Privacy Policy

Last updated: March 25, 2026

SendDeck ("we", "us", or "our") respects your privacy. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data. This policy applies to all users of senddeck.ai and related services.

1. Information We Collect

Information you provide

• Account information: Name, email address, and authentication credentials (Google OAuth or email/password)
• Profile information: Company name, job title, and use case (optional, collected during signup)
• Content: HTML files you upload, documents generated by our AI, and any files in your context library
• Payment information: Billing details are collected and processed by Stripe. We do not store credit card numbers.
• Communications: Emails or support messages you send us

Information collected automatically

• Usage data: Pages visited, features used, documents created, AI generation requests
• Device information: Browser type, operating system, screen resolution, and device type
• Log data: IP address, access times, referring URLs
• Analytics on shared documents: When someone views a document you shared, we record the viewer's identity (if authenticated), IP-derived location, device type, view duration, and scroll depth. This data is visible to the document owner.

2. How We Use Your Information

3. AI-Generated Content

When you use our AI generation features, your input files and instructions are sent to third-party AI providers (Anthropic, Google) for processing. These providers process your data according to their API terms and do not use your data for model training. We log generation metadata (model used, token counts, cost) but do not retain copies of your input files after generation completes.

BYOK (Enterprise): If you provide your own API key, generation requests are made using your key directly. We do not log or store the content of these requests beyond what is necessary for the generation process.

4. Data Sharing

We do not sell your personal information. We share data only in these limited circumstances:

• Service providers: Firebase/Google Cloud (hosting, storage, database), Stripe (payments), Anthropic and Google AI (generation), Resend (transactional email), Twilio (optional SMS notifications). These providers process data on our behalf under data processing agreements.
• Document viewers: When you share a document, authorized viewers can see the document content. Document owners can see viewer analytics (identity, device, engagement).
• Legal requirements: We may disclose data if required by law, subpoena, or court order, or to protect the rights, property, or safety of SendDeck, our users, or the public.

5. Data Security

We implement industry-standard security measures including TLS 1.3 encryption in transit, AES-256 encryption at rest (Firebase/Google Cloud), bcrypt password hashing, signed and time-limited download URLs, and automated content safety scanning. For a detailed overview of our security practices, see our Security page.

6. Data Retention

• Account data: Retained while your account is active. Deleted within 30 days of account closure.
• Documents: Retained while your account is active. Available for export for 30 days after account closure, then permanently deleted.
• View analytics: Retained for 12 months, then aggregated and anonymized.
• Generation logs: Metadata (model, cost, tokens) retained for 24 months for billing and service improvement. Input content is not retained.
• Security logs: Retained for 12 months.

7. SMS Notifications

SendDeck offers optional SMS notifications for platform administrators. SMS is entirely opt-in and is not required to use the Service. If you opt in, you will receive text messages regarding system events such as new user signups, document publishing activity, and system alerts. Message frequency varies and will not exceed 30 messages per month. Message and data rates may apply.

You may opt out of SMS notifications at any time by replying STOP to any message, or by updating your notification preferences in your account settings. Reply HELP to any message for assistance. SMS is provided via Twilio. Your phone number is stored securely and is never shared with third parties for marketing purposes.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interest
• Withdraw consent: Withdraw consent for marketing communications at any time

To exercise these rights, email legal@senddeck.ai. We will respond within 30 days.

9. Cookies and Tracking

SendDeck uses essential cookies for authentication and session management. We do not use third-party advertising trackers or sell data to advertisers. Firebase Authentication uses cookies to maintain your login session. No cookie consent banner is required as we only use strictly necessary cookies.

10. International Data Transfers

SendDeck is hosted on Google Cloud Platform in the United States. If you are located outside the US, your data will be transferred to and processed in the US. We rely on Google Cloud's compliance certifications (SOC 2, ISO 27001) and standard contractual clauses where required.

11. Children's Privacy

SendDeck is not intended for users under 18. We do not knowingly collect information from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent revision.

13. Contact

For privacy questions or data requests, contact us at legal@senddeck.ai.