decrypted when you login and fetch your mail.
  • password manager standards - This is similar to security methods used by password management systems, so we are confident your details are secure.
  • session security - When you login, your authentication details are only stored on your session, and are wiped when you log out. There is no way for someone else to access them, even if they were able to get into our system.

When we watch your mail for the Rollups and Shield features:

  • These features require a consistent connection to the email provider.
  • This means that we store your password encrypted in our database in a way that means we can re-use it if we need to reconnect to your account.
  • You can revoke app passwords at any time to force us to disconnect from your email provider.

Other mail providers may or may not require an app password, but the same security precautions are still applied to your credentials.

You can remove Leave Me Alone access to your mailbox at any time by removing your account.

Connect your mailbox now

What data do we store?

If you only use our unsubscribe feature we never store the content of your emails in any form.

If you use our Rollup feature, when you add emails to a Rollup then we fetch, encrypt, and store the content of those emails in order to create your Rollup.

We also store some completely anonymous data which falls into two categories:

  • Statistical data which you see on our homepage and open page. This consists of counts of events such as number of users, number of emails we have seen, number of emails unsubscribed from, total revenue etc.
  • Algorithmic data which you see in your mail list when using the app. This consists of metadata about senders such as email frequencies and unsubscribe rates.
envelope with padlock

Want to know more?

We are proud to be open and transparent about our service in every way we can.

If you have any more questions about how we operate then please get in touch - we will be happy to help!

Start unsubscribing now
squarecat.io logo Made by Squarecat