Before this year’s blockbuster Superhuman scandal, in which the email app maker was caught providing a non-consensual read receipt feature to its users, there was the Unroll.me controversy.

It erupted two years ago, when it was discovered the popular email cleanup tool was collecting information on user purchases and handing it over to its parent company, Slice Technologies, to sell as part of an analytics tool. Specifically, Unroll.me was caught selling receipt data to Uber so the ride hailing service could better target customers who might be using its competitor Lyft more often.

It didn’t go over well, especially after the CEO said he was heartbroken “to see that some of our users were upset to learn about how we monetize our free service” and a former Unroll.me co-founder admonished critics for supposedly being dumb enough to think Unroll.me was doing anything but collecting user data to monetize its free email service.

The FTC says Unroll.me deceived users with misleading claims about data collection

Now, the company and the Federal Trade Commission have reached a settlement over misleading marketing after the company was found to have deceived its users over its handling of email data. As part of the settlement, Unroll.me will have to “delete personal information it collected from consumers,” and the company is now “barred from misrepresenting the extent to which it collects, uses. stores, or shares information it collects from consumers.”

It also has to notify users who viewed any of its deceptive statements about how it collects and shares user data gleaned from email messages, and Unroll.me has been ordered to delete all stored email receipts it collected unless it obtains “affirmative, express consent” to keep the information.

“What companies say about privacy matters to consumers,” Andrew Smith, director of the FTC’s Bureau of Consumer Protection, said in a press release. “It is unacceptable for companies to make false statements about whether they collect information from personal emails.”

Interestingly, the target of the FTC’s investigation was not Unroll.me’s response to the email controversy in 2017 or its behavior thereafter, but a series of actions it took a year prior that were only later uncovered after the controversy gained the attention of regulators.

According to the FTC, after some Unroll.me users declined to give the user permission to its email inbox starting around November 2015, the company engaged in a campaign to win those users back with a series of messages. one of which read, “Don’t worry, this is just to watch for those pesky newsletters, we’ll never touch your personal stuff.” Unroll.me engaged in what the FTC is calling deceptive behavior until October 2016.

“The message did not tell users that access to their inboxes would also be used to collect e-receipts and to sell the purchase information they contain,” reads the FTC’s press release. “The complaint alleges that thousands of consumers changed their minds and signed up for Unroll.me in response to these assurances.” The FTC says it will publish a description of the agreement to the Federal Register “soon,” and that the agreement will be subject to public comment for 30 days after publication. The FTC will then decide whether to make the proposed consent order final.