Privacy Policy for CopyPasta

Effective Date: September 11, 2025
Last Updated: September 11, 2025

Overview

CopyPasta is a macOS desktop application that automatically detects and extracts two-factor authentication (2FA) verification codes from your Gmail inbox, copying them directly to your clipboard for convenience and security.

Information We Access

Gmail Data Access

What we access: CopyPasta accesses your Gmail messages via IMAP connection using OAuth2 authentication
Scope of access: We use the Gmail API scope (https://mail.google.com/) to read and modify emails
Email processing: We scan recent unread emails to identify 2FA verification codes (typically 4-8 digit numeric or alphanumeric codes)
Email modification: We mark emails containing processed 2FA codes as "read" to prevent duplicate processing
Time frame: We only process emails from the last 10 minutes to avoid processing old codes

License and Hardware Information

License validation: We collect and validate your CopyPasta license key through LemonSqueezy API
Hardware identification: We generate a unique hardware identifier from your Mac's system serial number for license binding
Instance tracking: We create a unique instance ID for license management

What We Do NOT Access

We do not access Gmail contacts, drafts, or sent items
We do not read email content beyond identifying verification codes
We do not access emails unrelated to 2FA authentication
We do not collect personal information beyond license validation

How We Use Your Data

Primary Application Functions

Email scanning: Automatically scan recent Gmail messages for 2FA verification codes via IMAP
Code extraction: Identify and extract numeric and alphanumeric verification codes using pattern matching
Clipboard management: Place the verification code in your system clipboard
Email status management: Mark processed emails as "read" to avoid duplicate processing
License enforcement: Validate your license daily with 7-day offline grace period

Local Processing

All email processing and code extraction happens entirely on your local Mac. No email content is transmitted to external servers except for Gmail API authentication and license validation.

Data Storage and Retention

Local File Storage

OAuth tokens: Stored in ~/Library/Application Support/CopyPasta/token.json
License data: Stored in ~/Library/Application Support/CopyPasta/license.json
Hardware ID: Generated locally and stored with license information
No email storage: We do not store any email content or verification codes

Data Retention

Verification codes are temporarily placed in your clipboard only
No logs or records of processed emails are maintained
OAuth tokens persist until you revoke Gmail access
License data persists for license validation

Data Sharing and Third Parties

No Data Sharing

We do not share, sell, rent, or disclose any personal data with third parties because:

Email processing occurs entirely on your device
We don't collect or store email content to share
No external servers are involved in core 2FA extraction functionality

Third-Party Services

Google Gmail API: Used for secure OAuth2 authentication and IMAP email access
LemonSqueezy: Used for license key validation and payment processing

Security Measures

Gmail API Security

OAuth 2.0 authentication with Google's official Gmail API
IMAP connection using OAuth2 bearer tokens (no password storage)
You can revoke CopyPasta's access anytime through your Google Account settings

License Security

Hardware-bound license validation prevents unauthorized transfers
Secure API communication with LemonSqueezy for license verification
Local license data encryption and validation

Local Security

No data transmission of email content means no risk of email interception
Processing occurs within macOS secure application context
Minimal persistent storage of sensitive information

Your Rights and Controls

Access Control

You control when CopyPasta accesses Gmail through application launch/quit
You can disable or uninstall CopyPasta at any time
You can revoke Gmail access permissions through your Google Account settings
You can monitor all Gmail API access through your Google Account activity

Data Deletion

Delete ~/Library/Application Support/CopyPasta/ folder to remove all local data
Revoke Gmail access in your Google Account to invalidate OAuth tokens
Uninstall CopyPasta.app to completely remove the application

Platform and System Requirements

CopyPasta is designed exclusively for macOS
Requires macOS notification permissions for 2FA code alerts
Requires network access for Gmail API and license validation
Uses macOS system keychain and application support directories

Children's Privacy

CopyPasta is not intended for use by children under 13. We do not knowingly collect or process data from children under 13.

Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated "Last Updated" date. Material changes will be communicated via the application or our website.

Compliance

This privacy policy is designed to comply with:

Google's OAuth API verification requirements and Gmail API Terms
General Data Protection Regulation (GDPR) principles
California Consumer Privacy Act (CCPA) principles
Apple's macOS application guidelines
Other applicable privacy laws and regulations

Contact Information

If you have questions about this privacy policy or CopyPasta's data practices, contact us at:

Email: copypasta@ohrob.in
Website: ohrob.in/copypasta

This policy applies specifically to CopyPasta's Gmail integration, 2FA code extraction, and license management functionality.