Privacy Policy
How we collect, use, and protect your information.
Unsendable Last updated: April 15, 2026
1. Introduction
Welcome to Unsendable ("we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our web application and related services (collectively, the "Service").
By creating an account or using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.
Note: This document uses "[COMPANY NAME]" and "[JURISDICTION]" as placeholders. Replace these with your registered business name and governing jurisdiction before publishing.
2. Who We Are
Unsendable is operated by [COMPANY NAME], a company registered in [JURISDICTION]. You can contact us at:
- Email: [CONTACT EMAIL]
- Mailing address: [MAILING ADDRESS]
3. Information We Collect
3.1 Information You Provide Directly
- Account information: Name, email address, and password (managed via Clerk, our authentication provider).
- Avatar content: Names, descriptions, personality traits, background information, and writing samples you enter when creating AI persona avatars.
- Conversation content: Messages and scenarios you type during practice sessions, if you choose to save them.
- Billing information: Payment details submitted through Stripe (our payment processor). We do not store your full card number or bank details on our servers.
- Communications: Any messages you send to our support team.
3.2 Information Collected Automatically
- Usage data: Pages visited, features used, session duration, button clicks, and similar interaction data.
- Log data: IP address, browser type and version, operating system, referring URLs, and error logs.
- Device data: Device type, screen resolution, and language settings.
- Cookies and similar technologies: See Section 8 below.
3.3 Information from Third Parties
- Authentication provider (Clerk): We receive account identifiers and email address when you sign in.
- Payment processor (Stripe): We receive transaction confirmations, subscription status, and anonymized billing data. Stripe's own privacy policy governs how they handle your payment information.
4. How We Use Your Information
We use the information we collect to:
- Provide the Service: Create and manage your account, process payments, generate AI personas, run conversation sessions, and deliver all core features.
- Generate AI content: Your avatar descriptions and conversation messages are sent to Anthropic (Claude) and OpenAI (DALL-E 3) to generate persona text and avatar images. See Section 6 for details.
- Moderate content: Analyze inputs and outputs to enforce our content policy and protect users and third parties from harmful content.
- Enforce our Terms: Detect, investigate, and act on policy violations, including maintaining moderation records indefinitely for multi-strike enforcement.
- Process billing: Manage subscriptions, credit balances, and refunds through Stripe.
- Improve the Service: Analyze usage patterns, diagnose bugs, and develop new features.
- Communicate with you: Send transactional emails (account confirmations, billing receipts, suspension notices) and, where you have opted in, product updates.
- Comply with legal obligations: Respond to lawful requests from courts or government authorities.
5. Ephemeral vs. Saved Data
Unsendable distinguishes between ephemeral sessions and saved sessions:
- Ephemeral sessions: Conversation content that you do not explicitly save is treated as transient. We do not retain the message content of unsaved sessions after the session ends.
- Saved sessions: Conversations you choose to save are stored in our database and subject to this Privacy Policy in full, including your right to delete them.
This distinction is a core privacy feature of the Service. However, input and output moderation checks are applied to all sessions regardless of save status, and moderation event logs may be retained as described in Section 9.
6. AI Subprocessors
The Service relies on third-party AI providers to function. When you use the Service, relevant content is transmitted to:
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Anthropic, PBC | Persona generation, conversation AI, content moderation | https://www.anthropic.com/privacy |
| OpenAI, LLC | Avatar image generation (DALL-E 3) | https://openai.com/policies/privacy-policy |
These providers process your content under their own terms. We do not sell or license your content to these providers for their own model training purposes beyond what their standard terms permit. We recommend reviewing their privacy policies if you have concerns about how they handle submitted data.
7. How We Share Your Information
We do not sell your personal information. We may share your information only in the following circumstances:
- Service providers: Third-party vendors who help us operate the Service (e.g., Clerk for authentication, Stripe for payments, Railway for hosting infrastructure). These parties are contractually bound to protect your data and use it only to provide services to us.
- Legal requirements: If required by law, subpoena, court order, or to protect the rights, property, or safety of Unsendable, our users, or the public.
- Business transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your personal data is transferred and becomes subject to a different privacy policy.
- With your consent: For any other purpose with your explicit prior consent.
8. Cookies and Tracking
We use cookies and similar technologies to:
- Maintain your login session.
- Remember your preferences.
- Analyze usage through aggregated analytics.
You can control cookies through your browser settings. Disabling cookies may impair certain features of the Service, including your ability to stay logged in.
We do not use cookies for cross-site advertising or sell browsing data to advertisers.
9. Data Retention
| Category | Retention Period |
|---|---|
| Account data | Until account deletion |
| Saved conversations, avatars, messages | Until deleted by you or by account deletion |
| Unsaved (ephemeral) conversation content | Deleted at session end |
| Moderation event records | Indefinitely (required for abuse enforcement) |
| Billing and transaction records | As required by applicable law (typically 7 years) |
| Fraud prevention records | As required by applicable law |
When you delete your account, we permanently delete all associated personal data, including avatars, saved conversations, messages, images, credit records, and strategy notes. Only billing records and fraud prevention records required by law are retained.
10. Your Rights
Depending on where you are located, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data (subject to legal retention obligations).
- Portability: Request your data in a machine-readable format.
- Objection / Restriction: Object to or request restriction of certain processing activities.
- Withdraw consent: Where processing is based on consent, withdraw it at any time.
For EEA, UK, and Swiss users (GDPR / UK GDPR): You have the rights listed above under applicable data protection law. Our lawful bases for processing are: performance of a contract (providing the Service), legitimate interests (security, fraud prevention, abuse enforcement), legal obligation (billing record retention), and consent (where applicable).
For California residents (CCPA/CPRA): You have the right to know what personal information we collect, to delete it, to opt out of its sale (we do not sell personal information), and to non-discrimination for exercising these rights.
To exercise any of these rights, contact us at [CONTACT EMAIL]. We will respond within 30 days (or within the timeframe required by applicable law).
11. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us and we will promptly delete it.
12. Data Security
We implement reasonable technical and organizational measures to protect your personal information, including:
- HTTPS encryption for all data in transit.
- Encryption at rest for database storage (managed by our hosting provider, Railway).
- API keys and credentials stored as environment variables, never committed to source code.
- Content moderation to prevent harmful inputs and outputs.
No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we take reasonable precautions and notify affected users of any breach as required by applicable law.
13. International Data Transfers
We are based in [JURISDICTION] and your information may be processed in countries other than your own, including the United States, where our service providers operate. Where required, we rely on appropriate transfer mechanisms (such as Standard Contractual Clauses for EEA data) to ensure adequate protection.
14. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by a prominent notice within the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:
[COMPANY NAME] [MAILING ADDRESS] [CONTACT EMAIL]
For EEA/UK users: If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.