Legal

Privacy Policy

Effective: May 28, 2026

SendMailr LLC (“SendMailr,” “we,” “us,” “our”) operates the websites, web applications, and APIs available at sendmailr.com (the “Services”). This Privacy Policy describes the categories of information we collect, how we use and share it, and your rights and choices. This policy is incorporated into our Terms of Service.

1. Scope and Roles

SendMailr processes two distinct categories of personal information under different legal roles:

  • Account Data (we are the Business / Controller). Information about you as our customer — the person who signs up, configures campaigns, and pays for the Services.
  • Recipient Data (you are the Business / Controller; we are the Service Provider / Processor). Information about your mailing-list recipients — names, mailing addresses, and any other recipient fields you upload or that we retrieve on your instruction. We process this data solely to fulfill your mail orders and only on your documented instructions, as further described in our Data Processing Addendum.

2. Information We Collect

From You (Account Data):

  • Identity: first and last name, business / company name, real-estate or professional license number (if provided).
  • Contact: email address, phone number, and the mailing address used as your return address on outbound mail pieces.
  • Account: password (stored only as a salted hash), account approval status, login timestamps.
  • Payment: card brand, last 4 digits, and expiration handled by Stripe. Full card data is processed and stored by Stripe — it never reaches SendMailr’s servers.
  • Usage and billing balances: territory purchases, campaign runs, bulk-mail orders, recurring-mailing subscriptions, account credits, referral activity.
  • Optional integrations: Lob account credentials (encrypted at rest), business website URL used for QR-code redirects.

From Your Mailing Lists (Recipient Data):

  • Recipient name, mailing address, ZIP+4 (where provided), and any per-recipient fields you upload (e.g. birthday or anniversary for event-mailings).
  • For campaign features that use property data, the recipient’s property record (address, owner, sale date, etc.) is supplied by our third-party data provider RentCast on your instruction.
  • Mail tracking events (created, mailed, in transit, delivered) returned by Lob.
  • QR-code scan events when a recipient scans a code on a mail piece: timestamp, browser type, IP address, and the redirect destination you configured.

Automatically Collected:

  • Standard server logs: IP address, browser, device type, referring/exit pages, timestamps, and pages viewed.
  • Cookies and similar technologies necessary to maintain your login session and security controls. We do not use third-party advertising cookies.

From Public-Facing Forms:

  • If you submit our website contact form or the AI assistant inquiry form, we collect the information you provide (name, email, company, message) to respond.
  • If a friend invites you through our referral program, we collect the invitee’s email and tie the eventual signup back to the referrer for credit purposes.

3. How We Use Information

  • Operate, maintain, secure, and improve the Services.
  • Create and administer your account, including pending-account review and approval.
  • Generate, print, and deliver mail pieces on your instruction.
  • Process payments and manage billing balances, refunds, and credits.
  • Communicate with you about your account, orders, security events, and material changes to our policies.
  • Detect, prevent, and respond to fraud, abuse, and security incidents.
  • Comply with legal obligations and respond to lawful requests.
  • With separate consent or where permitted, send marketing communications about new features and offers. You may opt out at any time using the unsubscribe link in any such message or by contacting support@sendmailr.com.

4. How We Share Information

We do not sell or rent personal information. We share information with the categories of recipients below and only as described:

  • Service providers (sub-processors) who act on our behalf to operate the Services. A current list is published at /subprocessors, including Stripe (payments), Lob (mail printing and delivery), Resend (transactional email), OpenAI (AI content generation), RentCast (property data on request), Vercel (hosting and file storage), and Railway (background workers).
  • Legal and safety. We may disclose information to comply with subpoenas, court orders, lawful requests, or to protect our rights, property, or safety, or that of our users or the public.
  • Business transfers. In a merger, acquisition, financing, or sale of all or substantially all assets, your information may be transferred to the successor entity, subject to this Privacy Policy.
  • Aggregate / de-identified data. We may share information that does not reasonably identify any individual for analytics, benchmarking, and product-improvement purposes.
  • With your direction. If you connect or share information with a third party (e.g. an integrated CRM), we transmit data per your direction; the third party’s use is governed by its own policies.

5. Data Retention

We retain Account Data for as long as your account is active and for a reasonable period thereafter to comply with legal, accounting, and dispute-resolution obligations. Mailing-list and order history may be retained to support your dashboard, reuse features, and audit needs. Closed accounts are tombstoned (the email is anonymized) but billing and order records are retained as required by law. You may request deletion of your Account Data by emailing support@sendmailr.com.

6. Security

We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the data we process, including TLS encryption in transit, encryption at rest for sensitive credentials, access controls, password hashing, JWT-based session management with defense-in-depth route auth, IP rate-limiting on public endpoints, and webhook signature verification. Payment data is handled exclusively by PCI-DSS-compliant Stripe. No method of transmission or storage is 100% secure; we cannot guarantee absolute security and we will notify you of a breach of unencrypted personal information consistent with applicable law.

7. Your Privacy Rights

All users:

  • Access, correct, or update your account information from your account settings.
  • Request deletion of your Account Data, subject to legal-retention exceptions.
  • Opt out of marketing emails at any time via the unsubscribe link.
  • Close your account from account settings or by emailing support@sendmailr.com.

California residents (CCPA / CPRA):

  • Right to know what personal information we have collected, the sources, the purposes, and the categories of third parties to whom we have disclosed it.
  • Right to delete personal information we collected from you, subject to statutory exceptions.
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing of personal information. SendMailr does not sell or share personal information for cross-context behavioral advertising.
  • Right to non-discrimination for exercising these rights.
  • Authorized agent. You may designate an authorized agent to submit requests on your behalf with a verified written authorization or power of attorney.
  • Submit requests by emailing support@sendmailr.com with subject “CCPA Request.” We will verify your identity before responding.

California Shine the Light:

California Civil Code § 1798.83 permits California residents to request a list of third parties to whom we have disclosed personal information for direct-marketing purposes in the prior calendar year. SendMailr does not share personal information for third-party direct marketing.

Other U.S. state privacy laws:

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Florida, and other states with comprehensive consumer privacy laws have similar rights of access, correction, deletion, and opt-out. You may submit requests by the same method described above.

European Economic Area / United Kingdom:

Where GDPR or UK GDPR applies, you have the right of access, rectification, erasure, restriction, portability, and objection. To exercise these rights, contact support@sendmailr.com. You may also lodge a complaint with your local supervisory authority.

8. Children

The Services are intended for business users 18 years of age or older. We do not knowingly collect personal information from children under 13 (or the applicable age of digital consent in your jurisdiction). If you believe a child has provided us information, contact support@sendmailr.com and we will delete it.

9. Cookies and Do-Not-Track

We use cookies and similar technologies that are strictly necessary for the Services to function (such as session cookies after you log in) and for security. We do not use third-party advertising cookies. Most browsers allow you to control cookies through settings; disabling them may impair some functionality. Because no industry consensus exists on how to interpret browser “Do Not Track” signals, we do not currently respond to them.

10. International Transfers

SendMailr is based in the United States and processes data in the U.S. If you access the Services from outside the U.S., you understand that your information will be transferred to and processed in the U.S. and other countries where our service providers operate. By using the Services you consent to these transfers as permitted by applicable law.

11. Changes to this Policy

We may update this Policy from time to time. When we do, we will revise the Effective date and, for material changes, provide additional notice (such as email or in-platform notice). Continued use of the Services after a change becomes effective constitutes acceptance.

12. Contact

For privacy questions, data-deletion requests, or to exercise your rights, please use our contact form.