Privacy Policy

Effective: [Date — set at launch]
Controller: SendPermit (“SendPermit,” “we,” “us”)
Contact: [email protected]
Address: [Mailing address — replace]

1. Scope

This Policy describes how we process personal data when you use SendPermit websites, waitlist forms, and the SendPermit product.

2. Data we collect

• Waitlist / contact: email address you submit; optional fields if we add them.
• Account: authentication identifiers from our auth provider; profile basics you provide.
• Gmail connection: OAuth tokens and metadata required to apply routing rules and labels. We design processing to rely on message metadata; message content remains in Google’s systems per product design.
• Payments: payment-related records processed by our payments provider.
• Technical: limited logs (IP, user agent, timestamps) for security and reliability.

3. Purposes & legal bases

We process data to provide the service, secure accounts, comply with law, and communicate about the product. Depending on your region, legal bases may include contract, legitimate interests (security, improvement), and consent where required.

4. Sharing

We use infrastructure and service providers (e.g. hosting, email delivery, payments, analytics if enabled). A subprocessor list will be maintained on this page or linked here before broad production use.

5. Retention

We retain data as long as needed to operate the service and meet legal obligations, then delete or anonymize where appropriate.

6. Security

We implement administrative, technical, and organizational measures appropriate to risk. No method of transmission or storage is 100% secure.

7. Your rights

Depending on jurisdiction, you may have rights to access, correct, delete, restrict, or object to certain processing, and to lodge a complaint with a supervisory authority. Contact [email protected].

8. International transfers

If we transfer data across borders, we use appropriate safeguards as required by law.

9. Children

SendPermit is not directed to children under 16.

10. Changes

We may update this Policy. We will post the revised version and update the effective date.

11. Region-specific notices

[Add GDPR / CCPA / other disclosures with counsel — [Governing law / jurisdiction — replace]]