Privacy Policy

Welcome to SentBy. We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information. This Privacy Policy explains our data practices for the SentBy email intelligence platform, including our Gmail Chrome extension and web application.

By using SentBy, you agree to the practices described in this Privacy Policy. If you have questions or concerns, please contact us at privacy@trysentby.com.

We collect information necessary to provide our email intelligence services. Here's what we collect and why:

Account Information

• Email address: Required for account creation and authentication
• Name: Used for personalization and communication
• OAuth data: When you connect via Google, we receive basic profile information (name, email, profile picture)
• Payment information: Processed securely through Stripe (we never store credit card details)

Email Metadata

We only access:

• Sender email addresses: To identify contacts for enrichment
• Timestamps: To organize and prioritize enrichment
• Subject lines: Only when necessary for phishing detection
• Message IDs: To prevent duplicate processing

Enrichment Data

We collect and store enriched profile data from publicly available sources:

• LinkedIn profiles (name, job title, company, work history)
• Professional email addresses and phone numbers (from public sources)
• Company information (industry, size, location)
• Social media profiles (when publicly available)
• Education history (from public professional profiles)

Usage Data

• Features you use (enrichment, phishing detection, sync)
• Enrichment requests and credit consumption
• Chrome extension interactions
• Dashboard activity and preferences

Technical Data

• Browser type and version
• Device information (OS, screen resolution)
• IP address (for security and fraud prevention)
• Cookies and local storage data

We use the collected information for the following purposes:

Provide Email Intelligence Services

• Enrich email contacts with professional data from public sources
• Display contact information directly in Gmail
• Provide LinkedIn profile data and company intelligence
• Generate AI-powered contact summaries
• Enable batch enrichment for multiple contacts

Phishing and Spam Detection

• Analyze sender information to identify suspicious emails
• Provide phishing warnings and risk assessments
• Protect you from fraudulent communications

Google Contacts Sync

• Sync enriched contact data to your Google Contacts (if enabled)
• Keep contact information up-to-date across platforms
• Provide seamless integration with your existing contact management

Service Improvement and Analytics

• Understand how users interact with our platform
• Identify and fix bugs and performance issues
• Develop new features based on usage patterns
• Optimize enrichment accuracy and speed

Communication

• Send service updates and feature announcements
• Respond to support requests and inquiries
• Notify you about account or billing changes
• Send security alerts and important notices

We take your privacy seriously and limit data sharing to what is necessary to provide our services:

Third-Party Enrichment Providers

We use trusted third-party data providers to source publicly available professional information. These providers access only the email addresses you choose to enrich and return aggregated public data.

Service Providers

We share data with service providers who help us operate:

• Convex: Database and backend infrastructure
• Vercel: Web hosting and deployment
• Stripe: Payment processing
• Resend: Transactional email delivery
• Analytics providers: Usage analytics and error tracking

All service providers are contractually obligated to protect your data and use it only for the specified purposes.

Legal Compliance

We may disclose your information when required by law:

• To comply with subpoenas, court orders, or legal processes
• To enforce our Terms of Service or protect our legal rights
• To prevent fraud, security threats, or illegal activities
• To protect the safety of our users or the public

Business Transfers

If SentBy is acquired, merged, or sold, your information may be transferred to the new owner. We will notify you via email and provide you with options regarding your data.

What We Never Do

You have control over your data and privacy settings:

Access and Export

• View all enriched contact data in your dashboard
• Export your enriched contacts as CSV or JSON
• Request a copy of all data we have about you

Delete Your Data

• Delete individual enriched profiles from your dashboard
• Delete your entire account and all associated data from account settings
• Request complete data deletion by emailing privacy@trysentby.com

Control Auto-Enrichment

• Disable automatic contact enrichment in your preferences
• Choose which email accounts to enrich
• Set enrichment priority levels (high, medium, low)

Manage Google Contacts Sync

• Enable or disable Google Contacts sync at any time
• Remove previously synced contacts from Google Contacts
• Choose which fields to sync

Cookie Preferences

• Manage cookie settings through your browser preferences
• Opt out of non-essential cookies
• Note: Disabling essential cookies may impact functionality

We implement industry-standard security measures to protect your data:

Encryption

• In transit: All data is encrypted using TLS/SSL
• At rest: Database encryption for stored data
• OAuth tokens: Securely encrypted and stored

Authentication

• OAuth 2.0 authentication (no password storage for Google login)
• Magic link email authentication
• Secure session management

Access Controls

• Limited employee access to user data
• Role-based access controls for internal systems
• Regular security audits and penetration testing
• Logging and monitoring of all data access

Chrome Extension Security

• Minimal permissions (only what's necessary for functionality)
• Secure token storage using Chrome's encrypted storage
• Content Security Policy to prevent XSS attacks

We retain your data for the following periods:

Enriched Profile Data

• Active accounts: Retained for 30 days (cache duration)
• After cache expiry: Automatically deleted unless re-enriched
• Manual deletion: Removed immediately upon request

Account Data

• Active accounts: Retained while your account is active
• Deleted accounts: Permanently deleted within 30 days
• Inactive accounts: Deleted after 2 years of inactivity (with notice)

Usage and Analytics Data

• Usage logs: Retained for 90 days
• Analytics: Aggregated and anonymized data retained indefinitely

Legal Obligations

We may retain certain data longer if required by law or to resolve disputes, enforce agreements, or comply with legal obligations.

We use cookies and similar technologies for:

Essential Cookies

• Authentication: Keep you logged in
• Security: Prevent fraud and protect your account
• Functionality: Remember your preferences

Analytics Cookies

• Understand how users interact with SentBy
• Identify and fix bugs
• Improve features and user experience

Chrome Extension Storage

Our Chrome extension uses local storage to cache authentication tokens and user preferences. This data stays on your device and is never shared without your consent.

SentBy integrates with the following third-party services:

Google OAuth

• Used for authentication and Gmail integration
• Governed by Google's Privacy Policy
• We request only necessary Gmail permissions

Enrichment Data Providers

• Third-party providers aggregate publicly available professional data
• We only share email addresses for enrichment (never email content)
• Data sourced from LinkedIn, company websites, and public databases

Analytics Services

• Convex Analytics: Backend performance monitoring
• Vercel Analytics: Web performance metrics
• Usage data is anonymized and aggregated

Email Service (Resend)

• Used for sending transactional emails (magic links, notifications)
• Governed by Resend's Privacy Policy

SentBy is not intended for users under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will promptly delete it.

If you believe we have inadvertently collected information from a child, please contact us at privacy@trysentby.com.

SentBy is based in the United States. Your data is stored and processed in the US using Convex Cloud infrastructure.

For Users Outside the US

By using SentBy, you consent to the transfer of your data to the United States. We ensure appropriate safeguards are in place:

• Standard contractual clauses for data transfers
• GDPR-compliant data processing agreements
• Encryption in transit and at rest

If you are in the European Union, you have the following rights under the General Data Protection Regulation (GDPR):

Right to Access

Request a copy of all personal data we hold about you. We will provide this within 30 days of your request.

Right to Rectification

Correct inaccurate or incomplete personal data. You can update most information directly in your dashboard.

Right to Erasure

Request deletion of your personal data. We will comply within 30 days unless legal obligations require retention.

Right to Data Portability

Receive your data in a structured, machine-readable format (CSV or JSON) to transfer to another service.

Right to Object

Object to processing of your personal data for direct marketing or legitimate interests.

Right to Restrict Processing

Request temporary restriction of processing while we verify data accuracy or assess your objection.

Right to Lodge a Complaint

File a complaint with your local data protection authority if you believe your rights have been violated.

To exercise any of these rights, contact us at privacy@trysentby.com.

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

Categories of Data Collected

We collect the following categories of personal information:

• Identifiers (name, email, IP address)
• Commercial information (subscription plan, usage history)
• Internet activity (browsing behavior, feature interactions)
• Professional information (enriched contact data from public sources)

Right to Know

Request disclosure of:

• Categories of personal information collected
• Sources from which data was collected
• Business purposes for collection
• Categories of third parties with whom data is shared
• Specific pieces of personal information collected

Right to Delete

Request deletion of personal information we have collected. We will comply unless an exception applies (legal obligation, fraud prevention, etc.).

Right to Opt-Out of Sale

Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. You will receive the same service quality regardless of whether you exercise your rights.

To exercise these rights, contact us at privacy@trysentby.com. We will verify your identity before processing requests.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements.

How We Notify You

• Material changes: Email notification at least 30 days before the changes take effect
• Minor changes: Update the "Last updated" date at the top of this page
• In-app notification: Display a banner when you log in

Your Options

If you disagree with changes to this policy, you may delete your account before the changes take effect. Continued use of SentBy after the effective date constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@trysentby.com
• Support: support@trysentby.com
• Data Protection Officer: dpo@trysentby.com

We will respond to your inquiries within 30 days. For urgent privacy or security matters, please mark your email as "Urgent" in the subject line.