Privacy
Policy.
We built privacy into the infrastructure, not the policy. BYOC sends zero email content to our servers - by architecture, not by promise. Here's exactly what we collect, why, and what you can do about it.
Who We Are
SendFleet ("we", "us", "our") is a transactional email API service operated at sendfleet.net. We provide developers with infrastructure to send transactional email - either through your own AWS SES account (BYOC) or through our managed infrastructure (Growth/Pro).
This Privacy Policy explains what data we collect when you use SendFleet, how we use it, and the choices you have. By creating an account or using the API, you agree to this policy.
Data We Collect
We collect data in two contexts: directly from you at registration, and automatically when your application uses the API.
Account data
| Field | Why | Required? |
|---|---|---|
| Email address | Authentication, identity, service communications | Yes |
| Display name | Personalisation inside the dashboard | No |
| Password (hashed) | Authentication - never stored in plaintext | Yes |
| Account creation date | Audit trail and support | Auto |
API usage data (Shared SES only)
| Field | Why |
|---|---|
| Sender name & email | Forming the outbound From header |
| Subject line | Passed through to email; stored in your log |
| Message body | Passed through to email; stored in your log |
| Request timestamp | Log ordering, usage calculation, rate-limit enforcement |
| Delivery status | Displayed in your dashboard; used for retry logic |
| Message ID | Returned in the API response for delivery tracking |
Technical / infrastructure data
API requests may generate standard HTTP metadata (IP address, User-Agent) used for rate-limiting, abuse prevention, and debugging. This is not linked to email content and is not retained beyond 30 days.
How We Use Your Data
- Authenticate you and authorise API requests against your account.
- Route and deliver transactional emails initiated via the API.
- Maintain your email log - a history visible only to you in the dashboard.
- Calculate monthly usage against your plan limit.
- Send essential service communications - security alerts, policy updates. We do not send marketing email without opt-in.
- Improve the reliability and performance of the service.
- We load web fonts from Google Fonts (fonts.googleapis.com) for typographic consistency. Google receives the requesting IP address as part of standard CDN operation. We do not control Google's data processing for this service.
API Key Security
API keys are your primary credentials for the send endpoint. We take their security seriously at the implementation level.
- Keys are SHA-512 hashed before storage and are not retrievable after creation.
- Lookup uses an 8-character prefix. The prefix alone cannot send emails - the full hash verification is always performed on every request.
- Revoke any key instantly from the dashboard. Revocation propagates within 2 minutes via Redis cache.
- Keys support expiry dates. Expired keys are automatically refused.
- All actions under your API keys are your responsibility, whether or not you authorised them.
Email Processing
SendFleet acts as a data processor for email content submitted through the API. You are the data controller and are responsible for the content and recipient data you submit.
Shared SES path (Growth / Pro)
Email content is queued in AWS SQS, delivered via our managed SES account, and written to your email log. Bounce and complaint events from SES SNS are processed and written to your dashboard. All content is stored for 90 days and then purged. If attachments are included, they are temporarily staged in AWS S3 for the duration of delivery and deleted immediately afterward - they are never written to our database.
BYOC path (Starter / BYOC plan)
we assumes your IAM role using temporary STS credentials (15-minute session) with your ExternalId. It dispatches directly to your SES. No email content is written anywhere on our infrastructure. Only a monthly send counter is incremented. Your SES logs and CloudWatch are the source of truth. Attachments on BYOC sends are also staged transiently in S3 (isolated per-request, deleted immediately after delivery) - no attachment data persists on our servers.
Data Retention
| Data type | Retention period |
|---|---|
| Account info | Until account deleted, or 12 months after last login (inactive free) |
| Email logs (Shared SES) | Rolling 90 days; deletable on request |
| API keys (hashed) | Until revoked; revoked records purged after 30 days |
| Usage counters | Monthly aggregates retained 24 months |
| HTTP request logs | 30 days (rate-limiting / abuse only) |
| BYOC email content | Never stored - zero retention by architecture |
| Email attachments | Staged in S3 for delivery only; deleted immediately after successful dispatch (no persistent storage) |
When you delete your account, all associated email logs, API keys, and usage records are scheduled for permanent deletion within 30 days.
Third-Party Services
| Provider | Purpose | Data shared |
|---|---|---|
| AWS SES | Email delivery (Shared SES path) | Sender, recipient, subject, body |
| AWS S3 | Transient attachment staging during delivery | Attachment content (deleted immediately after delivery; never written to our DB) |
| AWS SQS + Lambda | Async email queueing and processing | Full email payload (Shared path only) |
| AWS STS | Temporary credential issuance for BYOC | IAM Role ARN, ExternalId (no email content) |
| Paddle | Payment processing and subscription management | Email address, payment details |
| Cloud host (Render/Railway) | Infrastructure and database hosting | All persisted data within our secured DB |
| Redis (Upstash) | Rate-limiting, usage caching, session cache | Rate limit counters, usage counts |
| Google Fonts | Font delivery | User IP address on page load. |
We do not use advertising networks or third-party behavioural advertising systems.
Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access - Request a copy of the personal data we hold about you.
- Correction - Ask us to correct inaccurate or incomplete data.
- Deletion - Request erasure of your account and associated data (also available self-serve in the dashboard).
- Portability - Receive your email log data in a machine-readable format.
- Objection / Restriction - Object to certain processing or request restriction while a dispute is resolved.
- Withdrawal of consent - Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, email [email protected]. We aim to respond within 14 days. We may need to verify your identity first. If you feel we haven't addressed your concern, you have the right to lodge a complaint with your local data protection authority.
Cookies & Tracking
| Cookie | Purpose | Duration |
|---|---|---|
sessionid | Authenticated dashboard session | Session / 2 weeks |
csrftoken | CSRF protection on form submissions | 1 year (value rotated) |
We may use analytics (e.g. Google Analytics) to understand aggregate product usage, diagnose issues, and improve the service. Analytics data is never used for personalised advertising. You can disable cookies in your browser settings, though doing so will prevent dashboard access.
Children's Privacy
SendFleet is a developer API service and is not directed at children under 16. We do not knowingly collect personal data from minors. If you believe a minor has registered an account, contact us immediately at [email protected] and we will delete the account promptly.
Changes to This Policy
We may update this Privacy Policy as SendFleet evolves. For material changes we will:
- Update the "Last reviewed" date at the top of this page.
- Email all registered accounts at least 14 days before changes take effect.
- Where required by law, request your explicit re-acceptance.
Continued use of SendFleet after the effective date constitutes acceptance of the updated policy.
Contact Us
Questions about this Privacy Policy, data access requests, or concerns: