The short, plain-English version.

Account data. Your name, email, and billing details when you create a workspace or enter a paid plan.

API usage data. The endpoints you call, timestamps, request IDs, status codes, and sizes — used for billing, debugging, and abuse prevention.

Message content. Content you send through send0 (recipients, subjects, bodies, attachments) on behalf of your users. We process this solely to deliver the message.

We use the data to run the product: authenticate your API calls, deliver messages, generate analytics, prevent abuse, bill you accurately, and respond to support requests.

We do not sell your data, rent it, or use message content to train any models.

Account data is retained while your workspace is active and for a reasonable period after, per legal / tax obligations.

Message content is retained only for as long as needed to deliver the message and generate delivery telemetry (default 30 days for logs, shorter on request for Scale and Enterprise plans).

Workspace administrators can configure retention windows per-workspace in the dashboard.

TLS 1.3 in transit, AES-256 at rest, SHA-256 hashed API keys, role-based access controls, enforced MFA, and an audit log of every action in your workspace. Full detail on the Security page.

You have the right to access, correct, export, or delete the personal data we hold about you and (for customers) to request data subject operations on behalf of your end users.

Email privacy@send0.dev to exercise these rights. We respond within 30 days.

send0 operates in multiple regions (primarily AWS us-east-1 and eu-west-1). Where we transfer personal data across borders, we rely on Standard Contractual Clauses and maintain a current Data Processing Agreement.

Material changes are announced at least 30 days in advance via the dashboard and a notification email to workspace admins. Historical versions are kept in the changelog.