Privacy Policy

1. Introduction

SENTD ("we," "our," or "us") operates a transactional email API platform that enables developers and businesses to send emails programmatically. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our website, API, dashboard, and related services (collectively, the "Service").

We are committed to protecting your privacy and handling your data in an open and transparent manner. By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. Definitions

• "Account Data" means information you provide when creating an account, including email address, name, company name, and billing information.
• "Customer Content" means email content, templates, attachments, and recipient lists you transmit through our Service.
• "Usage Data" means information automatically collected about your use of the Service, including API calls, delivery statistics, and performance metrics.
• "End Users" means the recipients of emails you send through our Service.
• "Personal Data" means any information relating to an identified or identifiable natural person.

3. Data Controller and Processor Roles

SENTD as Data Controller: We act as the data controller for Account Data and Usage Data we collect directly from you to provide and improve our Service.

SENTD as Data Processor: When you use our Service to send emails, we act as a data processor on your behalf. You are the data controller for the Personal Data of your End Users (email recipients). We process this data solely according to your instructions and our Data Processing Addendum.

4. Information We Collect

4.1 Account Information

When you create an account, we collect:

• Email address (required)
• Full name
• Company or organization name
• Password (stored in hashed form)
• Billing address and payment information (for paid plans)
• Phone number (optional, for account recovery)

4.2 Email Transmission Data

When you use our API to send emails, we process:

• Sender email addresses (From, Reply-To)
• Recipient email addresses (To, CC, BCC)
• Email subject lines
• Email body content (HTML and plain text)
• Attachments (temporarily stored for delivery)
• Custom headers and metadata
• Template IDs and dynamic variables

4.3 Delivery and Engagement Data

We collect data about email delivery and engagement:

• Delivery timestamps and status (delivered, bounced, deferred)
• Open events (when tracking is enabled)
• Click events (when tracking is enabled)
• Bounce details and error codes
• Spam complaints
• Unsubscribe requests

4.4 Technical and Usage Data

We automatically collect:

• IP addresses used to access our Service
• API request logs (endpoint, method, response code, latency)
• Browser type, version, and language preferences
• Operating system and device information
• Pages visited on our dashboard
• Referral URLs
• Time, date, and duration of access

5. How We Use Your Information

We use collected information for the following purposes:

5.1 Service Delivery

• Process and deliver emails on your behalf
• Route emails through optimal providers
• Handle bounces and manage suppression lists
• Provide delivery receipts and webhooks
• Generate analytics and reports

5.2 Service Improvement

• Monitor and analyze usage patterns
• Optimize delivery routes and performance
• Develop new features and capabilities
• Improve user experience

5.3 Security and Compliance

• Detect and prevent fraud, spam, and abuse
• Protect against unauthorized access
• Enforce our Terms of Service and Acceptable Use Policy
• Comply with legal obligations

5.4 Communication

• Send service-related notifications (outages, updates, security alerts)
• Respond to support inquiries
• Send billing and account notifications
• Provide product updates (with opt-out option)

6. Email Content Handling

• Email content is processed solely for the purpose of delivery to intended recipients
• We do not use email content for advertising, marketing, or profiling purposes
• We do not sell, rent, or share email content with third parties except as necessary for delivery
• Email content is automatically deleted from our systems within 30 days of delivery or final delivery attempt
• We may scan emails for spam, malware, and policy violations using automated systems, but do not manually review content unless required for abuse investigation or legal compliance

7. Data Sharing and Disclosure

We share your information only in the following circumstances:

7.1 Email Delivery Providers

We use multiple email delivery providers to ensure reliable delivery:

• Amazon Web Services (AWS SES)
• Resend
• SendGrid (Twilio)

These providers receive only the information necessary to deliver your emails and are bound by their own privacy policies and our data processing agreements.

7.2 Infrastructure and Service Providers

• Cloud hosting providers (for data storage and computing)
• Payment processors (for billing - we do not store credit card numbers)
• Analytics services (aggregated, non-personal data only)
• Customer support tools

7.3 Legal Requirements

We may disclose information when required to:

• Comply with applicable law, regulation, or legal process
• Respond to lawful requests from public authorities
• Protect our rights, privacy, safety, or property
• Enforce our Terms of Service

7.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your Personal Data becomes subject to a different privacy policy.

8. Data Retention

We retain different types of data for different periods:

9. Your Rights

Depending on your location, you may have the following rights regarding your Personal Data:

• Access: Request a copy of the Personal Data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure:Request deletion of your Personal Data ("right to be forgotten")
• Restriction: Request restriction of processing in certain circumstances
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Complaint: Lodge a complaint with a supervisory authority

To exercise these rights, contact us at privacy@sentd.io. We will respond within 30 days (or sooner if required by applicable law).

10. GDPR Compliance (European Users)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland:

10.1 Legal Bases for Processing

• Contract: Processing necessary to provide our Service to you
• Legitimate Interest: Processing for our legitimate business interests (security, improvement, analytics)
• Consent: Processing based on your explicit consent (marketing communications)
• Legal Obligation: Processing required to comply with law

10.2 International Data Transfers

We store and process data in the United States. For transfers from the EEA, UK, or Switzerland, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Addendum with appropriate safeguards
• Additional technical and organizational measures

10.3 Data Processing Addendum

We offer a GDPR-compliant Data Processing Agreement (DPA) that governs how we process personal data on your behalf. The DPA is incorporated into our Terms of Service for all customers.

11. CCPA Compliance (California Residents)

Under the California Consumer Privacy Act (CCPA), California residents have specific rights:

• Right to Know: What Personal Information we collect and how we use it
• Right to Delete: Request deletion of your Personal Information
• Right to Opt-Out: Opt-out of sale of Personal Information (we do not sell Personal Information)
• Right to Non-Discrimination: Not be discriminated against for exercising your rights

Categories of Personal Information Collected: Identifiers, commercial information, internet activity, professional information, and inferences.

We do not sell Personal Information as defined by the CCPA.

12. CAN-SPAM Compliance

As a transactional email service provider, we facilitate email sending on behalf of our customers. Under the CAN-SPAM Act:

• You (our customer) are the "sender" under CAN-SPAM for emails you send through our Service
• You are responsible for compliance with CAN-SPAM requirements
• We provide tools to help you comply (unsubscribe handling, suppression lists)
• We may suspend accounts that violate CAN-SPAM requirements

13. Security

We implement industry-standard security measures to protect your data:

• TLS 1.2+ encryption for all data in transit
• AES-256 encryption for sensitive data at rest
• Secure password hashing (bcrypt)
• API key management with scoped permissions
• Regular security audits and penetration testing
• Access controls and audit logging
• Infrastructure hosted on SOC 2 compliant providers

While we implement these measures, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but will notify affected users in the event of a data breach as required by law.

For more details, see our Security page.

14. Cookies and Tracking

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication, session management, and security
• Preference Cookies: Remember your settings and preferences (theme, language)
• Analytics Cookies: Understand how you use our Service (can be disabled)

We do not use third-party advertising cookies. You can control cookies through your browser settings.

Email Tracking Pixels

If you enable open tracking, we insert a small transparent image (pixel) in emails to detect when recipients open them. This tracking is:

• Optional and configurable per email or account
• Used only to provide you with delivery analytics
• Not shared with third parties

15. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

16. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect Personal Data from children. If you believe we have collected data from a child, please contact us immediately at privacy@sentd.io.

17. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last updated" date
• Sending an email notification for significant changes
• Displaying a notice in our dashboard

Your continued use of the Service after changes constitutes acceptance of the updated policy.

18. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Privacy Inquiries: privacy@sentd.io
• General Support: support@sentd.io
• Legal/DPA Requests: legal@sentd.io