theunsendBegin

Privacy

Privacy Policy

Your quiet is yours. This page describes what data we process, why, and how you stay in control at all times. We wrote it in plain English because we think you should be able to read it without a law degree.

1. Data controller

Bytegleam GbR
Heckenweg 21, 26624 Südbrookmerland, Germany
privacy@theunsend.com

2. What we process

  • Account data: email address, argon2-hashed password, display name.
  • Conversations with the companion: stored in our EU database, used only to operate the service and to give the companion continuity. Sent to Mistral AI (EU, France) for response generation. We do not use your conversations to train models.
  • Journal and check-in entries: private. The AI companion does not read them unless you explicitly ask.
  • Wall posts: anonymous, automatically deleted 72 hours after posting.
  • Payment data: processed directly by Stripe Payments Europe Ltd. We store only the Stripe payment intent / subscription identifier to link your access to your purchase. We do not store card numbers.
  • Technical data: session cookies (essential), basic error logs (no tracking pixels, no third-party analytics by default).

3. Legal basis

Article 6 (1) (b) GDPR (performance of a contract) for account and product use. Article 6 (1) (f) GDPR (legitimate interest) for security and abuse prevention.

4. Where data lives & sub-processors

Servers and databases inside the EU. Current sub-processors:

  • Hosting / Database: STRATO AG (Berlin, Germany) — servers in Germany, governed by a data processing agreement under Art. 28 GDPR.
  • AI provider: Mistral AI (Paris, France) under a standard DPA. We do not opt into their training corpus.
  • Payments: Stripe Payments Europe Ltd. (Dublin, Ireland).
  • Email: transactional emails (receipts, access links, password resets) sent via Sendinblue SAS / Brevo (Paris, France) under DPA.

5. Your rights

Access, rectification, erasure, restriction, objection and data portability under Articles 15–21 GDPR. A single email to privacy@theunsend.com is enough — no forms, no queue.

6. Cookies & analytics

We only use strictly necessary cookies and cookieless analytics (Plausible, EU-hosted). No tracking, no ad cookies, no consent banner theatre.

7. Retention

Account data is retained while you have an account with us. If you cancel and request deletion, we delete it within thirty days, with the exception of data we are legally required to retain (e.g. invoicing records under German tax law).

Last updated: May 2026.