Privacy Policy
Last updated: May 2026
The short version
Unlisted helps you unsubscribe from emails. To do that, we read the headers of your emails — things like who sent it and whether it has an unsubscribe link. We never read, store, or process the content of your emails. Your data is yours, and we will never sell it.
Who we are
Unlisted is operated by Untamed Muse Ltd. If you have any questions about this policy, contact us at support@get-unlisted.com.
What we collect and why
Account information
When you sign in with Google or Microsoft, we receive your name and email address. We use this to identify your account. We do not receive your password.
Email headers only — never content
When you connect your mailbox, we scan email headers to find subscription emails. Headers include things like the sender address, the List-Unsubscribe field, and the List-Id — the same information your email app shows in the "From" line. We never read, store, or process the body content of your emails.
As a fallback, if no unsubscribe link is found in the headers, we may briefly read the footer of an email to look for an unsubscribe link. Only the URL we find is saved — the email content is discarded immediately and never stored.
Subject lines
Subject lines are stored only as an irreversible hash (a fingerprint) for deduplication. We also store a truncated, masked version for display purposes. The full subject line is never stored.
OAuth tokens
To access your mailbox, Google and Microsoft issue us access tokens. These are encrypted before being stored in our database. They are used only to scan your mailbox and execute unsubscribe actions on your behalf.
Billing information
If you upgrade to Pro, payments are processed by Stripe. We never see or store your card details — Stripe handles all payment data directly. We only store a record of your access grant (plan type and expiry date).
Usage logs
We keep a log of unsubscribe actions you take (which sender, when, and whether it succeeded). This is your activity history, visible to you in the app, and is deleted when you delete your account.
What we never do
- We never read or store the content of your emails
- We never sell your data to third parties
- We never use your data for advertising
- We never share your email address with marketers
- We never store full subject lines
Who we share data with
We use a small number of trusted services to operate Unlisted:
- Supabase — database hosting (EU region)
- Render — backend server hosting
- Vercel — frontend hosting
- Stripe — payment processing
- Postmark — transactional email (e.g. account notifications)
- Sentry — error monitoring (no email content is ever included in error reports)
- Google / Microsoft — OAuth providers for mailbox access
We do not sell data to or share data with any other third parties.
Data retention
We keep your data for as long as you have an account. When you delete your account, all of your data is permanently deleted — including your mailbox connections, scanned email records, unsubscribe history, and OAuth tokens. Your OAuth permissions with Google and Microsoft are also revoked at that point.
Your rights
You have the right to:
- Access your data — everything we hold is visible in the app
- Delete your account and all associated data — go to Settings → Delete account
- Disconnect your mailbox at any time — this revokes our access to your email
- Contact us with any privacy concerns at support@get-unlisted.com
If you are based in the UK or EU, you also have rights under UK GDPR and the Data Protection Act 2018, including the right to lodge a complaint with the ICO (ico.org.uk).
Cookies
We use a small number of cookies strictly necessary for the app to function — specifically, session cookies that keep you signed in. We do not use advertising cookies or tracking cookies.
Changes to this policy
If we make meaningful changes to this policy, we will update the date at the top and notify you by email if the changes affect how we use your data.
Contact
Questions about privacy? support@get-unlisted.com