this policy explains what data yoink ("yoink", "we", "us") accesses, how we use it, how long we keep it, and who we share it with. we've tried to write it in plain english. if anything's unclear, email privacy@yoink.app.
yoink is a mobile application that helps you find recurring subscriptions and refundable purchases in your email, cancel the ones you no longer want, and request refunds you're owed — by drafting and sending emails on your behalf.
1. what we access
when you connect your Google account, you grant yoink permission to:
- read your Gmail messages (
gmail.readonly) — so we can identify billing-related emails such as receipts, order confirmations, renewal notices, and subscription charges, and extract the merchant, amount, date, and order reference. - send email on your behalf (
gmail.send) — so we can send cancellation requests and refund claims from your address, and follow up on them. - your basic profile (
openid,email,profile) — your email address and name, to create and secure your yoink account.
we request the minimum scopes required to provide the service. you authenticate directly with Google through its official, encrypted OAuth flow — we never see or store your Google password.
what we do not access
yoink targets messages that look like billing or order communications. we do not seek out, read, mine, or store your personal conversations. we do not access Google Drive, Calendar, Contacts, or any other Google service.
2. how we use your data
- to detect active subscriptions and refundable orders and present them to you in the app;
- to draft, send, and track cancellation and refund emails that you initiate or authorise;
- to follow up on those threads automatically until they reach an outcome, within the limits you set;
- to operate, secure, troubleshoot, and improve the app's core functionality.
we do not use your data for advertising, we do not sell it, and we do not use it to train generalised artificial-intelligence or machine-learning models.
Limited Use commitment. yoink's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
3. AI processing
to understand receipts and to draft cancellation and refund emails in the tone you choose, the relevant text from a message is sent to our AI provider, Anthropic (the Claude API), strictly to perform that task for you. content sent to the Claude API through our account is not used to train Anthropic's models and is not retained beyond what is needed to return a result. we only send the specific content required for the task — not your whole mailbox.
4. where your data is stored
the structured results of a scan (for example: merchant name, amount, dates, the status of a cancellation or refund, and the messages in a thread you've started) are stored in our backend, hosted on Supabase, so the app works across your devices and can track outcomes over time. data is encrypted in transit (TLS) and at rest, and protected by per-user access controls so that only you can access your records.
5. who we share it with (sub-processors)
we share data only with service providers that help us run yoink, under contract and only as needed:
- Google — the source of email data and the authentication provider.
- Supabase — database, authentication, and backend hosting.
- Anthropic — AI processing to classify receipts and draft emails (no model training).
- Apple Push Notification service — to deliver notifications to your device (no email content is included in notifications).
we do not sell your personal information to anyone. we may disclose information if required by law or to protect against fraud, abuse, or security threats.
6. data retention & deletion
we keep your data only while your account is active and you have Gmail connected. you are in control:
- disconnect / delete in-app — using "delete my data" or "sign out & disconnect" in Settings revokes our access and deletes your stored records.
- revoke at Google — you can remove yoink's access at any time from your Google account permissions.
- request deletion — email privacy@yoink.app and we will delete your data.
on disconnection or deletion, your stored email-derived data and tokens are removed from our systems promptly.
7. security
we use encryption in transit and at rest, scoped per-user database access, and secure storage of authentication tokens. no system is perfectly secure, but we work to protect your data and limit what we collect in the first place.
8. your rights
depending on where you live (for example under UK GDPR, EU GDPR, or the CCPA), you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. to exercise any of these, email privacy@yoink.app.
9. children
yoink is not directed to anyone under 16, and we do not knowingly collect data from children.
10. changes to this policy
if we make material changes, we'll update the date above and, where appropriate, notify you in the app. continued use after a change means you accept the updated policy.
11. contact
questions, requests, or concerns: privacy@yoink.app.