Google User Data Policy

Effective Date: 29 April 2026  ·  Last Updated: 29 April 2026

This Google User Data Policy (the "Google Policy") describes how MonoBoost accesses, uses, stores, and shares information obtained from Google APIs — in particular, the Gmail API — when you use MonoBoost's optional Email-Based Subscription Detection feature. It supplements the MonoBoost Privacy Policy and applies only if you choose to connect a Google account to MonoBoost. If you do not use this feature, this Google Policy does not apply to you.

By initiating the Email-Based Subscription Detection feature, you acknowledge that you have read this Google Policy and agree to the practices described below in addition to the MonoBoost Privacy Policy.

This Google Policy is published by Mnboost Corp., a Delaware corporation, having its business address at 302 E. Carson Street, Las Vegas, Nevada, 89101, U.S.A. ("MonoBoost", "we", "us", or "our").

1. The Email-Based Subscription Detection Feature

The Email-Based Subscription Detection feature allows MonoBoost to identify subscriptions and recurring payments by examining subscription-related emails — such as payment receipts, billing statements, and renewal or cancellation notifications — present in your Gmail inbox. The information identified is used to present you with a unified view of your active subscriptions inside the MonoBoost App.

This feature is optional. You may use the rest of MonoBoost without ever connecting a Google account. The feature is designed to operate on a per-run basis: each time the feature runs, Google asks you to grant permission, and once the run is complete the authorisation is revoked. MonoBoost does not maintain a standing connection to your Google account between runs. Section 6 below describes the equivalent paths through which you control MonoBoost's access to your Google data.

2. The Scope We Request

Each time the feature runs, MonoBoost requests from the Gmail API one OAuth scope:

• https://www.googleapis.com/auth/gmail.readonly — read-only access to messages in your Gmail inbox.

This is the minimum scope required to deliver the feature. Because the scope is read-only, MonoBoost cannot send, modify, archive, or delete any of your email — only read it. We do not request any other Gmail permission, and we do not request any other Google API permission for the purpose of this feature.

3. Limited Use Commitment

MonoBoost's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In line with that commitment, MonoBoost uses information received from Google APIs only to:

• Present you with a unified view of your active subscriptions, derived from analysis of subscription-related emails in your Gmail inbox;
• Operate and improve the Email-Based Subscription Detection feature itself, in ways consistent with this Google Policy;
• Comply with applicable law, regulation, legal process, or enforceable governmental request directed at MonoBoost.

MonoBoost will not:

• Transfer information received from Google APIs to others, except as necessary to provide or improve user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of MonoBoost's assets with appropriate notice to you;
• Use information received from Google APIs for serving advertisements, including retargeting, personalised, or interest-based advertisements;
• Sell information received from Google APIs;
• Use information received from Google APIs to train generalised machine-learning or artificial-intelligence models.

MonoBoost personnel access information received from Google APIs only in the limited circumstances permitted by the Google API Services User Data Policy — namely, with your explicit consent, for security investigation, to comply with applicable law, or for internal operations using only data that has been aggregated and anonymised (or otherwise de-identified) and used in accordance with applicable privacy obligations.

4. What Information We Derive From Your Email

When you initiate a subscription scan, MonoBoost reads messages in your Gmail inbox that match a subscription-related search query. From those messages we may derive information such as:

• Service or merchant identifiers (for example, the name of the streaming service or software vendor sending the receipt);
• Transaction amounts and currencies;
• Billing frequency (for example, monthly or annual);
• Detection timestamp;
• Similar subscription-related metadata.

We do not store or retain the full content of your emails. The feature is designed to focus on subscription-related messages and not to access personal communications unrelated to subscriptions or recurring payments.

5. Sub-processors

The infrastructure that supports this feature relies on a small number of sub-processors, including:

• Our cloud hosting provider (currently Amazon Web Services, in the United States), which hosts the MonoBoost backend services that process subscription detection;
• Google LLC, as the provider of the Gmail API itself, of OAuth identity, and of the Google Cloud project that hosts our OAuth client.

These sub-processors process information received from Google APIs only on MonoBoost's instructions and under contractual obligations consistent with the Google API Services User Data Policy, including the Limited Use requirements.

6. Your Control Over Google Data

MonoBoost is designed so that we do not maintain a persistent, long-lived authorisation to read your Gmail. Each time the Email-Based Subscription Detection feature runs, you are presented with Google's consent screen and asked to grant permission again, and the resulting OAuth tokens are revoked at Google's revocation endpoint as soon as that single run completes. Between runs, MonoBoost has no standing authorisation to your Google account.

Because of this design, you control MonoBoost's access to your Google data through the following equivalent paths:

• By choosing not to connect. If you do not initiate a run of the feature, no Google data is accessed.
• By denying consent at the Google consent screen. When you initiate a run, Google asks you to confirm. If you decline, no Google data is accessed and the run does not proceed.
• By choosing not to initiate further runs. Because each run requires a fresh Google consent and tokens are revoked at the end of every run, simply not starting another run is sufficient to prevent further access.
• By removing MonoBoost from your Google Account permissions. You may, at any time, visit https://myaccount.google.com/permissions and remove MonoBoost.
• By deleting your MonoBoost account. Deleting your MonoBoost account removes the data we derived from your emails as part of the deletion workflow described in the MonoBoost Privacy Policy.

Withdrawal of consent for the Email-Based Subscription Detection feature does not by itself delete your MonoBoost account or the subscription data already produced by earlier runs of the feature. To remove that data, please use the account-deletion path or write to support@mnboost.com to request deletion of specific items.

7. Security

We protect information received from Google APIs using technical and organisational measures that include encryption of data in transit (TLS 1.2 or higher), encryption at rest, role-based access controls, multi-factor authentication on administrative access, security logging and monitoring, and an annual independent security assessment of our Google API integration. No system can be guaranteed to be 100% secure, but we use commercially reasonable measures to protect this information.

8. Changes to This Google Policy

We may update this Google Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this document. Where the change is material — for example, where it affects the Google API scopes we request, or how we use, store, or share information received from Google APIs — we will notify you in advance through in-App notification or email, and, where required, we will obtain your consent to the updated terms before applying them.

If MonoBoost ever requests an additional scope from a Google API, or if MonoBoost ever proposes a use of information received from Google APIs that goes beyond what is described in this Google Policy, we will (a) update this Google Policy, (b) prompt you to consent to the updated terms before any additional access begins, and (c) where required, complete an additional independent security assessment.

9. Contact

Privacy questions. If you have a privacy question that relates specifically to MonoBoost's handling of information received from Google APIs, please write to support@mnboost.com with the subject line "Google User Data — Privacy Question". We will respond within 30 days.

Security reports. If you believe you have discovered a security vulnerability that affects MonoBoost's Google API integration — for example, a vulnerability in the OAuth flow, in token handling, or in any system that processes information received from Google APIs — please report it privately to security@mnboost.com so that we can investigate and fix it before any public disclosure. Please include a clear description of the issue, the steps needed to reproduce it, and any supporting material that helps us validate the finding. We aim to acknowledge receipt within three business days.

For general privacy enquiries unrelated to Google data, please refer to the contact section of the MonoBoost Privacy Policy.