Legal

Privacy Policy

Last updated: May 25, 2025

SendOut (“we”, “our”, or “us”) is committed to protecting your personal information. This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it. By using SendOut, you agree to the collection and use of information in accordance with this policy.

1Information We Collect

We collect information you provide directly to us and information collected automatically when you use the service.

Information you provide

  • Name and email address when creating an account
  • Password (stored as a one-way hash — we cannot recover it)
  • Payment information (processed by our payment provider; we do not store card numbers)
  • Communications you send to our support team

Information collected automatically

  • Browser type, operating system, and IP address
  • Pages visited, features used, and actions taken within the app
  • Error logs and performance data for service improvement
  • Session timestamps and usage frequency

2Account Information

Your account information (name, email) is used to authenticate you and personalise your experience. We do not sell or share your account data with third parties for marketing purposes.

If you sign in via Google or Microsoft OAuth, we receive only your name, email address, and profile photo. We do not receive access to your Gmail or Outlook inbox through the authentication flow alone — mailbox access requires a separate, explicit connection step.

3Provider Connections & Credentials

When you connect a mailbox, we store connection credentials (SMTP passwords, API keys, OAuth tokens) to enable the warming and sending features. All credentials are encrypted at rest using AES-256-GCM encryption before being written to our database.

How we protect your credentials:

— Encrypted with AES-256-GCM before storage; the encryption key is never stored alongside data

— Credentials are decrypted only in memory, at the time of sending or testing a connection

— Credentials are never logged in plain text

— Revoking a mailbox connection permanently deletes its stored credentials

We access your mailboxes only to perform the services you have explicitly configured: sending warm-up emails, reading replies, and running connection health checks.

4Analytics & Product Telemetry

We collect anonymised product usage data to understand how features are used and where to invest in improvements. This includes aggregate event counts (e.g., number of campaigns created, feature interactions) but does not include the content of your emails or recipient data.

We may use third-party analytics tools (such as PostHog or Plausible) that are configured to anonymise data before storage. We do not use advertising analytics or retargeting pixels.

5Cookies

We use cookies for the following purposes:

Session cookieEssential

Keeps you authenticated during a session. Required for the app to function.

CSRF tokenEssential

Protects against cross-site request forgery attacks.

Preference cookieFunctional

Remembers UI preferences (theme, sidebar state).

We do not use advertising cookies or third-party tracking cookies.

6Data Retention

We retain your data for as long as your account is active or as needed to provide you the service. Specific retention periods:

Account data: retained until you delete your account

Mailbox credentials: deleted immediately when you remove a mailbox or close your account

Sending and warmup logs: retained for 90 days, then purged

Error logs: retained for 30 days for debugging purposes

Billing records: retained for 7 years per legal and tax requirements

You may request deletion of your account and all associated data at any time by contacting us. We will process deletion requests within 30 days.

7Your Rights

Depending on your location, you may have the following rights under applicable data protection law (including GDPR and CCPA):

  • Right to access the personal data we hold about you
  • Right to correct inaccurate or incomplete data
  • Right to request deletion of your data
  • Right to data portability (receive your data in a machine-readable format)
  • Right to object to or restrict processing in certain circumstances

To exercise any of these rights, contact us at the address below.

8Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

SendOut

Email: privacy@sendout.app

General contact: sendout.app/contact

This policy is effective as of May 25, 2025 and supersedes all previous versions.

Terms of Service →