OpenMessage
Download
Privacy policy

Everything important stays on your machine.

OpenMessage is built as a local-first messaging client. It does not require an OpenMessage account and does not route your message store through OpenMessage-operated servers. The marketing site may collect basic website analytics if enabled, but that is separate from the product and never includes message content.

Last updated: April 11, 2026

Summary

OpenMessage does not collect, transmit, or retain your message data on our infrastructure. Message history, contacts, local search indexes, and transport sessions stay on your device unless you explicitly forward content elsewhere.

What data OpenMessage accesses

  • Your message history, conversations, media, and metadata for connected transports such as Google Messages, WhatsApp, and Signal.
  • Contact names, numbers, and optional local contact photos if you grant macOS Contacts access.
  • Local session credentials needed to keep Google Messages, WhatsApp, and Signal paired.
  • Public URL metadata when link previews are enabled and a conversation contains a public link.

Where data is stored

  • Messages and contacts: local SQLite databases in the app's Application Support directory.
  • Transport sessions: local session files and local bridge stores used for reconnecting paired services.
  • Media and previews: cached locally when downloaded or derived on your machine.

What data is transmitted

  • To messaging providers: the minimum traffic required to send, receive, and pair with the connected services, using the same network surfaces those services already expose.
  • To OpenMessage: nothing for message sync. We do not operate an OpenMessage cloud backend for your message history, contacts, or transport sessions.
  • To AI tools: only when you choose to connect a local MCP client or send content to an external model provider from your own machine.
  • For link previews: preview metadata is fetched directly from your device to the public URL. Private and localhost-style addresses are intentionally refused.
  • For product updates: if you submit your email through the website's updates form, that address and your optional interest are stored as encrypted signup records in the site's Vercel project so OpenMessage can send product updates or tester invites.
  • For website analytics: if Google Analytics is enabled on openmessage.ai, the marketing site may send pageview, referral, browser/device, and download-redirect events to Google. This applies to the website only, not the local messaging runtime.

Third-party services

OpenMessage talks to the messaging networks you choose to connect, such as Google Messages, WhatsApp, and Signal. Their privacy policies still govern the underlying messaging services themselves. OpenMessage does not add a separate OpenMessage-hosted data layer on top.

Notifications and diagnostics

Native notifications are generated locally on your device. Diagnostics and issue-report exports are generated locally too; you decide whether to copy or share them.

Data deletion

Removing OpenMessage removes the app. To delete locally stored data, remove the app's Application Support directory and any local bridge session stores. Your messages remain with the underlying messaging services regardless of OpenMessage.

Changes to this policy

If this policy changes, the updated version will be posted here with a new date. OpenMessage is open source, so the codebase remains the best canonical reference for what the app actually does.

Contact

Questions about privacy or data handling can go to max@maxghenis.com or the GitHub issue tracker.