Last updated: December 4, 2024

Privacy Policy

At soon.sh, we take your privacy seriously. This policy explains what information we collect, how we use it, and your rights regarding your data.

Information We Collect

Account Information

When you create an account, we collect your email address and profile information from Google OAuth. This is required to authenticate you and provide access to your dashboard.

Google Cloud Project Data

When you link a Google Cloud project, we store your OAuth client credentials and service account JSON keys. These credentials are encrypted at rest and used solely to enable Gmail monitoring functionality.

Mailbox Monitoring Data

For each monitored mailbox, we store OAuth refresh tokens, Gmail history IDs, and Pub/Sub topic information. We do not store the content of your emails—only metadata about new message events.

Log Data

We collect notification logs including message IDs, label changes, and timestamps. This data helps you track email activity and troubleshoot webhook deliveries.

How We Use Your Information

Service Delivery

We use your credentials to set up Gmail watches, create Pub/Sub subscriptions, and deliver real-time webhook notifications when emails arrive in your monitored mailboxes.

Analytics

We aggregate usage data to provide you with statistics about your mailbox activity, including message volumes and delivery metrics.

Service Improvement

We analyze anonymized usage patterns to improve performance, reliability, and user experience. We never share individual user data for this purpose.

Data Security

Encryption

All sensitive credentials including OAuth tokens and service account keys are encrypted at rest using industry-standard AES-256 encryption.

Transport Security

All data in transit is protected using TLS 1.3. Webhook deliveries and API communications are encrypted end-to-end.

Access Controls

We implement strict access controls and audit logging. Only essential personnel have access to production systems, and all access is logged and monitored.

Third-Party Services

Google Cloud Platform

We use Google Cloud Pub/Sub to receive Gmail notifications. Your service account credentials are used to authenticate with Google APIs on your behalf.

Database Hosting

Your data is stored in PostgreSQL databases hosted on secure, SOC 2 compliant infrastructure.

Data Retention

Account Data

Your account information is retained as long as your account is active. You can request account deletion at any time.

Log Entries

Notification logs are retained for 90 days by default. You can configure shorter retention periods or manually delete logs at any time.

Credentials

OAuth tokens and service account keys are deleted immediately when you unlink a project or delete a mailbox.

Your Rights

Access & Portability

You can export all your data at any time from your dashboard. We support standard data formats for easy portability.

Deletion

You can delete individual mailboxes, projects, or your entire account. Deletion is permanent and includes all associated credentials and logs.

Consent Withdrawal

You can revoke Gmail access at any time by disconnecting your mailbox. This immediately stops all monitoring and deletes associated tokens.

Contact Us

Questions

If you have any questions about this Privacy Policy or our data practices, please contact us at [email protected].

Questions about your data?

We're committed to transparency. Reach out if you have any concerns.

Contact Privacy Team