Paperweight

Product Introduction

1. Definition: Paperweight is a cross-platform, local-first digital footprint management application and email auditing tool. It functions as a privacy-centric desktop client that interfaces with email providers via the IMAP protocol to scan headers and message content for the purpose of identifying third-party service associations, mailing list subscriptions, and potential security vulnerabilities.

2. Core Value Proposition: Paperweight exists to solve the "zombie account" problem, where users accumulate hundreds of forgotten online accounts that act as passive security risks and privacy leaks. By providing a comprehensive account inventory and automated data deletion tools, Paperweight enables users to reduce their attack surface and exercise their "right to be forgotten" under regulations like GDPR and CCPA. Its primary value lies in its local-first architecture, ensuring that sensitive email data never leaves the user's local machine, distinguishing it from cloud-based competitors that often monetize user data.

Main Features

1. Local Account Inventory & Mapping: Paperweight utilizes a sophisticated scanning engine that parses your email history locally to identify every service, platform, and e-commerce site connected to your address. It maps your digital footprint by analyzing transactional emails, welcome messages, and authentication logs. This process creates a searchable database of your online presence without uploading any information to a central server.

2. Bulk Unsubscribe Engine: This feature identifies active mailing list subscriptions by parsing "List-Unsubscribe" headers and common marketing patterns. It allows users to execute bulk unsubscribe actions, effectively decluttering inboxes in minutes. Unlike traditional tools, it processes these requests directly from the user's IP, maintaining a high success rate with mail transfer agents (MTAs).

3. Integrated Breach Alerts: Powered by the "Have I Been Pwned" API, Paperweight cross-references your identified account inventory against known historical data breaches. It provides granular visibility into which specific services have leaked your credentials, allowing for prioritized password rotations and account closures based on risk severity.

4. GDPR/CCPA Deletion Request Generator: Paperweight includes a built-in legal template engine that generates professional data erasure requests. It automatically identifies the relevant Data Protection Officer (DPO) contact information for recognized organizations and pre-fills the necessary identification details to streamline the process of permanent data removal.

5. Local-First Open Source Architecture: The application is built on an open-source codebase (v0.2.2), allowing for public auditing of its security protocols. It operates entirely on the user's hardware (macOS, Windows, or Linux), utilizing local storage for synced messages and metadata, which ensures zero-knowledge privacy from the software vendor.

Problems Solved

1. Pain Point: Excessive Attack Surface and Data Privacy Exposure: Most internet users have over 100 forgotten accounts. Each forgotten account is a potential entry point for hackers or a source for data brokers. Paperweight addresses this by surfacing "shadow" accounts and providing the tools to terminate them.

2. Target Audience:

• Privacy Advocates: Individuals seeking to minimize their online visibility and prevent data profiling.
• Security Professionals: Users who understand the risks of credential stuffing and want to audit their personal or professional digital exposure.
• Digital Minimalists: People looking to declutter their digital lives and reduce "inbox noise" from marketing spam.
• Compliance Officers and Legal Professionals: Users who need to efficiently manage Subject Access Requests (SARs) or data deletion rights.

3. Use Cases:

• Post-Breach Remediation: Quickly identifying all accounts sharing a compromised password and closing unnecessary ones.
• Inbox Zero Migration: Clearing years of subscription clutter when moving to a new email workflow or provider.
• Identity Theft Prevention: Systematically reducing the amount of PII (Personally Identifiable Information) held by obscure third-party companies.

Unique Advantages

1. Differentiation: Traditional "inbox cleaner" apps often require full OAuth access to your inbox and store your data on their own servers, effectively becoming another privacy risk. Paperweight reverses this model by being a local utility; it is a tool you own rather than a service you are a product of. It supports any IMAP provider, including Gmail, Outlook, and iCloud, without vendor lock-in.

2. Key Innovation: The integration of a local IMAP scanner with a GDPR request workflow is a specific innovation in the "Privacy-as-a-Software" space. By combining account discovery (the "what") with legal remediation (the "how"), Paperweight provides a full-cycle solution for digital footprint reduction that was previously only available through manual effort or expensive enterprise tools.

Frequently Asked Questions (FAQ)

1. Is Paperweight safe to use with my primary email account? Yes. Paperweight is designed with a privacy-first philosophy. Because it is an open-source, local-first application, your email credentials and message content stay on your computer. It uses standard IMAP protocols to communicate with your provider and does not transmit your personal data to its own servers.

2. How does Paperweight find accounts I've forgotten about? The software scans your historical emails for patterns associated with account creation, such as "Welcome," "Verify your email," and "Confirm your subscription." By indexing these messages locally, it builds a comprehensive list of every service that has ever sent a transactional email to your address, even if you haven't logged into that service in years.

3. Can Paperweight automatically delete my accounts for me? While no software can automatically log into a third-party website and click "delete" due to security barriers (like 2FA and CAPTCHA), Paperweight automates the legal side of the process. It generates pre-filled GDPR or CCPA deletion requests and provides the direct contact information for the company's privacy department, which is often more effective than searching for a hidden "delete" button on a website.

4. Which email providers does Paperweight support? Paperweight supports any email provider that allows IMAP access. This includes major services like Gmail, Outlook, and Yahoo, as well as private servers and niche providers. Support for iCloud is currently in development and expected in upcoming releases.