Privacy Policy

Last updated: April 9, 2026

Sendflo operates the platform at app.sendflo.io. This policy explains what information we collect, why we collect it, and how we use it.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, company name, and password. If you sign in through Google OAuth, we receive your name, email address, and profile picture from Google.

Contact Lists

When you upload contacts to Sendflo (via CSV, Excel, or manual entry), we store the data you provide. This typically includes names, phone numbers, email addresses, and any tags or custom fields you assign. It is your data; we process it on your behalf to deliver your campaigns.

Usage Data

We collect information about how you use the platform, including pages visited, features used, campaign performance metrics, and general interaction patterns. This helps us improve the product and troubleshoot issues.

Payment Information

When you purchase credits or subscribe to a plan, payment is processed by our payment provider. We do not store full credit card numbers on our servers. We retain transaction records including amounts, dates, and plan details for billing and accounting purposes.

Message Content

We temporarily process the content of messages you send through our platform in order to deliver them. We also store campaign templates and message drafts that you create within Sendflo.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Sendflo platform.
  • Deliver the messages and campaigns you create.
  • Process payments and manage your billing.
  • Send you service-related communications (account updates, billing notifications, security alerts).
  • Improve the platform based on usage patterns and feedback.
  • Power AI-assisted features such as content suggestions (your data is sent to our AI provider only for the purpose of generating the response you requested).
  • Detect, investigate, and prevent abuse, fraud, or violations of our terms.

We do not sell your personal information or your contact lists to anyone. Full stop.

3. Data Sharing and Third-Party Providers

To deliver our service, we share data with a limited set of third-party providers. Each provider only receives the data necessary for their function:

  • Meta (WhatsApp Business API): recipient phone numbers and message content, to deliver your WhatsApp messages.
  • Resend: recipient email addresses and message content, to deliver email campaigns.
  • Payment processor: payment details, to handle credit purchases and subscriptions.
  • Anthropic (Claude AI): prompts you submit, to power AI content features. We do not send your contact lists to Anthropic.
  • Railway and Vercel: our hosting providers. Your data sits on their infrastructure as part of running the platform.

We may also share information if required by law, in response to a valid legal process, or to protect the rights, safety, or property of Sendflo, our users, or others.

4. Your Contact Data

The contact lists you upload to Sendflo belong to you. We store and process your contacts only to deliver the services you use. We do not use them for our own marketing, and we do not share them with other Sendflo users or sell them to anyone.

As the data controller for your contacts, you are responsible for ensuring that you have the appropriate legal basis (such as consent) to send messages to the people on your lists and to share their data with a platform like Sendflo. For WhatsApp specifically, you must obtain valid opt-in consent from recipients before sending messages through Sendflo, in compliance with Meta's WhatsApp Business Policy.

5. Data Retention

We retain your account data for as long as your account is active. If you close your account, we will retain your data for up to 90 days to allow for account recovery or to resolve any outstanding issues, after which it will be deleted from our active systems.

Contact lists you upload can be deleted at any time from within the platform. When you delete contacts or request their deletion, we remove them from our active databases. Some data may persist in encrypted backups for a limited time, but it will not be used or accessed unless required for disaster recovery.

We may retain anonymized, aggregated data (such as total message volumes or feature usage statistics) indefinitely, as this data cannot be used to identify any individual.

6. Your Rights

Depending on where you are located, you may have the following rights regarding your personal data:

  • Access — You can request a copy of the personal data we hold about you.
  • Correction — You can ask us to correct inaccurate or incomplete information.
  • Deletion — You can request that we delete your personal data, subject to legal retention requirements.
  • Data portability — You can request your data in a structured, commonly used format.
  • Objection — You can object to certain types of processing where applicable.

To request data deletion, visit app.sendflo.io/data-deletion or email us at support@sendflo.io. We will respond within 30 days.

7. Security

We use reasonable security measures to protect your data: TLS encryption in transit, secure credential storage, and access controls that limit who on our team can reach it.

No system is perfectly secure. While we take data protection seriously and invest in it continuously, we cannot guarantee absolute security. If we become aware of a data breach that affects your personal information, we will notify you and any applicable regulatory authorities as required by law.

8. Cookies and Analytics

We use cookies and similar technologies for essential platform functionality (such as keeping you logged in) and basic usage analytics (such as understanding which features are most used). We do not use cookies for cross-site advertising or tracking.

You can manage cookie preferences through your browser settings. Disabling cookies may affect the functionality of the platform.

9. Children's Privacy

Sendflo is a business platform and is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe that a minor has provided us with personal data, please contact us at support@sendflo.io and we will promptly delete it.

10. International Data Transfers

Sendflo's infrastructure is hosted on Railway (United States) and Vercel (United States). WhatsApp messages are processed through Meta's servers. By using our platform, you acknowledge that your data may be transferred to and processed in countries other than your own. Data transfers are governed by standard contractual clauses where applicable, and we take steps to ensure that any such transfers are conducted with appropriate safeguards in place.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the platform. The "Last updated" date at the top of this page reflects the most recent revision. Your continued use of Sendflo after changes take effect constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy, want to exercise your data rights, or have any concerns about how we handle your information, contact us at support@sendflo.io.