Unsubscribe Me — Privacy Policy

🔒 Our Privacy Guarantee: Your data stays on your device. Unsubscribe Me is built entirely on a local-first design. The App has no cloud servers, no analytics, and no tracking. Everything—your emails, metadata, and login tokens—is stored exclusively on your own computer. Absolutely no data is ever transmitted to the developer or any third party, unless you voluntarily send us a support request or bug report.

Effective date: 2026-05-01 Last updated: 2026-05-30

Unsubscribe Me is a desktop application that helps you find and unsubscribe from email subscriptions in your own Gmail mailbox. This Privacy Policy explains what information the application accesses, what it does with that information, and — most importantly — what it does not do.

Unsubscribe Me is designed around a single principle: everything happens on your own computer. The application has no cloud backend, no analytics service, no advertising network, and no telemetry. Your email content, message metadata, OAuth tokens, derived statistics, and screenshots of any automated unsubscribe pages are all stored exclusively on your local device. Nothing is ever sent to us or to any third party other than Google (the operator of your Gmail account) and the unsubscribe destinations chosen by the email senders you are trying to leave.

1. Who this policy applies to

This policy applies to every person who installs and uses the Unsubscribe Me desktop application ("the App", "Unsubscribe Me") on macOS or Windows. The data controller for any personal information the App processes on your device is you — Unsubscribe Me runs locally and we have no ability to access your data.

For questions about this policy, contact support@appstart.one.

2. Information the App accesses

The App requests a single OAuth 2.0 permission from Google when you connect a Gmail account: the https://www.googleapis.com/auth/gmail.modify scope. Under this permission, the App accesses the following information from your Gmail account, on your computer, only at moments you trigger an action:

Type of information	What the App reads or writes	When
Message metadata	Sender address and name, recipient, subject, internal date, `Message-ID`, Gmail message id, `INBOX`/`UNREAD` label membership	When you click "Scan Emails"
Message headers	`List-Unsubscribe`, `List-Unsubscribe-Post` (used to detect RFC 8058 one-click support and `mailto:` unsubscribe addresses)	When you click "Scan Emails"
Message body (HTML)	Parsed only to extract URLs that look like unsubscribe links	When you click "Scan Emails"
Label catalog	Looks up the label named `unsubscribed-by-me`; creates it if missing	When you click "Unsubscribe"
Per-message label changes	Adds the `unsubscribed-by-me` user label; removes the `INBOX` system label (archives the message); removes the `UNREAD` system label (marks as read)	When you click "Unsubscribe"
Outgoing email	Sends a single short message to each `mailto:` unsubscribe address when no HTTPS unsubscribe option exists for that sender	When you click "Unsubscribe"
OAuth tokens	A short-lived access token plus a refresh token, issued by Google to authorize the access above	When you connect an account

The App does not read, retain, or transmit attachments. Message bodies are parsed in memory only for unsubscribe-link extraction and are not persisted after the scan completes; only the extracted URLs, sender/subject/date/label fields above are saved.

3. Where this information is stored

All data persisted by the App lives on your computer in the operating-system-provided application data directory (for example ~/Library/Application Support/one.appstart.unsubscribe-me/ on macOS). Specifically:

A local SQLite database file containing the metadata listed in Section 2 (sender, subject, date, labels, detected unsubscribe URLs, per-sender status).
Your Google OAuth access token and refresh token, kept inside the same SQLite database so that the App can resume access without prompting you on every launch. These tokens never leave your computer except when the App exchanges them with Google's own token endpoint to refresh access.
Optional debug logs in the standard system log location during development; never enabled by default in shipped builds.

No data leaves your computer except the network requests required to:

Authenticate with Google (accounts.google.com, oauth2.googleapis.com),
Read or modify your Gmail account through Google's API (gmail.googleapis.com),
Send the List-Unsubscribe=One-Click HTTPS request to the sender's unsubscribe endpoint when the sender supports RFC 8058,
Send a mailto: unsubscribe email through Google's send API to the address the sender specified,
Load the unsubscribe page inside a hidden in-app browser window when no automated option exists and you have explicitly clicked "Unsubscribe".

4. How the App uses the information

The information described above is used solely to deliver the following user-facing features:

Find subscriptions. List your subscription emails grouped by sender, ranked by volume.
Tell you which senders honor RFC 8058 one-click unsubscribe. Displayed as a badge next to each sender.
Unsubscribe from senders you select. For each, the App:
- For RFC 8058 senders: issues a single POST with List-Unsubscribe=One-Click to the sender's URL.
- For mailto: senders: composes and sends a one-line unsubscribe email from your Gmail account to the address the sender specified.
- For senders with only an HTTPS unsubscribe page: opens that page in a hidden in-app browser window, looks for an unsubscribe-style button using deterministic text patterns (e.g., "Unsubscribe", "Confirm"), clicks it, and reports whether a success message appeared.
Mark processed senders. Adds a Gmail label named unsubscribed-by-me to the affected messages, archives them (removes INBOX), and marks them read (removes UNREAD) so they no longer clutter your inbox.
Show statistics. Per-account counts (unsubscribable, unsubscribed, kept), volume over time, top senders, etc. — all derived from the local SQLite database.
Track senders you've already unsubscribed from so the App can later flag any future email from those senders as a possible violation.

These features are all rendered directly in the App's user interface. The processing is local; no AI/LLM models, no large-scale data analysis service, and no third-party data processor are involved in extracting unsubscribe information or in deciding what to click.

5. How the App does not use the information

The App will never:

Upload, copy, mirror, or otherwise transfer your email content or metadata to any server we operate. We do not operate any server.
Sell or share your information with third parties.
Use your data for advertising, profiling, or marketing of any kind.
Use your data to train, develop, or improve any generalized artificial intelligence or machine-learning model.
Permit any employee, contractor, or anyone else other than you to read your email or any data derived from it. We have no operational access to your machine; the data physically resides only on your computer.

The only exception is: if you voluntarily send us a bug report that includes a log file or screenshot, we will only inspect that information to diagnose the reported issue and will delete it when the issue is closed.

6. Google API Services User Data Policy — Limited Use disclosure

Unsubscribe Me's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, Unsubscribe Me:

Only uses Google user data to provide or improve the user-facing features described in Section 4, all of which are prominent in the App's user interface.
Does not transfer Google user data to third parties, except (a) to perform the user's explicit unsubscribe action against the sender's URL or mailto: address as described in Section 4, (b) as necessary to comply with applicable law or valid legal process, or (c) as part of a merger, acquisition, or sale of assets — in which case affected users would be notified and given the opportunity to delete their data before transfer.
Does not use Google user data to serve advertisements.
Does not allow humans to read Google user data, except (a) with the user's affirmative consent for a specific message (for example, when you choose to view the original message body in the App), (b) where necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized for internal product analytics — though Unsubscribe Me does not currently collect aggregated analytics at all because it has no backend to send them to.

7. OAuth tokens and revoking access

When you connect a Gmail account, Google issues Unsubscribe Me an OAuth refresh token that the App stores locally so you don't have to log in repeatedly. You can revoke this token at any time:

From inside the App: open Settings or the account row in the sidebar and choose "Remove account". This deletes both the token and all locally stored data associated with that account.
From Google directly: visit myaccount.google.com/permissions and remove access for "Unsubscribe Me". Any token already issued will stop working within minutes.

Removing the App from your computer (drag to Trash on macOS, uninstall on Windows) does not delete the application's local data directory automatically. To delete that as well, remove the application support folder listed in Section 3.

8. Security

Unsubscribe Me relies on the security of your computer and your operating system's user account to protect your data. The App:

Stores OAuth tokens and email metadata in a local SQLite file inside your user-account-protected application data directory.
Transmits to Google and to unsubscribe endpoints only over TLS 1.2+ (provided by the operating system).
Is distributed as a notarized macOS application signed with our Apple Developer ID, which gives macOS Gatekeeper a way to verify the build hasn't been tampered with.

Because the App has no server, the most common categories of cloud-service breach — credential database leaks, compromised backups, third-party processor incidents — do not exist for Unsubscribe Me.

You are responsible for protecting your computer with a strong account password, full-disk encryption (FileVault on macOS, BitLocker on Windows), and current operating-system updates.

9. Children's privacy

Unsubscribe Me is not directed to children under 13. We do not knowingly collect personal information from children. If a child has connected a Gmail account, a parent or guardian can remove all data by removing the account in the App and uninstalling.

10. International users

Unsubscribe Me does not transfer your data internationally because it does not transfer your data anywhere. Your email content remains in your Google account in the regions Google manages for your account, and the local copy stays on your computer. Your interaction with Google's services is governed by Google's Privacy Policy.

11. Changes to this policy

We may update this policy when we add new features that change what data the App accesses or how it uses that data. When we do, we will update the "Last updated" date at the top, and — for material changes — display an in-app notice the next time you launch a connected account.

This policy is versioned in the App's source repository at docs/google-approval/privacy-policy.md; historical versions are available via the project's commit history.

12. Contact

If you have questions about this Privacy Policy or about Unsubscribe Me's handling of Google user data:

Email: support@appstart.one
Website: https://appstart.one
Maintainer: Appstart LLC