Paperweight tackles a tedious but important problem: understanding your digital footprint linked to your email address. It scans your inbox locally to identify every service and vendor tied to your email, then helps you reduce privacy exposure by automating unsubscribe and GDPR deletion requests. What sets it apart is that everything happens on your desktop — no data is sent to external servers — while supporting major providers like Gmail, Microsoft, and Proton Mail.
What paperweight does and how it works
At its core, Paperweight is a desktop application written in TypeScript that connects to your email inbox using IMAP or provider-specific APIs. It scans emails within a configurable window (30 days for the free tier), parsing raw email headers to extract unique sender domains and build a comprehensive inventory of your digital footprint.
The architecture centers on a local-first design where all processing — scanning, parsing, breach checking, and automation — happens on the client. This means your email content and metadata never leave your machine, addressing privacy concerns that often accompany cloud-based email tools.
Paperweight supports major email providers out of the box: Gmail, Microsoft, and Proton Mail (via Proton Bridge). For broader coverage, it includes IMAP pre-configuration for eight additional providers. The scanning process leverages IMAP to efficiently retrieve email headers, avoiding full message download when possible.
Key functional components include:
- Parsing email headers to identify senders and linked services
- Consulting haveibeenpwned.com to cross-reference breaches associated with these senders
- Automating unsubscribe and GDPR deletion requests, reducing manual effort to clean up your digital footprint
The UI guides users through connecting accounts, scanning inboxes, and managing the cleanup workflow.
Technical strengths and design tradeoffs
The standout technical aspect is the email-provider-specific connection logic combined with the local parser extracting unique sender domains from raw email headers. This local-first approach avoids the privacy tradeoff of cloud scanning but introduces complexity in supporting diverse email providers and protocols locally.
The codebase is TypeScript-based and open source, which makes it approachable for contributions and audits. Parsing raw headers rather than relying on API metadata is a double-edged sword: it maximizes data extraction but requires careful handling of varied and sometimes inconsistent header formats.
The integration with haveibeenpwned.com adds value by contextualizing your footprint against known breaches, but querying an external service means some data leaves the client. However, Paperweight limits this to just the domain breach checks, not full email content.
Automation of unsubscribe and GDPR deletion requests is a practical addition that tackles a real user pain point. Yet, fully reliable automation is challenging given inconsistent unsubscribe mechanisms across services, so the app balances automation with user control.
The free tier restricts scans to a 30-day window, which is a reasonable tradeoff for resource usage and user onboarding. The paid perpetual license unlocks unlimited history scanning and multi-account support, widening applicability for power users.
Overall, the code quality is surprisingly clean for a privacy-focused app juggling multiple providers and protocols. It leans on well-known libraries for IMAP and HTTP requests, focusing effort on the unique parsing and automation logic.
Quick start
- Download latest release for your platform
- Connect your email
- Scan your inbox in ~2 minutes
- Start unsubscribing and deleting
This minimal quickstart reflects the app’s focus on simplicity and user-driven privacy management. Scanning speed is impressive, considering the local parsing and breach lookups.
# Example usage flow (from README):
# 1. Download
# 2. Connect email account
# 3. Scan inbox
# 4. Manage unsubscribe/delete requests
Verdict
Paperweight is a solid choice if you want a local-first tool to map and reduce your online footprint tied to your email. It respects privacy by keeping processing client-side and supports major email providers with thoughtful automation of unsubscribe and GDPR requests.
That said, it’s not a silver bullet. The complexity of email protocols and inconsistent unsubscribe practices mean some manual oversight remains necessary. Its free tier limits historic reach, which might frustrate users with deeper inboxes unless they opt for the paid tier.
If you’re privacy-conscious and comfortable running a desktop app with email access, Paperweight offers a practical way to regain control over your digital exposure. Developers interested in email parsing and local privacy tools will find its codebase approachable and well-structured for extension.
For anyone overwhelmed by subscription emails or concerned about data breaches, Paperweight provides a focused, local-first solution worth exploring.
Related Articles
- Building a serverless email inbox with Cloudflare Agentic Inbox — Cloudflare Agentic Inbox uses Durable Objects and Cloudflare Workers to create a serverless, stateful email inbox at the
- HoundDog.ai: deterministic static analysis for privacy-focused dataflow tracking — HoundDog.ai scans large codebases locally to detect sensitive data leaks using deterministic static analysis combined wi
- saasmail: a Cloudflare-native email sending and routing solution for SaaS — saasmail leverages Cloudflare Workers and Email Routing to provide a SaaS-focused email sending and routing solution wit
- pdftochat: a cloud-integrated PDF-to-chat system with hybrid vector search — pdftochat is a TypeScript-based PDF-to-chat app leveraging Chroma Cloud for hybrid vector search and Together.ai for LLM
- Leo Health Core: local-first parsing of massive health data with SAX streaming in Python — Leo Health Core is a zero-dependency Python CLI for parsing large Apple Health XML and Whoop CSV exports into a unified
→ GitHub Repo: wslyvh/paperweight ⭐ 105 · TypeScript