SendPilot Privacy Policy
Last updated: October 7, 2025
This Privacy Policy describes how SendPilot (“we,” “us,” “our”) collects, uses, shares, and safeguards personal data when you visit our websites, use our hosted Services, or license our self‑hosted software. It also explains rights and choices available to individuals under applicable laws (e.g., GDPR, UK GDPR, CCPA/CPRA).
1) Scope & Roles
- For our public website and account management for hosted Services, we act as a controller.
- For personal data you upload to the hosted Services, we generally act as a processor on your behalf; our processing is governed by our DPA (available upon request).
- For self‑hosted deployments, you control your own environment; we do not access your instance except where you explicitly grant access for support.
2) Data We Collect
| Category | Examples | Source |
|---|---|---|
| Account Data | Name, username, email, password hash, organization | You |
| Billing Data | Billing address, payment method tokens, transaction history | You / Payment Processor (e.g., Stripe) |
| Service Data | Campaign metadata, recipient lists, templates, logs, deliverability metrics | You / Your Systems |
| Technical Data | IP address, device identifiers, browser type, pages viewed, referring URL, cookies | Your device / our systems |
| Support Data | Messages, attachments, diagnostics | You |
| Marketing & Comms | Preferences, unsubscribes, interactions with our emails | You / our email tools |
3) Purposes & Legal Bases
- Provide and secure the Services (perform the contract; legitimate interests).
- Account setup, billing, and customer support (perform the contract; legitimate interests; legal obligations).
- Improve and develop features (legitimate interests; with safeguards such as aggregation/de‑identification).
- Marketing communications (consent where required; opt‑out anytime).
- Legal compliance (legal obligations; establish, exercise, or defend legal claims).
4) Cookies & Similar Technologies
We use cookies and similar technologies for authentication, preferences, analytics, and performance. You can manage cookies via your browser settings. Some features may not function without certain cookies.
5) Sharing & Disclosures
- Service Providers/Processors. We share data with vendors who process data for us (e.g., cloud hosting, email delivery, analytics, payment processing) under contracts that restrict their use of the data.
- Legal/Compliance. We may disclose data to comply with law, regulation, legal process, or governmental request; to enforce our agreements; or to protect rights, property, or safety.
- Business Transfers. In connection with a merger, acquisition, financing, or sale of assets, we may transfer data as part of the transaction, subject to standard confidentiality protections.
- Aggregated/De‑identified. We may use or share aggregated or de‑identified data that cannot reasonably be used to identify you.
6) International Transfers
Where applicable, we implement appropriate safeguards for international transfers (e.g., SCCs, UK IDTA/Addendum). You may request a copy of relevant safeguards by contacting us.
7) Retention
We retain personal data for as long as necessary to fulfill the purposes described, including providing the Services, complying with legal obligations, resolving disputes, and enforcing agreements. Retention periods vary by data type and use.
8) Your Rights
- GDPR/UK GDPR (EEA/UK residents). Right to access, rectification, erasure, restriction, portability, and objection, and to withdraw consent where processing is based on consent.
- California (CCPA/CPRA). Right to know/access, correct, delete, and to limit use/disclosure of sensitive personal information, subject to exceptions. We do not “sell” or “share” personal information as defined by CPRA.
- Exercising Rights. Email privacy@sendpilot.us (or support@sendpilot.us) with your request. We may verify your identity and request additional information to process your request.
- Complaints. You may lodge a complaint with your local data protection authority.
9) Security
We implement reasonable technical and organizational measures to protect personal data, including encryption of sensitive secrets at rest, secure transport, access controls, and logging. No system is perfectly secure; you are responsible for securing your credentials and your self‑hosted environments.
10) Children
The Services are not directed to children under 13 (or the age required by local law). We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us to request deletion.
11) Hosted vs Self‑Hosted
- Hosted. We process Customer Data on your behalf to provide the Services, including storage, transmission, and operational logs necessary to deliver functionality and security.
- Self‑Hosted. Customer Data remains within your infrastructure. We do not access your instance unless you request support and grant access. License validation may transmit license key, version, and telemetry such as basic usage metrics or error codes; you can disable optional telemetry where offered.
12) Marketing Choices
You may opt out of marketing emails by using the unsubscribe link in the email or contacting us. We may still send transactional or service communications.
13) Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with a new “Last updated” date. Your continued use of the Services after changes take effect signifies acceptance.
14) Contact
For questions about this Policy or our privacy practices, email privacy@sendpilot.us or support@sendpilot.us.