Privacy Policy

Last updated: January 21, 2025

1. Introduction

Sendivent ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our multi-channel notification API service ("Service").

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

We collect several types of information to provide and improve our Service:

Account Information

  • Name, email address, and contact details
  • Account credentials and authentication data
  • Billing information and payment details
  • Organization name and business information

API Usage Data

  • API requests, responses, and error logs
  • API keys and authentication tokens
  • Usage metrics and rate limit data
  • Integration configurations and settings

Notification Data

  • Recipient information (email addresses, phone numbers, Slack IDs)
  • Notification templates and content
  • Delivery metadata (timestamps, status, channel)
  • User identifiers and profile data
  • Custom fields and personalization data

Technical Information

  • IP addresses and device identifiers
  • Browser type, version, and operating system
  • Referring URLs and navigation paths
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use the collected information for various purposes:

  • To provide, maintain, and improve our notification delivery Service
  • To process and deliver notifications via Email, SMS, and Slack
  • To manage your account and provide customer support
  • To process billing and payments
  • To monitor API usage and enforce rate limits
  • To analyze usage patterns and improve Service performance
  • To detect, prevent, and address technical issues and security threats
  • To comply with legal obligations and enforce our Terms of Service
  • To send administrative information, updates, and security alerts
  • To provide marketing communications (with your consent)

4. Data Sharing and Disclosure

We may share your information in the following circumstances:

Service Providers

We work with third-party service providers to operate our Service:

  • Amazon Web Services (AWS) - Infrastructure, database hosting, and serverless computing
  • AWS SES - Email delivery service
  • AWS SNS - SMS delivery service
  • Slack - Slack notification delivery (when you enable this integration)
  • Payment processors - Billing and payment processing
  • Analytics providers - Usage analytics and monitoring

Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, or government regulations).

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information. Cookies are files with small amounts of data that are sent to your browser from a website and stored on your device.

You can instruct your browser to refuse all cookies or indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device until deleted or expired) for authentication, preferences, and analytics.

6. Data Retention

We retain your information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy. Specific retention periods include:

  • Account information: Retained while your account is active and for a reasonable period after closure
  • Notification delivery logs: Retained for operational purposes and compliance (typically 90 days to 1 year)
  • Billing records: Retained for tax and accounting purposes (typically 7 years)
  • API logs: Retained for debugging and security purposes (typically 30-90 days)

When we no longer need your information, we will securely delete or anonymize it.

7. Data Security

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest
  • API key authentication and access controls
  • Regular security assessments and monitoring
  • Restricted access to personal information on a need-to-know basis
  • Secure infrastructure hosted on AWS with industry-standard security practices

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

8. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal information
  • Portability: Request a copy of your data in a structured, machine-readable format
  • Objection: Object to certain processing of your information
  • Restriction: Request restriction of processing your information
  • Withdraw consent: Withdraw previously given consent

To exercise these rights, please contact us using the information provided in the Contact section. We will respond to your request within the timeframe required by applicable law.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from the laws of your country.

We ensure that such transfers comply with applicable data protection laws and that appropriate safeguards are in place to protect your information, including standard contractual clauses approved by relevant authorities.

10. GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to access your personal data
  • Right to rectification of inaccurate personal data
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

Our lawful bases for processing your information include: performance of a contract, compliance with legal obligations, legitimate interests, and your consent (where applicable).

11. CalOPPA Compliance (California Users)

Under the California Online Privacy Protection Act (CalOPPA), we disclose the following:

  • We do not honor "Do Not Track" signals from browsers at this time
  • Third-party behavioral tracking: We may use third-party analytics services that track user behavior
  • You can review and change your personal information through your account settings
  • We will notify you of Privacy Policy changes on this page and update the "Last updated" date

12. CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information:

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information held by us
  • Right to opt-out of the sale of personal information (Note: We do not sell your personal information)
  • Right to non-discrimination for exercising your CCPA rights

To exercise your CCPA rights, please contact us. We will verify your identity before processing your request.

13. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us. If we discover that we have collected personal information from a child under 18, we will take steps to delete that information.

14. Third-Party Services and Links

Our Service may contain links to third-party websites or integrate with third-party services (such as Slack, AWS, payment processors). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you interact with.

When you use integrations like Slack notifications, you are also subject to those platforms' privacy policies and terms of service.

15. Email Communications

We may send you emails related to:

  • Service updates and administrative messages
  • Account security and authentication
  • Billing and payment notifications
  • Product announcements and updates
  • Marketing communications (with your consent)

You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or by updating your account preferences. Please note that you cannot opt out of essential service communications.

16. Data Processing Addendum

If you use our Service to process personal data on behalf of others (acting as a data controller), we act as a data processor. We offer a Data Processing Addendum (DPA) that addresses GDPR requirements for controller-processor relationships. Please contact us to execute a DPA.

17. Analytics and Monitoring

We use analytics services to understand how our Service is used and to improve user experience. These services may collect information about your device, browsing actions, and usage patterns. Analytics data is typically aggregated and anonymized.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on this page
  • Updating the "Last updated" date at the top of this policy
  • Sending an email notification for significant changes (if required by law)

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

19. Data Controller Information

For the purposes of GDPR and other data protection laws, Sendivent is the data controller responsible for your personal information. We determine the purposes and means of processing your personal data in connection with our Service.

20. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Through our support channels
  • Via our website contact form
  • By mail at our registered business address

We will respond to your inquiry within a reasonable timeframe, and no later than required by applicable law (typically 30 days for GDPR requests).