Privacy Policy | senderZ

1. Information We Collect

We collect the following categories of information when you use senderZ:

Account information: Your name and email address, collected through Clerk, our authentication provider, when you sign up or log in.
API usage data: Request counts, API endpoints called, message counts, delivery status, error rates, and timestamps. We collect this to operate the Service and enforce plan limits. We do not log message body content.
Payment information: Billing details and subscription status are handled by Stripe. We do not store credit card numbers or full payment instrument details on our servers. We receive limited billing metadata from Stripe (plan tier, payment status, subscription dates).
Analytics data: We use Google Analytics 4 (GA4) to collect anonymized page view data, traffic sources, and user behavior on the senderZ.com website. This includes approximate geographic location (country/region level), browser type, and device type. We do not use GA4 to track activity within the authenticated dashboard or portal.
Support communications: If you contact us for support, we retain the content of those communications to resolve your issue and improve our service.

2. How We Use Information

We use the information we collect to:

Provide the Service: Authenticate your account, process API requests, route messages, track usage, and enforce plan limits.
Process billing: Manage your subscription, calculate overage charges, and send invoices through Stripe.
Improve the platform: Analyze usage patterns, diagnose issues, and develop new features. All analysis is performed on aggregated or anonymized data.
Send service communications: Notify you of important changes to the Service, security alerts, billing events, or plan quota warnings. These communications are necessary to operate the Service and cannot be opted out of while you maintain an account.
Marketing communications: We will only send promotional emails if you have explicitly opted in. You can unsubscribe from marketing emails at any time using the unsubscribe link in each email.

3. What We Don't Do

We want to be explicit about what we do not do with your data:

We do not sell your data. We will never sell your personal information, contact lists, or usage data to third parties.
We do not log message content. The body of messages you send through senderZ is not stored in our logs or analytics systems. Message metadata (status, timestamp, channel, direction) is retained for billing and debugging purposes.
We do not share personal information for marketing. We do not share your personal information with third parties for their own marketing purposes.
We do not use your data to train AI models. Your data is not used to train machine learning models by senderZ or any third-party AI provider on our behalf.

4. Third-Party Services

senderZ uses the following third-party services to operate the platform. Each has its own privacy policy:

Cloudflare: Provides hosting, CDN, DNS, and network infrastructure for senderZ. Cloudflare may process request metadata (IP addresses, request headers) as part of normal network operations. Cloudflare Privacy Policy
Stripe: Processes all payments and manages subscription billing. Stripe operates as an independent data controller for payment information. Stripe Privacy Policy
Clerk: Handles user authentication, session management, and account security. Clerk processes your name, email address, and authentication credentials. Clerk Privacy Policy
Google Analytics 4: Provides website analytics for the senderZ.com marketing site. We use GA4 with IP anonymization enabled. Google Privacy Policy

We carefully evaluate all third-party services we use and limit the data shared with them to what is strictly necessary to operate the Service.

5. Data Retention

We retain data for the following periods:

Account data: Retained for the duration of your account. If you close your account, your data will be deleted within 14 days upon request.
Message metadata: Delivery status, timestamps, channel, and error information are retained for billing reconciliation and support. This data is deleted 90 days after your account is closed.
Billing records: Invoices and payment history are retained for 7 years as required by applicable accounting and tax regulations.
Support communications: Retained for 2 years after resolution to improve our service quality.
Website analytics: GA4 data is retained for 14 months per our GA4 configuration.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

California residents (CCPA):

Right to know what personal information we collect and how we use it
Right to delete your personal information (subject to certain exceptions)
Right to opt out of the sale of personal information (we do not sell personal information)
Right to non-discrimination for exercising your privacy rights

EU/EEA residents (GDPR):

Right to access your personal data
Right to rectify inaccurate personal data
Right to erasure ("right to be forgotten")
Right to data portability
Right to restrict processing
Right to object to processing

To exercise any of these rights, contact us at [email protected]. We will respond to verified requests within 14 days. We may need to verify your identity before processing your request.

7. Cookies

senderZ uses cookies and similar tracking technologies only for analytics purposes on the marketing website:

Analytics cookies: Google Analytics 4 (GA4) and Google Tag Manager (GTM) are used to measure traffic and usage patterns on senderZ.com. These cookies are analytics-only.
No advertising cookies: We do not use cookies for advertising, retargeting, or interest-based profiling.
No third-party tracking: We do not use any third-party cookies for tracking users across other websites.
Authentication: Clerk uses session cookies within the authenticated portal to maintain your logged-in state. These are strictly necessary for the Service to function.

You can control cookies through your browser settings. Disabling analytics cookies will not affect your ability to use senderZ.

8. Security

We implement industry-standard security measures to protect your data:

API key storage: API keys are stored as SHA-256 hashes. The plaintext key is only shown once at creation and is never stored or logged.
Encryption in transit: All connections to senderZ use TLS 1.2 or higher (HTTPS). Data transmitted to and from our servers is encrypted.
Encryption at rest: Data stored in our database is encrypted at rest using AES-256 encryption provided by Cloudflare.
Access controls: Access to production systems is restricted to authorized personnel and is audited.
Incident response: We have procedures in place to detect, respond to, and notify users of security incidents. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data using commercially acceptable means, we cannot guarantee absolute security.

9. Children's Privacy

senderZ is a business-to-business API platform and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a minor, please contact us at [email protected].

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will post the updated policy on this page with a new effective date. For significant changes that affect your rights or how we use your personal data, we will notify you by email. Your continued use of the Service after the effective date of the updated policy constitutes your acceptance of the changes.

11. Contact

For privacy inquiries, data subject requests, or questions about this policy, please contact us at [email protected].