SpamBlasterSpamBlaster

Privacy Policy

Last updated: June 26, 2026

Spam Blaster is published by Wilburn Pacific Company. This policy covers two separate things: the Spam Blaster app that runs on your computer, and this website (spamblaster.org). They are different, and they handle data differently, so we describe each on its own below.

The Spam Blaster app

Spam Blaster is local-first. It filters your mail on your own machine. The following are properties of the software itself, verified in how it is built:

  • Local-first. Everything runs on your computer. The background service listens only on 127.0.0.1 (loopback). It is not reachable from the web.
  • Encrypted at rest. Your rules and the block events live in an encrypted local database. The key is held in your operating system keychain, never on disk.
  • Credentials stay in the OS keychain.Mailbox sign-in tokens and the dashboard's API token live only in the OS keychain (Windows Credential Manager or macOS Keychain), never in plaintext on disk.
  • Minimal data. Block logs record only the sender name, the sender address domain, and the matched rule pattern. They never store message subjects or bodies.
  • No product telemetry. No analytics, no tracking, no usage pings. Nothing about your mail leaves your machine.

What leaves your machine

The app connects out only for these, all of which you control:

  • Connections to your mail provider(s) and their sign-in (OAuth).
  • The current version of Spam Blaster, only when you trigger a check for updates. If an automatic update check is ever offered, it is optional and sends only a version string, never your mail or any telemetry.
  • spamblaster.org links, only if you choose to open them.

This website

This website is a normal website, separate from the local-first app. It is where you read about Spam Blaster, download it, and contact us. It uses the following:

  • Anonymous analytics. We use privacy-friendly, aggregate analytics (Vercel Analytics and Speed Insights) to understand how the site is used and to keep it fast. This is anonymous and not tied to an identified person. We do not sell it.
  • Accounts (optional). You can use Spam Blaster without an account. If you choose to create one, our authentication provider, Clerk, processes your email address and sign-in details on our behalf so we can sign you in.
  • The contact form. When you contact us, we collect the name, email, and message you submit so we can reply. We use it to respond to you. We do not sell it or use it for unrelated marketing.
  • Error monitoring. We may use error monitoring (Sentry) to detect and diagnose problems on the site.
  • Cookies. The site uses only the cookies needed for the features above (for example, keeping you signed in). There are no third-party advertising or cross-site tracking cookies.

What we do not do

  • We do not sell your personal information.
  • The Spam Blaster app does not phone home about your mail. There is no product telemetry.
  • We do not track you across other websites.

Your choices

You can run the Spam Blaster app without creating a website account. Your rules and block data stay on your machine and are yours. If you created an account, you can ask us to delete it.

Changes

If this policy changes, we will post the updated version here and revise the date above.

Contact

Questions about privacy? Contact us.