1. Introduction

This Privacy Policy describe show SendUpdates.ai ("Company," "we," "us," or"our") collects, uses, discloses, and protects information obtained through our automated email workflow platform and related services (collectively, the "Services"). By using our Services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect: name, email address, company name, job title, and password credentials.

2.2 Integration Data

When you connect third-party services (such as Stripe, QuickBooks, Mercury, HubSpot, or Google Sheets), we collect data from those services as authorized by you, including: financial metrics, transaction data, customer information, project data, team communications, and other business information necessary to generate your communications.

2.3 User Content

We collect content you create, upload, or transmit through the Services, including: draft communications, templates, recipient lists, and customization preferences.

2.4 Usage Information

We automatically collect: IP address, browser type, device information, pages visited, features used, timestamps, and interaction patterns.

2.5 Communication Data

We collect information about communications sent through the Services, including: delivery status, open rates, click rates, and recipient engagement metrics.

3. How We Use Your Information

We use collected information to: (a) provide, maintain, and improve the Services; (b) process your requests and transactions; (c) generate AI-powered content and recommendations; (d) send transactional communications and service updates; (e) analyze usage patterns and optimize performance; (f) detect and prevent fraud, abuse, and security incidents; (g) comply with legal obligations; and (h) develop new features and services.

4. AI Processing and Third-Party Services

4.1 AI Service Providers

To provide AI-powered features, we share necessary data with the following service providers: (a) OpenAI,L.L.C. — OpenAI processes data under their API Data Usage Policy, which provides: zero data retention for API customers; no use of API data for training models; data processed in accordance with their security practices.(b) Anthropic, PBC — Anthropic processes data under their Commercial APITerms, which provide: no training on customer data; limited retention for safety monitoring only; enterprise-grade security controls.

4.2 Subprocessor List

A complete list of our sub processors is maintained at sendupdates.ai. We will provide at least 30 days' notice before adding new sub processors that process personal data. Enterprise customers may object to new sub processors.

4.3 Data Protection in AI Processing

When your data is processed through AI systems: (a) data is transmitted using TLS 1.3 encryption; (b) your data is not used to train third-party AI models; (c) AI outputs are returned exclusively to you; (d) we do not share your unencrypted content with third parties except as necessary to provide the Services.

5. Anonymized and Aggregated Data

We may create anonymized and aggregated data from your information. "Anonymized Data" means data that has been de-identified in accordance with NIST Special Publication800-188 or equivalent standards, such that: (i) all direct identifiers have been removed; (ii) quasi-identifiers have been generalized or suppressed; and (iii) the anonymization is not reasonably reversible. Anonymized Data is no longer considered personal information and may be used for any lawful purpose, including: analytics, benchmarking, research, product development, and sharing with third parties. Upon request, we will provide documentation of our anonymization methodology.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share information with: (a) Service Providers —third parties who perform services on our behalf, subject to confidentiality obligations; (b) Business Transfers — in connection with a merger, acquisition, or sale of assets; (c) Legal Requirements — when required by law, regulation, or legal process; (d) Protection of Rights — to protect our rights, privacy, safety, or property, or that of others; (e) WithYour Consent — for any other purpose with your explicit consent.

7. Data Security

We implement appropriate technical and organizational measures to protect your information, including:(a) encryption in transit (TLS 1.3) and at rest (AES-256); (b) access controls and authentication mechanisms; (c) regular security assessments; (d) employee security training; (e) incident response procedures. No system is completely secure, and we cannot guarantee absolute security of your data.

8. Data Retention

We retain your information for as long as your account is active or as needed to provide Services. After account termination, we will delete your User Content within 90 days, except:(a) as required by law; (b) for legitimate business purposes (such as resolving disputes); (c) for Anonymized Data, which may be retained indefinitely.Integration credentials are deleted immediately upon disconnection.

9. Your Rights and Choices

Depending on your jurisdiction, you may have rights to: (a) access your personal information; (b) correcting accurate information; (c) delete your information; (d) object to or restrict processing; (e) data portability; (f) withdraw consent. To exercise these rights, contact us at privacy@sendupdates.ai. You may also: disconnect integrations at any time; update your account information; opt out of marketing communications; delete your account.

10. International Data Transfers

Your information may be transferred to and processed in the United States or other countries. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses approved by the European Commission. For more information, see our Data Processing Addendum.

11. California Privacy Rights

California residents have additional rights under the CCPA, including: the right to know what personal information is collected; the right to delete personal information; the right to opt out of the sale of personal information (we do not sell personal information);the right to non-discrimination. To exercise these rights, hello@sendupdates.ai.

12. European Privacy Rights

If you are in the European Economic Area, United Kingdom, or Switzerland, you have rights under the GDPR, including: access, rectification, erasure, restriction, portability, and objection. Our legal bases for processing include: contract performance, legitimate interests, and consent. You may lodge a complaint with your supervisory authority.

13. Children's Privacy

The Services are not directed to children under 16. We do not knowingly collect information from children. If we learn we have collected information from a child, we will delete it promptly.

14. Changes to This Policy

We may update this PrivacyPolicy from time to time. Material changes will be communicated via email or prominent notice. Your continued use after changes take effect constitutes acceptance.

15. Contact Us

For questions about thisPrivacy Policy or our data practices, contact us at:

SendUpdates.ai

Email: hello@sendupdates.ai