Privacy Policy

Last updated: Mar 12, 2026

This policy covers both the Paperweight desktop app and this website.

Paperweight is a local-first desktop application. Your email data stays on your computer and is never uploaded to our servers.

What data we access

When you connect your email account, Paperweight requests permission to:

  • Read your emails - to scan for mailing lists, and other accounts
  • Modify emails - to trash, archive, or mark emails as spam when you choose
  • Google API Services User Data Policy - Paperweight's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

All processing happens locally on your device. We never see, store, or transmit your email data.

What data we collect

The desktop App does not collect any data. Not even analytics or usage data. Everything happens locally on your device.

  • When you connect an email account, Paperweight accesses your emails locally via your provider's API. That data is stored in a local database on your computer and never transmitted to our servers. You can delete it at any time by disconnecting your account in the app or uninstalling — both remove all locally stored data. OAuth tokens used to authenticate are stored locally and never accessible to us.

This website may collect limited data when you choose to provide it:

  • License validation - when you purchase a license, our payment provider (Polar.sh) verifies it's valid. This doesn't include any email data.
  • Newsletter signup - if you enter your email to get updates, we store that email for the purpose of sending product announcements and updates. You can unsubscribe at any time. Using the desktop App does not sign you up for the newsletter.
  • Website analytics - we use Plausible to understand which pages are visited. This is a privacy-friendly analytics tool designed to avoid collecting personal data.

Data protection

All communication between the Paperweight app and your email provider uses secure HTTPS/TLS encryption. OAuth tokens are encrypted and stored locally using your operating system's secure credential store (macOS Keychain or Windows Credential Manager). Any cached email headers or account metadata are stored locally in the application data folder on your device.

Open source

Paperweight is open source. You can verify exactly how it works by reviewing the code at GitHub.

Third parties

  • Email providers (Gmail, Outlook, etc.) - Paperweight connects directly using their official APIs. Your data is governed by their privacy policies.
  • Payment processing - handled by Polar.sh. We never see your payment details.
  • Newsletter email delivery - handled by Resend. We store your email address for newsletter delivery only.
  • Website analytics - handled by Plausible.

Data retention and deletion

Paperweight retains your Google user data (such as email metadata, found accounts, and OAuth tokens) strictly locally on your own device. We do not retain any of this data on external servers.

You can delete this local data at any time by:

  • Wipe all data within the Paperweight app.
  • Uninstalling the application from your device.
  • Revoking Paperweight's OAuth access from your Provider's Account settings.

Contact

Developer: westech
Email: hello@paperweight.email