Effective date: January 7, 2026
This Privacy Policy explains how SendPromptly (“we,” “us,” or “our”) collects, uses, discloses, and retains information when you use our marketing website, dashboard, and API.
We are designed for small SaaS teams. We collect the minimum data needed to operate the service, and we try to explain our practices in plain language.
1. What we collect
Account information
When you register, we collect your name, email address, organization name, and password (stored as a hash — we never see your actual password).
Billing information
When you subscribe, billing is handled by Stripe. We store references such as a Stripe customer ID, subscription ID, and billing status. We do not store card numbers, CVV, or raw payment credentials. Those stay with Stripe.
Service usage data
To operate the service, we store the payment event identifiers and metadata your application sends us — event type, effect type, your internal reference, and status outcomes. By default we do not store raw webhook payload content unless you explicitly enable payload snapshots on a project. When enabled, snapshots are encrypted at rest and purged after 30 days.
API request metadata
We log API request metadata (timestamps, response codes, project identifiers) for security, debugging, and quota tracking. We do not log full request or response bodies by default.
Support communications
If you contact us for support, we retain that correspondence.
Website analytics
Our marketing website uses analytics tools, including Google Analytics, to understand traffic and improve the site. These tools may collect your IP address, browser and device information, pages visited, and session duration. This data is processed by Google in accordance with Google’s privacy terms.
2. How we use your information
We use the information we collect to:
- create and maintain your account;
- process payments and manage your subscription;
- provide incident detection, alerting, and reprocess functionality;
- send transactional emails (incident alerts, account notifications);
- troubleshoot issues and respond to support requests;
- detect abuse and enforce our Terms of Service;
- improve the product and marketing website;
- comply with legal and accounting obligations.
We do not use your information to send marketing email without consent, and we do not sell your information to third parties.
3. Third-party providers
We share information with the following providers to operate the service. A full list is available on our Subprocessors page.
| Provider | Purpose | What is shared |
|---|---|---|
| Stripe | Payments and subscriptions | Billing contact and subscription data |
| OVHcloud | Application and database hosting | All application and database data |
| Brevo | Transactional email delivery | Email addresses and email content |
| Google Analytics | Website traffic measurement | IP address, browser, device, and page data |
These providers process data on our behalf under their own privacy and security commitments. We do not authorize them to use your data for their own marketing purposes.
4. Cookies
Our marketing website uses cookies and similar technologies for:
- Strictly necessary: authentication, security, and session management. These cannot be disabled without breaking core functionality.
- Analytics: understanding site traffic and usage patterns. These may be subject to consent requirements in your jurisdiction.
- Payments: Stripe may set cookies on billing pages for secure checkout and fraud prevention.
You can control cookies through your browser settings. Blocking strictly necessary cookies will affect site and dashboard functionality. For more detail, see our Cookie Policy.
5. Data retention
We retain your data for as long as necessary to provide the service and meet legal or accounting obligations.
| Data type | Retention |
|---|---|
| Account and organization data | Duration of account, then deleted on request |
| Billing records | Retained for legal and accounting purposes after cancellation |
| Event metadata | 12 months from creation |
| Encrypted payload snapshots | 30 days from creation (when enabled) |
| Audit log | 12 months |
| Support communications | Until no longer needed for support purposes |
| Website analytics | Per Google Analytics retention settings |
6. Security
We use reasonable technical and organizational safeguards to protect your information, including HTTPS enforcement, API key hashing, encrypted payload snapshots, signed webhook verification, and access controls.
No system is completely secure. You are responsible for keeping your account credentials and API keys secure. Rotate API keys if you suspect exposure.
7. International data transfers
Our infrastructure is hosted on OVHcloud. Depending on the OVHcloud region used, your data may be processed outside your home jurisdiction. Other providers such as Stripe and Google operate globally. We rely on those providers’ transfer mechanisms where applicable.
8. Your rights
Depending on where you are located, you may have rights under privacy law including:
- Access: request a copy of the personal information we hold about you.
- Correction: ask us to correct inaccurate information.
- Deletion: request deletion of your account and personal data.
- Restriction or objection: ask us to limit certain processing.
- Data portability: receive your data in a structured format.
- Withdraw consent: where processing is based on consent.
To exercise any of these rights, email us at [email protected]. We will respond within a reasonable time. We may need to verify your identity before acting on requests.
We aim to apply these rights practically regardless of your jurisdiction, not only where legally compelled.
9. Children’s privacy
SendPromptly is not directed at children under 16. We do not knowingly collect personal information from children.
10. Updates to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy with a new effective date. Continued use of the service after the updated policy is posted means you accept the changes.
11. Contact
For privacy questions or requests:
- Email:
[email protected] - Website:
https://sendpromptly.com