Legal
Terms and Conditions
Effective Date: January 29, 2026
1. Agreement to Terms
These Terms of Service("Terms") constitute a legally binding agreement between you("User," "you," or "your") and SendUpdates.ai ("Company," "we," "us," or "our") governing your access to and use of our automated email workflow platform and related services (collectively, the "Services"). By accessing or using the Services, you agree to be bound by these Terms. If you are using theServices on behalf of an organization, you represent that you have authority to bind that organization to these Terms. Enterprise customers may be subject to additional terms set forth in an Enterprise Addendum.
2. Description of Services
SendUpdates.ai provides an automated email workflow platform that connects to third-party business tools and services (including but not limited to Stripe, QuickBooks, Mercury,HubSpot, Google Sheets, and similar platforms) to help users generate investor updates, stakeholder communications, and other business correspondence using artificial intelligence and machine learning technologies.
3. Account Registration and Security
You must register for an account to use certain features of the Services. You agree to: (a) provide accurate, current, and complete registration information; (b) maintain the security of your password and account credentials; (c) promptly update your account information as needed; and (d) accept responsibility for all activities that occur under your account. You must notify us immediately of any unauthorized access or security breach.
4. User Content and Data
4.1 Your Content
"User Content" means any data, text, information, or other materials you submit, upload, or make available through the Services, including data obtained from your connected third-party integrations. You retain all ownership rights in your User Content.
4.2 License to User Content
By using the Services, you grant us a worldwide, non-exclusive, royalty-free license to use, process, store, and transmit your User Content solely for the purpose of providing and improving the Services. This license includes the right to process your UserContent through AI and machine learning systems, including large language models operated by us or our service providers.
4.3 Anonymized Data License
You grant us an unrestricted, perpetual, irrevocable, worldwide, royalty-free, fully-paid, sub licensable license to create, use, modify, distribute, sell, license, and otherwise exploit Anonymized Data derived from your User Content and usage of the Services."Anonymized Data" means data that has been de-identified in accordance with NIST Special Publication 800-188 or equivalent standards, such that: (i) all direct identifiers (names, email addresses, account numbers) have been removed; (ii) quasi-identifiers have been generalized or suppressed to prevent re-identification; and (iii) the anonymization is not reasonably reversible using available technology. Anonymized Data is not considered UserContent or Confidential Information, and we may use it for any lawful purpose, including: (a) developing, improving, and training our AI models and algorithms; (b) creating benchmarks, analytics, and industry reports; (c)developing new products and services; (d) marketing and business development; and (e) sharing with third parties without restriction. Upon request, we will provide documentation of our anonymization methodology.
4.4 Feedback
If you provide suggestions, ideas, feedback, or recommendations regarding the Services("Feedback"), you grant us a perpetual, irrevocable license to use and incorporate such Feedback into the Services without any obligation to you.
5. Third-Party Integrations
5.1 Authorization
When you connect third-party services to SendUpdates.ai, you authorize us to access and retrieve data from those services on your behalf. You represent that you have all necessary rights and permissions to grant us such access and that your use of such integrations complies with the terms of service of each third-party provider.
5.2 Third-Party Terms
Your use of third-party services is governed by the terms and policies of those third parties. We are not responsible for the practices, content, or availability of third-party services. You acknowledge that third-party integrations may be modified, suspended, or discontinued at any time.
6. Data Security Commitments
6.1 Encryption Standards
We commit to maintaining the following security measures: (a) All data transmitted between your systems, third-party integrations, and our Services is encrypted using TLS 1.3 or equivalent industry-standard encryption; (b) All data stored within our systems is encrypted at rest using AES-256 encryption or equivalent; (c) Authentication credentials and API tokens for your connected services are encrypted and stored in isolated, secure environments with strict access controls.
6.2 AI Processing Protections
When your data is processed through large language models (LLMs) or other AI systems: (a) Your User Content is transmitted to AI providers using encrypted connections; (b) Your data is processed in isolated sessions and is not used to train third-party AI models;(c) We do not share, sell, or disclose your unencrypted User Content to any third party except as necessary to provide the Services or as required by law;(d) AI processing outputs are returned exclusively to you and are treated as your User Content.
6.3 AI Subprocessors
We use the following AI service providers as sub processors: (a) OpenAI, L.L.C. — for natural language processing and content generation. OpenAI processes data under their API DataUsage Policy, which specifies zero data retention for API customers and no use of API data for model training; (b) Anthropic, PBC — for natural language processing and content generation. Anthropic processes data under their Commercial API terms, which specify no training on customer data and limited retention for abuse monitoring. A current list of all sub processors is maintained at Sendupdates.ai. We will provide at least 30 days' notice before adding new sub processors, and enterprise customers may object to new sub processors as described in our Data Processing Addendum.
6.4 Data Minimization
We collect and process only the minimum data necessary to provide the Services. We do not access data from your connected integrations beyond what is required to generate and deliver your communications.
7. Prohibited Uses
You agree not to: (a) use theServices for any unlawful purpose or in violation of any applicable laws; (b)attempt to gain unauthorized access to any part of the Services or related systems; (c) interfere with or disrupt the integrity or performance of theServices; (d) use the Services to transmit malicious code, spam, or harmful content; (e) reverse engineer, decompile, or attempt to extract source code from the Services; (f) use the Services to generate content that is defamatory, fraudulent, or violates third-party rights; or (g) resell, sublicense, or provide access to the Services to third parties without our written consent.
8. Intellectual Property
The Services, including all software, algorithms, designs, documentation, and related intellectual property, are owned by us or our licensors. These Terms do not grant you any rights to our intellectual property except the limited license to use the Services as provided herein. All AI-generated content created through your use of theServices is owned by you, subject to any underlying intellectual property rights of third parties.
9. Payment Terms
Certain features of theServices require payment. You agree to pay all applicable fees as described on our pricing page or in your order form. Fees are non-refundable except as required by law or as expressly stated in these Terms. We may change our fees upon 30 days' notice. Continued use after a price change constitutes acceptance of the new fees.
10. Term and Termination
10.1 Term
These Terms remain in effect until terminated by either party.
10.2 Termination by You
You may terminate your account at any time by contacting us or using the account deletion feature in theServices.
10.3 Termination by Us
We may suspend or terminate your access to the Services at any time for any reason, including breach of these Terms, with or without notice.
10.4 Effect of Termination
Upon termination: (a) your right to use the Services immediately ceases; (b) we will delete your UserContent within 90 days, except as required to comply with legal obligations or as permitted for Anonymized Data; (c) any provisions that by their nature should survive will continue in effect, including Sections 4.3, 8, 11, 12, 13, and 14.
11. Disclaimers
THE SERVICES ARE PROVIDED "AS IS" AND"AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED,INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. WE DO NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE. AI-GENERATED CONTENT MAY CONTAIN ERRORS, INACCURACIES, OR INAPPROPRIATE MATERIAL. YOU ARE SOLELY RESPONSIBLE FOR REVIEWING AND APPROVING ALL CONTENT BEFORE SENDING. WE MAKE NO REPRESENTATIONS ABOUT THE ACCURACY, RELIABILITY, OR COMPLETENESS OF ANYAI-GENERATED OUTPUT. TO THE EXTENT PERMITTED BY APPLICABLE LAW, WE DISCLAIM ALL LIABILITY FOR DAMAGES ARISING FROM YOUR RELIANCE ON AI-GENERATED CONTENT.
12. Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, INNO EVENT SHALL WE BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL,CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, DATA, BUSINESS OPPORTUNITIES, OR GOODWILL, ARISING OUT OF OR RELATED TO YOUR USE OF THE SERVICES. OUR TOTAL CUMULATIVE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICES SHALL NOT EXCEED THE GREATER OF (A) THE AMOUNTS YOU PAID TO US IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM OR (B) ONE HUNDRED DOLLARS ($100). THESE LIMITATIONS APPLY REGARDLESS OF THE THEORY OF LIABILITY AND EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
13. Indemnification
You agree to indemnify, defend, and hold harmless the Company and its officers, directors, employees, agents, and affiliates from any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from: (a) your use of the Services; (b) your User Content; (c) your violation of these Terms; (d)your violation of any third-party rights; or (e) your violation of any applicable laws.
14. General Provisions
14.1 Governing Law and Jurisdiction
These Terms are governed by the laws of the State of Delaware, without regard to conflict of law principles.Any disputes shall be resolved exclusively in the state or federal courts located in Delaware, and you consent to the personal jurisdiction of such courts.
14.2 Dispute Resolution
Before initiating any legal proceeding, you agree to first contact us and attempt to resolve the dispute informally for at least 30 days. If the dispute is not resolved, either party may proceed with formal dispute resolution.
14.3 Modifications
We may modify these Terms at any time by posting updated Terms on our website. Material changes will be communicated via email or prominent notice within the Services. Your continued use after changes take effect constitutes acceptance of the modified Terms.
14.4 Assignment
You may not assign or transfer these Terms without our prior written consent. We may assign these Terms without restriction.
14.5 Severability
If any provision of these Terms is found unenforceable, that provision will be modified to the minimum extent necessary, and the remaining provisions will continue in full force.
14.6 Entire Agreement
These Terms, together with ourPrivacy Policy, Data Processing Addendum, and any applicable order forms, constitute the entire agreement between you and us regarding the Services and supersede all prior agreements and understandings.
14.7 Waiver
Our failure to enforce any right or provision of these Terms shall not constitute a waiver of such right or provision.
15. Contact Information
For questions about theseTerms, please contact us at:
SendUpdates.ai
Email: hello@sendupdates.ai
Privacy Policy
1. Introduction
This Privacy Policy describe show SendUpdates.ai ("Company," "we," "us," or"our") collects, uses, discloses, and protects information obtained through our automated email workflow platform and related services (collectively, the "Services"). By using our Services, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Account Information
When you create an account, we collect: name, email address, company name, job title, and password credentials.
2.2 Integration Data
When you connect third-party services (such as Stripe, QuickBooks, Mercury, HubSpot, or Google Sheets), we collect data from those services as authorized by you, including: financial metrics, transaction data, customer information, project data, team communications, and other business information necessary to generate your communications.
2.3 User Content
We collect content you create, upload, or transmit through the Services, including: draft communications, templates, recipient lists, and customization preferences.
2.4 Usage Information
We automatically collect: IP address, browser type, device information, pages visited, features used, timestamps, and interaction patterns.
2.5 Communication Data
We collect information about communications sent through the Services, including: delivery status, open rates, click rates, and recipient engagement metrics.
3. How We Use Your Information
We use collected information to: (a) provide, maintain, and improve the Services; (b) process your requests and transactions; (c) generate AI-powered content and recommendations; (d) send transactional communications and service updates; (e) analyze usage patterns and optimize performance; (f) detect and prevent fraud, abuse, and security incidents; (g) comply with legal obligations; and (h) develop new features and services.
4. AI Processing and Third-Party Services
4.1 AI Service Providers
To provide AI-powered features, we share necessary data with the following service providers: (a) OpenAI,L.L.C. — OpenAI processes data under their API Data Usage Policy, which provides: zero data retention for API customers; no use of API data for training models; data processed in accordance with their security practices.(b) Anthropic, PBC — Anthropic processes data under their Commercial APITerms, which provide: no training on customer data; limited retention for safety monitoring only; enterprise-grade security controls.
4.2 Subprocessor List
A complete list of our sub processors is maintained at sendupdates.ai. We will provide at least 30 days' notice before adding new sub processors that process personal data. Enterprise customers may object to new sub processors.
4.3 Data Protection in AI Processing
When your data is processed through AI systems: (a) data is transmitted using TLS 1.3 encryption; (b) your data is not used to train third-party AI models; (c) AI outputs are returned exclusively to you; (d) we do not share your unencrypted content with third parties except as necessary to provide the Services.
5. Anonymized and Aggregated Data
We may create anonymized and aggregated data from your information. "Anonymized Data" means data that has been de-identified in accordance with NIST Special Publication800-188 or equivalent standards, such that: (i) all direct identifiers have been removed; (ii) quasi-identifiers have been generalized or suppressed; and (iii) the anonymization is not reasonably reversible. Anonymized Data is no longer considered personal information and may be used for any lawful purpose, including: analytics, benchmarking, research, product development, and sharing with third parties. Upon request, we will provide documentation of our anonymization methodology.
6. Data Sharing and Disclosure
We do not sell your personal information. We may share information with: (a) Service Providers —third parties who perform services on our behalf, subject to confidentiality obligations; (b) Business Transfers — in connection with a merger, acquisition, or sale of assets; (c) Legal Requirements — when required by law, regulation, or legal process; (d) Protection of Rights — to protect our rights, privacy, safety, or property, or that of others; (e) WithYour Consent — for any other purpose with your explicit consent.
7. Data Security
We implement appropriate technical and organizational measures to protect your information, including:(a) encryption in transit (TLS 1.3) and at rest (AES-256); (b) access controls and authentication mechanisms; (c) regular security assessments; (d) employee security training; (e) incident response procedures. No system is completely secure, and we cannot guarantee absolute security of your data.
8. Data Retention
We retain your information for as long as your account is active or as needed to provide Services. After account termination, we will delete your User Content within 90 days, except:(a) as required by law; (b) for legitimate business purposes (such as resolving disputes); (c) for Anonymized Data, which may be retained indefinitely.Integration credentials are deleted immediately upon disconnection.
9. Your Rights and Choices
Depending on your jurisdiction, you may have rights to: (a) access your personal information; (b) correcting accurate information; (c) delete your information; (d) object to or restrict processing; (e) data portability; (f) withdraw consent. To exercise these rights, contact us at privacy@sendupdates.ai. You may also: disconnect integrations at any time; update your account information; opt out of marketing communications; delete your account.
10. International Data Transfers
Your information may be transferred to and processed in the United States or other countries. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses approved by the European Commission. For more information, see our Data Processing Addendum.
11. California Privacy Rights
California residents have additional rights under the CCPA, including: the right to know what personal information is collected; the right to delete personal information; the right to opt out of the sale of personal information (we do not sell personal information);the right to non-discrimination. To exercise these rights, hello@sendupdates.ai.
12. European Privacy Rights
If you are in the European Economic Area, United Kingdom, or Switzerland, you have rights under the GDPR, including: access, rectification, erasure, restriction, portability, and objection. Our legal bases for processing include: contract performance, legitimate interests, and consent. You may lodge a complaint with your supervisory authority.
13. Children's Privacy
The Services are not directed to children under 16. We do not knowingly collect information from children. If we learn we have collected information from a child, we will delete it promptly.
14. Changes to This Policy
We may update this PrivacyPolicy from time to time. Material changes will be communicated via email or prominent notice. Your continued use after changes take effect constitutes acceptance.
15. Contact Us
For questions about thisPrivacy Policy or our data practices, contact us at:
SendUpdates.ai
Email: hello@sendupdates.ai
Data Processing Addendum
1. Introduction and Scope
This Data Processing Addendum("DPA") forms part of the Terms of Service or other written agreement(the "Agreement") between SendUpdates.ai ("Processor" or"Company") and the entity agreeing to these terms ("Controller"or "Customer") for the provision of the Services.
This DPA applies to the extentthat the Processor processes Personal Data on behalf of the Controller inconnection with the Services, and such processing is subject to Data ProtectionLaws. This DPA is designed to ensure compliance with the General DataProtection Regulation (EU) 2016/679 ("GDPR"), the UK General DataProtection Regulation, the California Consumer Privacy Act ("CCPA"),and other applicable data protection legislation (collectively, "DataProtection Laws").
2. Definitions
"Personal Data" means any information relating to an identified or identifiable natural person that is processed by the Processor on behalf of the Controller in connection with the Services.
"Processing" means any operation performed on Personal Data, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.
"Sub processor" means any third party engaged by the Processor to process Personal Data on behalf of the Controller.
"Data Subject" means an identified or identifiable natural person whose Personal Data is processed.
"SecurityIncident" means any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.
3. Processor Obligations
The Processor agrees to: (a)process Personal Data only on documented instructions from the Controller, unless required by law; (b) ensure that persons authorized to process PersonalData are bound by confidentiality obligations; (c) implement appropriate technical and organizational security measures; (d) assist the Controller in responding to Data Subject requests; (e) assist the Controller in ensuring compliance with security, breach notification, and impact assessment obligations; (f) delete or return Personal Data upon termination, atController's choice; (g) make available information necessary to demonstrate compliance and allow for audits.
4. Details of Processing
4.1 Subject Matter and Duration
The Processor will processPersonal Data for the duration of the Agreement to provide the Services as described therein.
4.2 Nature and Purpose of Processing
The Processor will processPersonal Data for the purpose of: (a) providing the Services, includingAI-powered email generation and workflow automation; (b) storing and transmitting data through connected third-party integrations; (c) generating insights and analytics to deliver Service features; and (d) providing customer support.
4.3 Types of Personal Data
Personal Data processed may include: names, email addresses, job titles, company information, professional communications, financial metrics, project data, and other business-related information provided through the Services or connected integrations.
4.4 Categories of Data Subjects
Data Subjects include:Controller's employees, contractors, customers, investors, stakeholders, and other individuals whose data is processed through the Services.
5. Security Measures
The Processor implements and maintains appropriate technical and organizational measures to protect PersonalData, including: (a) encryption of Personal Data in transit (TLS 1.3) and at rest (AES-256); (b) access controls and authentication mechanisms; (c) regular security assessments and penetration testing; (d) employee security training and confidentiality agreements; (e) incident response and business continuity procedures; (f) physical security of data centers; and (g) secure development practices.
6. Subprocessors
6.1 Authorization
The Controller provides general authorization for the Processor to engage Sub processors to process PersonalData, subject to the requirements of this Section 6.
6.2 Current Sub processors
The current list of Sub processors is available at sendupdates.ai and includes:
OpenAI, L.L.C. (United States) — AI processing for content generation. Zero data retention for API customers; no training on customer data.
Anthropic, PBC (United States) — AI processing for content generation. No training on customer data; limited retention for safety monitoring.
6.3 Notification of Changes
The Processor will provide at least 30 days' notice before adding or replacing Sub processors. The Controller may object to a new Sub processor by notifying the Processor in writing within14 days. If the objection is not resolved, the Controller may terminate the affected Services.
6.4 Subprocessor Obligations
The Processor will enter into written agreements with each Sub processor imposing data protection obligations no less protective than those in this DPA. The Processor remains liable for the acts and omissions of its Sub processors.
7. International Data Transfers
7.1 Transfer Mechanisms
To the extent that Processing involves the transfer of Personal Data from the European Economic Area("EEA"), United Kingdom, or Switzerland to countries not recognized as providing adequate data protection, the Processor will ensure appropriate safeguards are in place, including: (a) Standard Contractual Clauses("SCCs") approved by the European Commission (Commission ImplementingDecision (EU) 2021/914); (b) The UK International Data Transfer Addendum to theEU SCCs; and (c) Any successor transfer mechanisms approved by relevant supervisory authorities.
7.2 Standard Contractual Clauses
The parties agree that the EUSCCs are hereby incorporated by reference into this DPA. For transfers from theEEA: Module Two (Controller to Processor) shall apply; the Controller is the"data exporter" and the Processor is the "data importer";Clause 7 (Docking Clause) is included; Option 2 of Clause 9(a) applies with 30days' notice for Subprocessor changes; Option 1 of Clause 11(a) is excluded;Clause 17 Option 1 applies with Irish law governing; and Clause 18(b) specifiesIreland as the forum for disputes.
7.3 UK Transfers
For transfers from the UnitedKingdom, the UK International Data Transfer Addendum ("UK Addendum")to the EU SCCs is incorporated. The UK Addendum modifies the EU SCCs as necessary to ensure compliance with UK data protection law.
8. Data Subject Rights
The Processor will assist the Controller in fulfilling its obligations to respond to Data Subject requests to exercise their rights under Data Protection Laws, including rights of access, rectification, erasure, restriction, data portability, and objection. TheProcessor will promptly notify the Controller of any Data Subject request received directly and will not respond except on Controller's instructions.
9. Security Incidents
The Processor will notify theController without undue delay, and in any event within 72 hours, upon becoming aware of a Security Incident affecting Personal Data. The notification will include: (a) nature of the incident; (b) categories and approximate number ofData Subjects affected; (c) likely consequences; (d) measures taken or proposed to address the incident. The Processor will cooperate with the Controller in investigating and mitigating the incident.
10. Data Protection Impact Assessments
The Processor will provide reasonable assistance to the Controller in conducting data protection impact assessments and prior consultations with supervisory authorities, to the extent required under Data Protection Laws and relating to the Processing of PersonalData under this DPA.
11. Audits
Upon reasonable request and subject to confidentiality obligations, the Processor will make available information necessary to demonstrate compliance with this DPA. The Controller may conduct an audit, or engage a third-party auditor, no more than once per year with at least 30 days' notice. Alternatively, the Processor may provide aSOC 2 Type II report or equivalent certification to satisfy audit requirements.
12. Data Deletion and Return
Upon termination of theAgreement, the Processor will, at Controller's choice, delete or return allPersonal Data within 90 days, except to the extent retention is required bylaw. The Processor will certify deletion upon Controller's request.
13. CCPA Provisions
To the extent the CCPA applies:(a) the Processor is a "Service Provider" as defined by the CCPA; (b)the Processor will not sell Personal Data; (c) the Processor will not retain, use, or disclose Personal Data except as necessary to perform the Services or as otherwise permitted by the CCPA; (d) the Processor will comply with applicable CCPA requirements and assist the Controller in responding to consumer requests.
14. General Provisions
This DPA is governed by the laws specified in the Agreement, except to the extent Data Protection Laws require otherwise. In the event of a conflict between this DPA and theAgreement, this DPA shall prevail with respect to the Processing of PersonalData. This DPA may be updated to reflect changes in Data Protection Laws, with reasonable notice to the Controller.
15. Contact
For questions about this DPA orto exercise rights under this DPA, contact:
SendUpdates.ai
Email: hello@sendupdates.ai