Sesend

Legal

Privacy Policy

Last updated: April 9, 2026

Introduction

Sesend ("we", "our", or "us") operates the Sesend email delivery platform accessible at sesend.io. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. Please read it carefully. If you disagree with its terms, please discontinue use of the service.

Information We Collect

Information you provide directly

  • Account data — name, email address, and password when you register.
  • Billing data — payment information is collected and processed by Stripe. We store only a Stripe customer ID and subscription status; we never store raw card numbers.
  • Sending domains — domain names you add for email sending.
  • Email content — subject lines, recipients, and HTML/text bodies of emails sent through the API. This data is used solely to deliver your emails and power delivery logs.

Information collected automatically

  • Log data — IP addresses, browser type, pages visited, and timestamps when you interact with our website or API.
  • Usage data — API call volumes, email delivery events (delivered, bounced, complained, opened), and feature usage patterns.
  • Cookies — session cookies to keep you logged in. See the Cookies section below.

Information from third parties

  • AWS SES — delivery, bounce, and complaint events for emails you send through our platform.
  • Stripe — subscription and payment status updates via Stripe webhooks.

How We Use Your Data

We use the information we collect to:

  • Provide, operate, and maintain the Sesend service.
  • Deliver emails on your behalf via AWS Simple Email Service.
  • Process payments and manage your subscription through Stripe.
  • Display email delivery logs and analytics in your dashboard.
  • Send transactional emails (account verification, password resets, domain verified notifications).
  • Monitor and enforce our Acceptable Use Policy, including suppression of hard bounces and spam complaints.
  • Detect, prevent, and address fraud, abuse, or security incidents.
  • Comply with legal obligations.

We do not sell your data or the content of emails you send through our platform to any third party. We do not use email content for advertising or marketing purposes.

Sharing & Disclosure

We share data only in the following limited circumstances:

  • Service providers — we share data with infrastructure providers necessary to operate the service: Amazon Web Services (email delivery, cloud infrastructure), MongoDB Atlas (database), Stripe (billing), and Vercel (hosting). Each provider processes data only as directed by us.
  • Legal requirements — we may disclose data if required by law, court order, or to protect the rights, property, or safety of Sesend, our users, or the public.
  • Business transfers — in the event of a merger, acquisition, or sale of assets, user data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.
  • With your consent — we may share data for any other purpose with your explicit consent.

Data Retention

We retain your account data for as long as your account is active. Email logs are retained according to your plan:

  • Free — 1 day
  • Starter — 3 days
  • Growth — 7 days
  • Business — 30 days

After account deletion, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or regulatory reasons (e.g. billing records retained for 7 years).

Security

We implement industry-standard safeguards including TLS encryption in transit, AES-256 encryption at rest for sensitive fields, hashed passwords (bcrypt), and hashed API keys (SHA-256). Access to production systems is restricted to authorised personnel.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If you discover a security vulnerability, please contact us at security@sesend.io.

Cookies

We use a minimal set of cookies:

  • Session cookie (sesend_session) — an encrypted, HTTP-only cookie used to keep you authenticated. It expires after 7 days of inactivity. This cookie is strictly necessary for the service to function.

We do not use tracking cookies, advertising cookies, or third-party analytics scripts. You can clear cookies at any time via your browser settings; doing so will log you out of your account.

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you.
  • Correction — request that inaccurate data be corrected.
  • Deletion — request deletion of your account and associated data.
  • Portability — request your data in a machine-readable format.
  • Objection — object to certain processing activities.

To exercise any of these rights, contact us at privacy@sesend.io. We will respond within 30 days. You may also delete your account directly from the dashboard under Settings → Danger Zone.

Children's Privacy

Sesend is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal information, please contact us and we will take steps to delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will send a notice to the email address associated with your account at least 14 days before they take effect. Your continued use of the service after the effective date constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or your data, please contact us: