← Back to UNSUB

PRIVACY POLICY

Last updated: March 1, 2026

UNSUB ("we", "our", "the service") is a product of Tenpound. This policy explains what data we collect, how we use it, and how we protect it. We built UNSUB to be privacy-first — not as a marketing claim, but as a technical constraint.

By using UNSUB, you agree to the practices described here.

Google API Services — Gmail Access

UNSUB uses the Google API Services to access your Gmail account. Our use and transfer of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

What scope we request

We request the https://www.googleapis.com/auth/gmail.metadata scope only. This scope allows read access to email metadata — specifically: sender address, subject line, date, and message IDs. It does not permit access to email body content, attachments, or any other message data.

What we access and why

We read sender addresses and subject lines to identify subscription and promotional senders across your inbox history. This is the only data required to power UNSUB's core functionality. We do not read, store, or process email body content under any circumstances.

What we never access

We do not access or request access to: email body or content, attachments, contacts or address book, sent mail, drafts, calendar, Drive, or any other Google product beyond Gmail metadata.

We do not read, collect, store, or process your email body content — ever. Not during scanning, not during unsubscribing, not at any point in our pipeline. This is a technical constraint, not just a policy.

Limited Use

UNSUB's use of data obtained via Google APIs is limited to providing and improving the UNSUB service as described in this policy. We do not use Google user data to serve advertising. We do not transfer or sell Google user data to third parties. We do not use Google user data for any purpose unrelated to the service the user explicitly requested.

Data We Collect

Account data

When you sign in with Google, we store your name, email address, and Google account ID. This is required to maintain your session and link your inbox data to your account.

Gmail metadata

During a scan, we read sender addresses and subject lines from your Gmail inbox for the purpose of identifying unsubscribe candidates. This data is processed in your session and is not retained beyond what is required to display your scan results.

Unsubscribe actions

We store a record of senders you've unsubscribed from so we can prevent them from appearing in future scans. We do not store the underlying email content.

Usage data

We collect standard server logs (IP address, timestamps, page routes) for security and debugging. This data is retained for a maximum of 30 days.

Data Storage and Security

Your data is stored in a managed relational database with row-level security enforced — each user can only access their own data.

OAuth refresh tokens, which allow UNSUB to scan your inbox on your behalf, are encrypted at rest. Tokens are never logged or exposed in plain text.

All data in transit is protected by TLS. We do not store email body content at any point in the data pipeline.

Third-Party Services

We use the following categories of third-party services to operate UNSUB:

  • Cloud database providerStores your account data, scan results, and unsubscribe history. Data is encrypted at rest and accessible only to your account.
  • Cloud hosting providerServes the application and handles serverless function execution. Standard server logs (IP, timestamps, routes) may be retained for up to 30 days per their policy.
  • Transactional email providerSends summary reports and notifications. Only your email address is shared for the purpose of delivery.
  • Google (OAuth + Gmail API)Authentication and Gmail metadata access. Your Google account data is governed by Google's Privacy Policy in addition to this one.
  • Error monitoring providerCaptures application errors for debugging. Payloads may include metadata about the failed operation but are never permitted to contain email body content.

We do not sell your data to any third party. We do not share your data with advertisers.

Data Retention

We retain your account data and unsubscribe history for as long as your account is active. Gmail metadata used during a scan is not stored beyond the active session. Refresh tokens are retained until you revoke access or delete your account.

Your Rights

You have the right to:

  • Request a copy of the data we hold about you.
  • Request deletion of your account and all associated data.
  • Revoke UNSUB's Gmail access at any time via your Google Account security settings (myaccount.google.com/permissions).
  • Withdraw consent for data processing, which will result in termination of your account.

To exercise any of these rights, email hello@tenpound.xyz. We will respond within 30 days.

Cookies

We use a single session cookie to maintain your authenticated state. We do not use tracking cookies, analytics cookies, or advertising pixels.

Age Restriction

UNSUB is not intended for users under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us at hello@tenpound.xyz and we will delete the account.

Changes to This Policy

We may update this policy as the service evolves. Material changes will be communicated via email to registered users. The "last updated" date at the top of this page will reflect any changes.

Contact

Questions about this policy: hello@tenpound.xyz

Terms of Service

tenpound.xyz