SENDMAILER.CC ← Home

DRAFT — not legal advice. This document is a starting template. Replace every [BRACKETED] placeholder with your registered legal entity details and have it reviewed by a qualified lawyer in your jurisdiction before relying on it.

Privacy Policy

Last updated: June 10, 2026

This Privacy Policy explains how [LEGAL ENTITY NAME] ("we") handles personal data in connection with the SENDMAILER.CC Service. For data you send through the Service to your own recipients, you are the data controller and we act as your data processor.

1. Data we process

Account data: company name, billing email, admin login credentials, API keys (stored hashed).
Billing data: processed by Stripe; we store only customer and subscription identifiers, not card numbers.
Sending data (on your behalf): recipient email addresses, message content/templates, and delivery events (sent, delivered, bounced, complained, opened, clicked, unsubscribed).
Technical data: logs, IP addresses, and security/audit records.

2. How we use it

To provide and secure the Service, deliver email you request, process bounces/complaints and suppression, generate reporting, handle billing, and comply with law.

3. Sub-processors

Amazon Web Services (SES/SNS) — email delivery and delivery-event notifications.
Stripe — subscription billing and payments.
Cloudflare — DNS, edge security and tunnelling.
Hosting/infrastructure provider: [HOSTING PROVIDER].

4. Retention

Account and billing records are retained for the life of the account and as required by law. Message metadata and delivery events are retained for [RETENTION PERIOD]. Suppression entries are retained indefinitely to protect recipients and deliverability.

5. International transfers

Data may be processed in the regions where our sub-processors operate (e.g. AWS region ap-southeast-1). Where required we rely on appropriate safeguards such as Standard Contractual Clauses.

6. Your rights

Depending on your jurisdiction (GDPR/UK GDPR, CCPA, etc.) you or your recipients may have rights to access, correct, delete, or restrict personal data. Requests relating to recipient data should be directed to the customer (controller); we will assist as processor. Contact [email protected].

7. Security

We use hashed API keys, signed inbound webhooks, audit logging, encrypted recovery codes, least-privilege access, and admin two-factor authentication. No method of transmission or storage is 100% secure.

8. Data processing agreement

If you require a Data Processing Agreement, contact [email protected].

9. Changes & contact

We may update this policy and will post the new date above. Contact: [LEGAL ENTITY NAME], [REGISTERED ADDRESS], [email protected].