Sendvio Privacy Notice

Last updated: September 22, 2025

Sendvio is committed to protecting the privacy of our users and ensuring compliance with all applicable data protection laws and regulations worldwide, including but not limited to the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, the California Consumer Privacy Act (CCPA/CPRA), Brazil's Lei Geral de Proteção de Dados (LGPD), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Australia's Privacy Act 1988, and other relevant global privacy standards.

This Privacy Notice explains in detail how Sendvio collects, uses, discloses, and protects personal data in connection with your use of our Services. It is designed to protect Sendvio as a service provider while also making clear your responsibilities as a user and data controller.

1. Who We Are

Sendvio is a software-as-a-service (SaaS) provider of email, SMS, WhatsApp, and AI-powered marketing automation tools, made available primarily through the Shopify App Store. Our Services are strictly provided on a business-to-business (B2B) basis.

When processing data on behalf of our customers (for example, Shopify merchants), Sendvio acts as a data processor, while the customer acts as the data controller responsible for determining the purpose and means of processing personal data.

We do not maintain a direct relationship with the end-users, subscribers, or customers of our customers. We process such data exclusively under the documented instructions of the data controller, in compliance with applicable laws such as the GDPR and similar frameworks.

Mailing Address for Correspondence Only

This is a mailing address only. Sendvio does not operate a physical office open to the public.

Privacy Contact

Email: support@sendvio.com

2. Roles and Responsibilities

It is important to understand the roles involved in data processing under Sendvio's platform:

Customer as Controller: You, the customer, are solely responsible for ensuring a lawful basis (such as valid consent) when uploading, integrating, or otherwise providing personal data into the Sendvio platform. You determine which data to process, what communications to send, and to whom.

Sendvio as Processor: We act as your processor for subscriber and recipient data. We only process personal data in accordance with your instructions and as required to deliver the Services.

Sendvio as Controller in Limited Contexts: For billing, account management, fraud prevention, compliance with legal obligations, and certain communications about your account, Sendvio may act as an independent data controller.

Disclaimer of Responsibility for Misuse: If you use Sendvio in violation of law (for example, sending marketing to individuals without consent, collecting data from minors, or transmitting prohibited content), you alone are responsible for those actions. Sendvio disclaims any liability arising from customer misuse.

3. What Information We Collect

Sendvio collects and processes personal data only as necessary to provide, secure, and improve the Services. We do not collect personal data for unrelated advertising, profiling, or resale purposes.

3.1 Data You Provide Directly

When you create an account or communicate with us, we may collect information such as:

• Account and contact information (name, email, phone, company, billing details).
• Store and platform data (Shopify store name, domain, identifiers, billing history, integration settings).

3.2 Data Provided by Customers

In the course of using the platform, you may upload or integrate data relating to your subscribers, customers, or contacts. This can include:

• Subscriber information (names, email addresses, phone numbers, preferences, purchase history).
• Communication content (message text, campaign metadata, open/click rates, interaction history).

Important: Sendvio processes this data as your processor. You remain solely responsible for ensuring lawful collection and use (e.g., obtaining consent).

3.3 Data Collected Automatically

To maintain and secure the Services, we automatically collect technical data such as:

• IP addresses, browser type, operating system, device identifiers.
• Usage metrics including login history, configuration settings, session length, and performance logs.

3.4 Data from Integrated Platforms

Through integrations (e.g., Shopify, payment processors, SMS/WhatsApp gateways), we may process store, order, customer, or billing data as necessary. These third parties process data under their own privacy notices, and Sendvio is not liable for inaccuracies or unlawful disclosures originating from them.

3.5 Data from AI Inputs

When you use AI features, we may process prompts and outputs you generate. You must not input sensitive personal data (such as health, biometric, financial, or children's data) unless you have a lawful basis. Sendvio may use anonymized or aggregated inputs/outputs to improve functionality, but will never use your identifiable personal data for model training without your explicit consent.

4. How We Use Information

Sendvio processes personal data solely for legitimate and lawful purposes, including:

• Providing and operating the Services (account setup, automations, message delivery).
• Authenticating users and securing accounts (fraud prevention, access controls).
• Improving the platform (diagnostics, analytics, performance monitoring).
• Communicating with you (transactional notices, service alerts, onboarding, support).
• Preventing abuse and enforcing our Terms of Service (spam detection, compliance).
• Meeting legal obligations (data retention, regulatory reporting, lawful requests).

We do not use customer data for Sendvio's own advertising, profiling, or unrelated commercial purposes.

Customer Responsibility: You remain fully responsible for the lawfulness of how you use Sendvio to configure marketing strategies, upload data, and communicate with your own customers.

5. Legal Bases for Processing (GDPR and Global Standards)

When Sendvio acts as a controller, we process personal data under lawful bases including:

• Contract performance (to provide the Services you subscribe to).
• Legitimate interests (ensuring security, preventing misuse, improving services).
• Legal obligations (complying with tax, regulatory, anti-fraud, or law enforcement requirements).
• Consent (when required by law, such as for optional marketing communications).

When Sendvio acts as a processor, you (the customer) are responsible for determining and documenting the lawful basis for processing your subscribers' or customers' personal data.

6. Sharing and Disclosure of Information

Sendvio does not sell or share personal information as those terms are defined under the California Consumer Privacy Act (as amended by the CPRA).

We only share personal data under the following circumstances:

• Third-Party Service Providers: Cloud hosting, analytics, support, SMS/email/WhatsApp gateways. All are contractually bound to process data only for Sendvio's purposes.
• Platform Partners: Shopify and similar app stores for billing and integration.
• Advisors: Legal, accounting, auditing as reasonably necessary.
• Authorities: Regulators, courts, or law enforcement when legally required.
• Customer Integrations: If you connect Sendvio to additional third parties, you are solely responsible for those data flows. Sendvio disclaims liability for unaffiliated third-party misuse.

7. International Data Transfers

Sendvio may store and process personal data in the United States and other jurisdictions where we or our trusted providers maintain infrastructure. These countries may not provide the same level of data protection as your country of residence.

Where personal data is transferred from the European Economic Area (EEA), the United Kingdom, or Switzerland, Sendvio implements safeguards to ensure an adequate level of protection, including:

• the use of European Commission–approved Standard Contractual Clauses (SCCs);
• the UK International Data Transfer Agreement (IDTA) or Addendum, where applicable; and
• Supplementary measures such as encryption, access restrictions, and security monitoring.

By using our Services, you acknowledge that such transfers are necessary for performance of the contract and global service delivery.

To the maximum extent permitted by law, Sendvio disclaims liability for the acts or omissions of unaffiliated third parties involved in international transfers outside its control.

Important: Nothing in this Privacy Notice limits your statutory rights under GDPR or UK GDPR with respect to international transfers. While Sendvio will take all reasonable measures to ensure lawful cross-border processing, you retain the right to object to transfers or request further information about the safeguards applied.

If you object to a transfer that is legally required or technically essential for the provision of the Services, Sendvio may be unable to continue delivering some or all aspects of the Services. In such cases, Sendvio reserves the right to suspend or terminate your access to the Services, without liability, to the extent that continued provision would be unlawful or impossible.

8. Data Retention

Sendvio retains personal data only for as long as necessary to fulfill the purposes described in this Privacy Notice, including compliance with legal, tax, and regulatory obligations, resolution of disputes, enforcement of agreements, and maintenance of platform security.

Retention periods may vary depending on the nature of the data and the applicable legal framework. In all cases, Sendvio applies the GDPR principle of storage limitation (Art. 5(1)(e)), which requires that personal data be kept in identifiable form only as long as necessary.

• Customer subscriber data: You, as the controller, determine the appropriate retention period. Upon request or termination, we delete or anonymize such data in accordance with your instructions, unless legal obligations require otherwise.
• Account and billing data: Retained for the period required by law (e.g., tax or accounting regulations).
• Security logs and backups: Retained temporarily for business continuity and deleted or anonymized on a rolling basis.

When retention is no longer necessary, data will be securely deleted, irreversibly anonymized, or aggregated in a way that prevents re-identification.

9. Data Security

We maintain technical and organizational safeguards (encryption, access controls, monitoring, audits, vulnerability management). While we take robust precautions, data protection is a shared responsibility: you must secure your own accounts, integrations, and systems.

In accordance with GDPR Article 33 and equivalent laws, Sendvio will notify affected customers without undue delay if a personal data breach occurs that directly impacts their data, to the extent required by law.

Sendvio is not responsible for breaches, unauthorized access, or data loss resulting from your failure to secure your accounts, systems, or integrations.

10. AI Features and Privacy

Sendvio may offer artificial intelligence (AI) features that generate email templates, campaign text, or images. These tools are provided solely as optional aids to assist you in content creation.

You remain responsible for reviewing, editing, and approving any AI-generated outputs before use. Sendvio makes no warranties as to the accuracy, legality, or suitability of AI outputs, and expressly disclaims liability for their use in your business operations.

Transparency obligations: Where required by law (including the forthcoming EU AI Act), you must clearly disclose to your customers or subscribers when AI-generated content is used in communications.

Prohibited uses: You may not use Sendvio's AI features in any high-risk or unlawful context, including but not limited to:

• biometric identification, surveillance, or profiling;
• creditworthiness or employment decisions;
• political campaigning or voter manipulation;
• discriminatory, harassing, defamatory, or obscene content.

Sensitive data: Do not input personal data relating to health, children, financial accounts, or other special-category data (as defined by GDPR Art. 9) unless you have a valid lawful basis.

Ownership: All rights in AI outputs belong to you, subject to third-party intellectual property rights. Sendvio retains full rights in its models, algorithms, and training data.

Disclaimer: AI features are provided "as is" and are excluded from service-level guarantees. Sendvio disclaims liability for regulatory or legal consequences arising from your reliance on AI-generated content.

11. SMS and WhatsApp Data

If you use SMS or WhatsApp features, you are solely responsible for compliance with:

• TCPA, FCC rules, carrier requirements (SMS).
• WhatsApp Business Policy, Meta template rules, and country-specific messaging laws.

You must obtain and honor valid consents, handle opt-outs, and respect WhatsApp's 24-hour rule.

Sendvio provides compliance tools but disclaims liability for carrier blocks, Meta enforcement, or regulatory penalties.

12. End-User Privacy Rights

Depending on the laws of your users' jurisdictions, individuals may have specific rights over their personal data, including:

• the right of access,
• rectification,
• erasure,
• restriction of processing,
• data portability,
• and the right to object or withdraw consent.

If you are a Sendvio customer (controller), you are solely responsible for honoring these rights with respect to your subscribers and end-users. Sendvio will not act on such requests directly unless legally obligated or explicitly authorized by you.

Assistance to controllers: In accordance with GDPR Art. 28(3)(e), Sendvio will provide reasonable assistance to help you fulfill your obligations, including responding to data subject requests where technically feasible. Any such assistance will be provided strictly subject to technical feasibility, applicable law, and may be conditioned on reimbursement of costs incurred.

Supervisory authority rights: Individuals in the European Economic Area, the UK, or Switzerland also have the right to lodge a complaint with their local supervisory authority (for example, the CNIL in France or the ICO in the United Kingdom) if they believe their data has been processed unlawfully.

Sendvio respects these rights but emphasizes that responsibility for compliance ultimately rests with you as the controller of your end-user data.

13. Cookies and Tracking

Sendvio uses cookies and similar technologies to enable secure operation of the Services, improve functionality, and analyze usage patterns.

Types of cookies:

• Strictly necessary cookies – essential for login, account security, and core functions.
• Performance/analytics cookies – help us measure and improve platform performance.
• Functional cookies – remember preferences and enhance usability.
• Third-party cookies – may be set by integrated services such as analytics or support tools.

Where required by law (including the EU ePrivacy Directive and national implementations such as the UK PECR or Germany's TTDSG), non-essential cookies are only placed with your prior consent. You may withdraw or adjust your cookie preferences at any time through your browser or our cookie banner, without affecting the lawfulness of processing prior to withdrawal.

Customer responsibility: If you install Sendvio scripts or widgets on your website, you must update your own site's privacy notice and cookie banner to disclose any Sendvio-related cookies or tracking technologies, and to obtain consent where required. Sendvio disclaims liability for your failure to do so.

14. Children's Data

The Services are not intended for individuals under 18. We do not knowingly collect data from children. If you configure Sendvio in violation of this, you bear full responsibility.

Sendvio disclaims all liability arising from the collection of children's data through misuse or misconfiguration by customers.

15. Updates to This Privacy Notice

We may revise this Privacy Notice as laws and technology evolve. Material changes will be communicated via email or in-app notifications. Continued use of the Services after updates constitutes acceptance.

16. Governing Law

This Privacy Notice is governed by the same governing law and dispute resolution provisions set forth in Sendvio's Terms and Conditions of Service.