Transparency

How UnsubSwipe handles your Gmail data

Our Core Promise

Your email data never touches our database. Everything is processed in real-time and stored only in your browser.

How Your Data Flows

Gmail API

Google servers

→

UnsubSwipe Server

Processes unsubscribes

→

Your Browser

Data stored here only

What We Access & Why

gmail.readonly - Read Your Emails

Why: To scan your inbox for newsletter subscriptions and display them to you.

What we read: Only promotional emails with "List-Unsubscribe" headers or from common newsletter domains.

gmail.modify - Modify Labels

Why: To mark emails as read or archive them after you unsubscribe (optional feature).

What we modify: Only emails you explicitly choose to unsubscribe from.

gmail.send - Send Unsubscribe Requests

Why: Some newsletters require an email to unsubscribe (e.g., "mailto:unsubscribe@example.com").

What we send: Only unsubscribe request emails with subject "Unsubscribe" - nothing else.

What's Stored Where

Our Database

Nothing. We don't store any of your email data.

We only store OAuth tokens (encrypted by NextAuth)

Your Browser (localStorage)

Emails you chose to "Keep"

Emails you unsubscribed from

This data is cleared when you clear browser data or log out.

The Code (Proof)

1. We Don't Save Email Content to Database

// lib/gmail.ts - Scan function
export async function scanSubscriptions() {
  // Fetch emails from Gmail API
  const subscriptions = await fetchFromGmail()
  
  // Return directly to client - NO database write
  return { subscriptions }
}

2. History Stored in Browser Only

// components/Dashboard.tsx
const handleKeep = (id: string) => {
  // Store in localStorage (your browser only)
  localStorage.setItem("keptEmails", ...)
  
  // No API call to save this data
}

3. Unsubscribe Happens Server-Side (No Storage)

// app/api/unsubscribe/route.ts
export async function POST(req) {
  // Fetch unsubscribe link
  const response = await fetch(unsubscribeLink)
  
  // Return success - link is NOT saved
  return { success: true }
}

Additional Privacy Guarantees

No email content is ever stored on our servers - everything is processed in real-time
OAuth tokens are encrypted by NextAuth.js and stored securely
You can revoke access anytime via your Google Account settings
Open source - our code is publicly viewable on GitHub
No third-party analytics or tracking - we don't use Google Analytics, Facebook Pixel, or similar tools

Common Questions

Can UnsubSwipe read all my emails?

Technically yes (we have gmail.readonly scope), but we only scan promotional emails. Our code filters for emails with "List-Unsubscribe" headers or from domains commonly used by newsletters. We never read personal emails, attachments, or sensitive content.

What happens to my OAuth token?

Your OAuth token is encrypted and stored by NextAuth.js in our database. This is required for the app to function. The token is only used to make Gmail API requests on your behalf and is never shared with third parties.

How do I completely remove my data?

1. Clear your browser data (this removes all history stored locally)
2. Revoke UnsubSwipe's access via Google Account → Security → Third-party apps
3. This will delete your OAuth token from our database

Do you sell or share my data?

No. We don't store your email data, so there's nothing to sell. Your OAuth token is only used to access your Gmail on your behalf and is never shared with anyone.

Still Have Questions?

We're committed to transparency. If you have any concerns about privacy, reach out to us.

View Source Code Back to App