Privacy Policy

this policy explains what data yoink (“yoink”, “we”, “us”) accesses, how we use it, how long we keep it, and who we share it with. we’ve tried to write it in plain english. if anything’s unclear, email privacy@yoinkai.app.

yoink is a mobile application that helps you find recurring subscriptions and refundable purchases in your email, cancel the ones you no longer want, and request refunds you’re owed — by drafting and sending emails on your behalf.

1. what we access

when you connect your Google account, you grant yoink permission to:

read your Gmail messages (gmail.readonly) — so we can identify billing-related emails such as receipts, order confirmations, renewal notices, and subscription charges, and extract the merchant, amount, date, and order reference.
send email on your behalf (gmail.send) — so we can send cancellation requests and refund claims from your address, and follow up on them.
your basic profile (openid, email, profile) — your email address and name, to create and secure your yoink account.

we request the minimum scopes required to provide the service. you authenticate directly with Google through its official, encrypted OAuth flow — we never see or store your Google password.

what we do not access

yoink targets messages that look like billing or order communications. we do not seek out, read, mine, or store your personal conversations. we do not access Google Drive, Calendar, Contacts, or any other Google service.

2. how we use your data

to detect active subscriptions and refundable orders and present them to you in the app;
to draft, send, and track cancellation and refund emails that you initiate or authorise;
to follow up on those threads automatically until they reach an outcome, within the limits you set;
to operate, secure, troubleshoot, and improve the app’s core functionality.

we do not use your data for advertising, we do not sell it, and we do not use it to train generalised artificial-intelligence or machine-learning models.

Limited Use commitment. yoink’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

3. AI processing

to understand receipts and to draft cancellation, follow-up, and refund-chase emails in the tone you choose, the relevant text from a message is sent to our AI/LLM provider (named in our sub-processor list) from our backend servers over TLS. content sent for processing is not used to train AI models and is not retained by the provider beyond what is needed to return a result. we send the specific content required for the task — never your whole mailbox.

4. where your data is stored and how the agent acts on your behalf

once you connect Gmail, the following are stored in our backend, run by our cloud database & hosting provider (named in our sub-processor list), so the app works across your devices and so the agent can act for you while the app is closed:

your Gmail refresh token — encrypted at rest with AES-256-GCM; the encryption key lives in our hosting provider’s secret store and never touches the database. The token never appears in logs, responses, or any client.
the structured results of scans — merchant name, amount, dates, frequency, and the text of receipts we’ve classified.
the status of cancellations and refund requests, the emails we’ve sent on your behalf, the replies from merchants, and our AI classifications of those replies.

Scheduled polling. Approximately every 10 minutes, our backend uses your refresh token to check Gmail for replies on threads you’ve started. New replies are classified (confirmed, refused, asked for info, or unrelated), and within the limits you set (Settings → max retries, chase refunds), the agent may automatically send a follow-up or a refund-chase email. This is what powers the “yoink works while you sleep” behaviour. You can disable retries (max retries = 1) or disable refund chases entirely in Settings, and you can revoke all of this at any time using delete my data & disconnect (see §6).

Data is encrypted in transit (TLS) and at rest, and protected by per-user database access controls (Postgres Row-Level Security) so only you can access your records.

5. who we share it with (sub-processors)

we share data only with service providers that help us run yoink, under contract and only as needed. they fall into these categories:

identity & email provider — the source of your email data and the service you authenticate with.
cloud database & hosting — stores your scan results and account data so the app works across devices.
AI/LLM processing — classifies receipts and drafts your cancellation/refund emails (no model training).
push notifications — delivers notifications to your device (no email content is included).

the specific companies in each category are named, and kept current, in our sub-processor list. we may update our sub-processors as the service evolves; material changes are reflected there. we do not sell your personal information to anyone, and we disclose information only if required by law or to protect against fraud, abuse, or security threats.

6. data retention & deletion

we keep your data only while your account is active and you have Gmail connected. you are in control:

delete my data & disconnect (in-app) — in Settings → danger zone, tapping “delete my data & disconnect” revokes yoink’s Gmail access at Google, deletes your yoink account, and removes every Gmail-connection, subscription, cancellation request, device token, and settings record we hold for you. The action cascades atomically and is permanent.
sign out (in-app) — a separate “sign out” button performs a local-only sign-out on the device. It does not revoke Gmail access or delete server records — use “delete my data & disconnect” for that.
revoke at Google — you can remove yoink’s access at any time from your Google account permissions.
request deletion — email privacy@yoinkai.app and we will delete your data.

on “delete my data & disconnect” or a deletion request, your stored email-derived data and tokens are removed from our systems promptly.

7. security

encryption in transit — every connection between the app, our backend, Google, and our AI/LLM provider uses TLS 1.2+.
encryption at rest — Postgres-level disk encryption for all stored data; on top of that, your Gmail refresh token is column-encrypted with AES-256-GCM (see §4).
per-user access controls — every table is gated by Postgres Row-Level Security policies tied to your authenticated user id; nobody else’s session can read your rows.
OAuth via Google’s official flow — yoink never sees your Google password and never asks for it.

no system is perfectly secure, but we work to protect your data and limit what we collect in the first place.

8. your rights

depending on where you live (for example under UK GDPR, EU GDPR, or the CCPA), you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. to exercise any of these, email privacy@yoinkai.app.

9. children

yoink is not directed to anyone under 16, and we do not knowingly collect data from children.

10. changes to this policy

if we make material changes, we’ll update the date above and, where appropriate, notify you in the app. continued use after a change means you accept the updated policy.

11. contact

questions, requests, or concerns: privacy@yoinkai.app.