Privacy Policy

Last updated: February 18, 2026

1. Who We Are

SpamBear is operated by Bear & Eddy LLC. SpamBear is an email unsubscribe tool that helps you clean up your inbox by connecting to your Gmail account.

2. Local-First Architecture

SpamBear is built local-first. Your email data (sender information, decisions, and preferences) is stored in your browser's IndexedDB using Dexie.js. This data never leaves your device unless you explicitly enable optional cloud sync features.

3. What We Access

When you connect your Gmail account, SpamBear accesses:

• Email metadata — sender addresses, subject lines, and dates to identify subscription emails
• Email headers — List-Unsubscribe headers to facilitate one-click unsubscription

We do not read, store, or transmit the body content of your emails.

4. Google OAuth & API Usage

SpamBear uses Google OAuth 2.0 for authentication. Your access token is stored locally in your browser and is used solely to communicate with the Gmail API on your behalf. We do not store your Google credentials on any server.

5. Optional Cloud Features (Pro)

If you subscribe to SpamBear Pro, certain data may be synced to our cloud infrastructure (powered by Supabase) to enable cross-device access. This is entirely opt-in.

6. Payments

Payment processing is handled by Stripe. We do not store your credit card details. See Stripe's Privacy Policy for details.

7. Analytics

We collect basic, anonymized usage analytics to improve SpamBear. No personally identifiable email content is included in analytics data.

8. Data Deletion

Since your data is stored locally, you can delete it at any time by clearing your browser data or using the “Delete All Data” option in SpamBear settings. If you use Pro features, you can request full cloud data deletion by contacting us.

9. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated through the app.