Scrappy Kin Privacy Policy
Effective date: March 16, 2026
Applies to: Scrappy Kin mobile app, connected Gmail sending flows, and related support touchpoints.
This policy explains how Scrappy Kin handles personal data and Google user data for the current Gmail permission flow. It reflects Scrappy Kin's zero-trust design, Google's gmail.send permission (send email only), and Google API Services User Data Policy commitments.
On this page
1. Who we are
Scrappy Kin Inc. ("Scrappy Kin", "we", "us") is a Canadian company that builds tools letting people trigger verified opt-out requests without handing over inbox access.
2. What this policy covers
- The Scrappy Kin consumer app and related reviewer materials
- Our use of the Gmail API sensitive scope
gmail.send - Any user-initiated support conversations tied to those flows
It does not cover future Gmail scopes, enterprise deployments, or non-Google integrations.
3. Data we access
| Data category | Source | Purpose | Storage / retention |
|---|---|---|---|
| Contact details you choose to provide (e.g., when you email support) | Collected directly from you | Support and privacy/compliance communication | Used only to respond to you, maintain support records, and meet legal obligations; never used for ads |
| Gmail OAuth token | Granted by you through Google's consent screen | Allows Scrappy Kin to send opt-out emails that you initiate | Stored only on your device inside the operating system's secure storage; encrypted at rest; cleared automatically if you disconnect in-app or via Google Security settings |
| Message drafts and recipients you type in Scrappy Kin | Entered by you when you build and review a batch | Used to create and send the batch of emails you review and approve | Persisted on your device only, not uploaded to Scrappy Kin servers; cleared after the batch is sent |
| Broker-response evidence you choose to attach | Optional upload from you | Lets you track outcomes and document broker behavior | Stored locally on your device; if you email us for help we only receive what you send |
| Support correspondence | Emails between you and Scrappy Kin | Troubleshooting and compliance follow-up | Stored in our support systems as reasonably needed to respond, comply with law, and protect the service |
4. Data we do not access
- We do not read, index, or store your Gmail inbox, labels, or metadata.
- We do not request or store broader Gmail scopes such as
gmail.readonly,gmail.modify,gmail.metadata, orgmail.labels. In plain English, those are the kinds of permissions that would let an app read your email, inspect message metadata, or change mailbox state instead of just sending the email you approve. - We do not sell personal data or use Google data for advertising.
- We do not run background services that send email without you typing and confirming the request.
5. How Gmail data flows
- You tap Connect Gmail and Google shows the OAuth consent screen.
- We request only
gmail.sendso Scrappy Kin can deliver the batch of opt-out emails you have reviewed and chosen to send. - After you approve the scope, Scrappy Kin stores the token locally on your device and uses it only when you approve and dispatch a batch.
- No Gmail content is copied to Scrappy Kin servers. The message goes directly from your device to Google via the Gmail API.
- When you revoke access in Scrappy Kin or at https://myaccount.google.com/permissions, we delete the local token and cannot send on your behalf until you reconnect.
6. Token, cache, and log handling
- Tokens live only in OS-provided secure storage (Keychain on iOS/macOS, Keystore on Android, system credential vault on desktop).
- Scrappy Kin apps do not sync Gmail tokens to our servers, and we cannot act on your behalf without the copy on your device.
- Local caches (recent brokers, drafts) remain on your device so you can review your activity without pinging our infrastructure.
- Scrappy Kin uses no analytics SDKs, no third-party tracking tools, and no automatic crash-reporting services.
- Optional local diagnostics are off by default; if you turn them on, logs stay on your device and are only shared if you manually export and send them to us.
- Narrow troubleshooting logs, when enabled, record app state only — not a background pipeline, not used to capture Gmail content.
7. Limited Use compliance
Scrappy Kin complies with the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- Gmail data is used only to send the opt-out emails you initiate and to show you a local record of the attempt.
- Gmail data is not transferred to anyone else except to deliver the message to the broker you selected and to Google as the email provider.
- No Gmail data is used for advertising, human training, or unrelated features.
- Human access to Google user data occurs only when you explicitly share details with Scrappy Kin support.
8. How we share data
We only share Gmail data in these cases:
- With Google, solely to send the email you approved via the Gmail API
- With the recipient you selected (usually a data broker or privacy contact) as part of that email
- With regulators or law enforcement if we are legally required to do so, after verifying the request and notifying you when legally allowed
Because Scrappy Kin is designed to keep Gmail content, tokens, and opt-out data on your device, we generally do not hold the underlying personal information you are sending to brokers. If we receive a legal request, the main user-specific information we may actually have is whatever you directly sent us through support or privacy correspondence.
We do not sell personal data or license Gmail data to partners.
9. Security posture
Scrappy Kin follows a zero-trust model: assume infrastructure fails, minimize the blast radius, and keep sensitive data on the user's device whenever possible. We design the product so we do not possess Gmail content that could be compelled from us; if our servers are compromised, attackers still cannot read your Gmail.
10. Your choices
- Disconnect Gmail any time at https://myaccount.google.com/permissions or inside Scrappy Kin's settings
- Ask privacy questions or request deletion of support correspondence by contacting privacy@scrappykin.com
- Opt out of optional diagnostics entirely
11. Children's data
Scrappy Kin is not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect data from children and will delete it if we discover we have done so.
12. Changes to this policy
We will post future updates at scrappykin.com/privacy.html with a clear effective date and summarize material changes in-product. We will also update the reviewer packet shared with Google.
13. Contact us
- Privacy & compliance: privacy@scrappykin.com
- Support: support@scrappykin.com