Sendvio

Last Updated: September 17, 2024.

Sendvio is committed to protecting the privacy of our users and ensuring compliance with all applicable data protection laws and regulations, including but not limited to the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, the California Consumer Privacy Act (CCPA), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and any other global privacy standards.

This Privacy Notice explains how Sendvio collects, uses, discloses, and protects personal data in connection with your use of our Services.

1. Who We Are

Sendvio is a software-as-a-service (SaaS) provider of email and SMS marketing automation tools, available to businesses through the Shopify App Store. Our services are provided strictly on a business-to-business (B2B) basis. When processing data on behalf of our customers (e.g., Shopify merchants), Sendvio acts as a data processor, while the customer is the data controller responsible for determining the purpose and means of processing personal data, including that of their end-users, subscribers, or customers.

We do not maintain a direct relationship with the end-users of our customers and process data exclusively under the instructions of the data controller in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and similar frameworks.

Mailing Address for Correspondence Only

Sendvio receives legal correspondence and business-related packages at the following mailing address:

5256 S. Mission Road, Suite 703-5034, Bonsall, CA 92003, USA

This is a mailing address only. Sendvio does not operate a physical office open to the public or conduct in-person business at this location.

For privacy-related inquiries, legal notices, or data protection matters, please contact:

Email: legal@sendvio.com

2. What Information We Collect

Sendvio collects and processes personal data solely for the purpose of providing, securing, and improving our Services. The types of information we collect may include:

A. Data You Provide Directly

Account and contact information: such as your full name, email address, company name, phone number, and billing details, collected when you create an account or communicate with us.
Store and platform data: such as your Shopify store name, domain, store identifier, billing history, and integration settings, are necessary to enable the Services.

B. Data Provided by Our Customers

In the course of using the Platform, our customers may upload or integrate personal data relating to their subscribers, customers, or contacts. This may include:

Subscriber and recipient data: such as names, email addresses, phone numbers, language preferences, and purchase behavior.
Communication content: including the content of email and SMS messages, campaign metadata (e.g., timestamps, subject lines), open/click metrics, and user interaction history.

Important: Sendvio acts only as a data processor with respect to subscriber and recipient data. Our customers, as data controllers, are solely responsible for ensuring that they have a lawful basis (e.g., consent) to collect, store, and process such data using the Services.

C. Data We Collect Automatically

Technical information: such as IP addresses, device type, browser type, operating system, and system configurations.
Usage data: including login history, feature usage, configuration settings, time spent in the platform, and performance data for service optimization.

We do not knowingly collect sensitive personal information unless explicitly required to provide the Services, and we do not use personal data for purposes other than those set out in this Privacy Notice.

3. How We Collect Your Information

Sendvio collects personal data through various channels, as outlined below. We only collect data that is relevant, necessary, and lawful for the provision and operation of our Services.

We may collect your information:

A. Directly from You

When you:

Register or create an account on the Platform
Communicate with us via email, contact forms, or support tools
Provide information during onboarding or account configuration
Submit feedback or interact with our team

B. Automatically Through Your Use of the Platform

We may automatically collect technical and usage data, including:

Device and browser information
IP address, access times, and session logs
Platform activity and feature usage metrics

This data is used to operate, secure, and improve our Platform and may be collected via cookies, tracking scripts, and logging mechanisms, subject to your preferences.

C. From Integrated Third-Party Platforms

We may collect data through integrations with third-party services, including:

Shopify and other eCommerce platforms for store, customer, and product data
Email and SMS gateways for message delivery and performance data
Payment processors or app marketplaces (e.g., Shopify billing system)

We rely on these platforms to provide accurate and lawful data in accordance with their own privacy policies and terms of use. Sendvio is not responsible for inaccuracies or unlawful disclosures originating from such third parties.

D. From Publicly Available Sources
Where permitted by applicable law, we may obtain data from public directories, social media platforms, or business websites to validate user accounts or improve platform integrity.

4. How We Use Your Information

Sendvio processes personal data only as necessary to provide, maintain, and improve the Services, and always in accordance with applicable data protection laws. We do not use customer data for our own advertising, profiling, or unrelated secondary purposes.

We may use personal data for the following purposes:

To provide and operate the Services: including setting up your account, configuring automations, delivering email and SMS campaigns, and managing platform functionality.
To authenticate users and secure accounts: including multi-factor verification, access control, and fraud prevention.
To improve platform performance and user experience: including analyzing usage patterns, diagnosing issues, and enhancing features based on aggregated or anonymized insights.
To communicate with you: including sending transactional emails, service alerts, support responses, onboarding guidance, and—where permitted—promotional offers.
To prevent misuse, abuse, or fraudulent activity: including spam detection, abuse mitigation, and platform integrity monitoring.
To comply with legal and regulatory obligations: including data retention, tax, anti-spam, and lawful access requests by authorities.

All processing is performed under the legal bases described in this Privacy Notice and, where applicable, under your documented instructions as a data controller.

Sendvio is not responsible for how you use the Services to configure marketing strategies, automations, or data usage. You are solely responsible for ensuring that your use of the Platform, including any data you input or process, is lawful, accurate, and aligned with your own privacy obligations.

5. Legal Bases for Processing (GDPR)

When processing personal data subject to the General Data Protection Regulation (GDPR), Sendvio acts primarily as a data processor on behalf of its customers, who are the data controllers. In limited circumstances, such as for billing, account management, or service-related communication, Sendvio may act as a data controller.

We only process personal data where there is a lawful basis to do so under Article 6 of the GDPR. These legal bases include:

Performance of a contract: When the processing is necessary to provide access to the Platform, fulfill our obligations under the terms of service, and deliver the features and functionalities of the Services.
Legitimate interests: When processing is necessary for our legitimate business interests, such as ensuring platform security, preventing misuse or fraud, maintaining service performance, or improving functionality, provided that such interests are not overridden by your fundamental rights and freedoms.
Compliance with legal obligations: When required to fulfill our legal responsibilities, such as tax, accounting, anti-spam, data security, or regulatory reporting requirements.
Consent: Where required by law (e.g., to send marketing emails to individuals who are not active customers), we will request and rely on your freely given, specific, informed, and unambiguous consent. You have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Customers using Sendvio are solely responsible for determining and documenting their own legal basis for processing any personal data submitted to or processed via the Platform, including obtaining valid consent from their subscribers or end users where required.

6. Sharing and Disclosure of Information

Sendvio does not sell, rent, or exchange personal data for monetary or other valuable consideration. We share data only when necessary to provide our Services, comply with legal obligations, or protect our legitimate interests.

We may share personal data with the following categories of recipients:

Trusted third-party service providers who assist in the operation of our Platform and delivery of Services, such as cloud hosting providers, analytics services, customer support platforms, and email/SMS gateway services. These providers are granted access to data only as needed and are contractually bound to process it solely for the specific purpose of delivering their services to Sendvio, and in compliance with applicable data protection laws (e.g., GDPR, CCPA, PIPEDA).
Platform partners, including Shopify, as required for integration, billing, and performance of the Services you subscribe to. Such disclosures are limited to what is necessary to operate within the Shopify ecosystem.
Professional advisors, such as legal counsel, accountants, or auditors, when reasonably necessary for business operations or to exercise or defend legal claims.
Law enforcement, regulators, courts, or other governmental authorities, if we believe disclosure is required by law, regulation, subpoena, court order, or other valid legal process, or necessary to protect the rights, safety, or integrity of Sendvio, our users, or third parties.

All third parties with whom we share personal data are required to adhere to strict confidentiality, data protection, and security obligations under binding agreements. We take reasonable steps to ensure these third parties provide the same level of protection as required under applicable laws.

Important: Customers who use Sendvio to connect or transfer data to additional third parties or external services are solely responsible for managing those relationships and for ensuring compliance with applicable data protection obligations.

Sendvio disclaims any liability for the acts or omissions of unaffiliated third parties not under our control.

7. International Data Transfers

As part of providing our Services, Sendvio may store, access, and process personal data in the United States or other countries where we or our trusted service providers maintain infrastructure. These countries may not offer the same level of data protection as your country of residence.

Where required under applicable laws, such as the General Data Protection Regulation (GDPR), the UK Data Protection Act, or other cross-border data transfer regulations, we implement appropriate safeguards to ensure an adequate level of protection. These safeguards may include:

Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA;
The UK International Data Transfer Addendum (IDTA) or International Data Transfer Agreement (IDTA) for UK-based transfers;
Supplementary measures, where required, based on the nature of the data, the recipient country's laws, and the scope of processing.

We take commercially reasonable steps to ensure that any recipient of your personal data provides an adequate level of data protection consistent with applicable legal requirements.

By using the Platform, you acknowledge and explicitly agree that your personal data may be processed in jurisdictions outside your own, including in countries that may have different or less stringent data protection standards. You also agree that such processing is necessary for the performance of the Services you have requested.

To the maximum extent permitted by law, you waive any claim against Sendvio related to the lawful transfer, storage, or processing of your data outside your country of residence or business operation. This includes any claim based on alleged inadequacy of data protection, lack of local representation, or cross-border jurisdiction.

All international data transfers are carried out in accordance with applicable privacy laws and the safeguards described in this Privacy Notice.

Any disputes relating to international data transfers or your use of the Platform shall be subject to the governing law and exclusive jurisdiction provisions set forth in our Terms of Service, regardless of your location or the location of the data subjects whose information is processed.

If you have questions about our data transfer mechanisms or would like to request a copy of applicable transfer safeguards, please contact us at legal@sendvio.com.

8. Data Retention

Sendvio retains personal data only for as long as necessary to fulfill the purposes for which it was collected, including the provision of our Services, compliance with our legal and contractual obligations, enforcement of our agreements, and the protection of our legal rights.

Retention periods may vary depending on:

The type of data collected;
The nature of your relationship with Sendvio;
Applicable legal or regulatory requirements (e.g., tax, anti-fraud, record-keeping laws);
The need to resolve disputes, enforce our rights, or defend against legal claims.

Where Sendvio processes data as a data processor on behalf of a customer (such as subscriber or recipient data), the customer is solely responsible for determining the appropriate data retention period and for managing deletion requests in accordance with their own legal obligations and privacy policies.

You may request the deletion of your personal data at any time by contacting us at legal@sendvio.com. However, we may be required to retain certain information:

As necessary to comply with applicable laws and regulations;
For legitimate business purposes;
To prevent abuse, enforce our rights, or resolve disputes;
To maintain internal logs and backup copies in accordance with security policies.

Upon expiration of the applicable retention period, personal data will be securely deleted, anonymized, or aggregated in a manner that prevents identification of individuals.

9. Data Security

At Sendvio, we prioritize the security and confidentiality of the personal data entrusted to us. We implement robust technical and organizational measures to protect all data processed through our platform, in accordance with applicable data protection laws and industry standards, including Article 32 of the General Data Protection Regulation (GDPR).

Our security framework includes, but is not limited to:

End-to-end encryption of data in transit and at rest
Access controls based on user roles and least-privilege principles
Multi-layered network security and infrastructure monitoring
Regular security audits, vulnerability assessments, and patch management
Secure development practices and data handling protocols

These measures are designed to prevent unauthorized access, maintain data integrity, and ensure the ongoing availability and resilience of our systems.

While Sendvio follows strict security practices, we also recognize that data protection is a shared responsibility. We encourage all users to:

Use strong, unique passwords and keep login credentials confidential
Configure account settings with care, especially where customer data is involved
Follow best practices in securing their own systems, stores, and integrations

If you believe your account may have been accessed without authorization or detect unusual activity, please contact us immediately at legal@sendvio.com. We are committed to investigating and responding promptly to any security concerns.

10. Your Privacy Rights

At Sendvio, we respect your privacy and are committed to giving you control over your personal data. Depending on your place of residence and the laws that apply in your jurisdiction, you may have certain rights relating to your personal data.

These rights may include:

Access – You can ask us whether we hold your personal data and request a copy of it.
Correction – If any of your information is inaccurate or incomplete, you may request that we update it.
Deletion – In some cases, you may request the deletion of your data, subject to legal or contractual obligations.
Restriction – You may ask us to limit the way we process your data in certain circumstances.
Portability – Where applicable, you can request to receive your data in a portable format.
Objection or Withdrawal of Consent – If you've previously given consent for certain processing, you may withdraw it at any time.
No Discrimination – We will never deny services, change prices, or offer different levels of support because you exercised a privacy right.

If you have questions or wish to make a request, you're welcome to contact us directly at legal@sendvio.com. Our team is here to help.

Note: In many cases, Sendvio processes personal data on behalf of our customers (for example, Shopify store owners). If your data was shared with us by a business using our platform, we may not be authorized to fulfill your request directly. In those cases, we'll guide you to the appropriate contact at the business responsible for your data.

Please understand that while we aim to fulfill all valid requests promptly, some requests may be subject to exceptions or verification steps in accordance with applicable privacy laws.

11. Cookies and Tracking Technologies

Sendvio uses cookies and similar tracking technologies to enhance your experience, improve platform functionality, analyze usage, and ensure the security and stability of our Services.

Depending on your location and applicable law, these technologies may require your consent—particularly for non-essential cookies. We use the following types of cookies:

Essential cookies: Required for the operation of the Platform, including security, authentication, and user session management.
Performance and analytics cookies: Help us understand how users interact with the Platform and improve its performance.
Functionality cookies: Enable enhanced features, such as remembering preferences or previously selected options.

You can manage your cookie preferences at any time through your browser settings or device controls. Please note that disabling certain types of cookies may impact the functionality or availability of some features of the Platform.

Where legally required, we will request your consent before placing non-essential cookies on your device. You may withdraw your consent at any time without affecting the lawfulness of prior processing.

For more information about how we use cookies and your choices, please see our Cookie Notice.

12. Children's Privacy

Sendvio's Services are designed for use by businesses and are not intended for use by individuals under the age of 18. We do not knowingly collect, solicit, or process personal data from children, as defined under applicable law.

If you are a parent or legal guardian and believe that your child has provided us with personal data without your consent, please contact us immediately at legal@sendvio.com. Upon verification, we will take reasonable steps to delete the information as required by applicable law.

Important: As a B2B service provider, Sendvio acts as a data processor on behalf of its customers. We do not control the data our customers choose to collect or process using our Services. Customers are solely responsible for ensuring that they do not collect personal data from children in violation of applicable laws and regulations.

Sendvio disclaims any liability for the collection of personal data from children that results from misuse or misconfiguration of the Platform by a customer or third party.

13. Updates to This Privacy Notice

We may revise or update this Privacy Notice from time to time to reflect changes in legal requirements, regulatory guidance, technological developments, or our business operations. When updates are made, we will revise the "Last Updated" date at the top of this Notice.

Where the changes are material, we will provide reasonable notice, such as by email or through prominent in-app messaging, before the updated terms take effect, unless applicable law requires otherwise.

We encourage you to review this Privacy Notice periodically to stay informed about how we collect, use, and protect your information. Your continued use of the Platform after any changes have been published will constitute your acceptance of the revised Privacy Notice.

Please note: It is your responsibility to ensure that the contact information associated with your Sendvio account remains accurate and up to date, so that you may receive timely notifications of material updates. Sendvio disclaims any liability for failure to notify users who have not maintained valid contact information.

If you do not agree with any updates to this Privacy Notice, you should discontinue use of the Platform and may contact us with any concerns at legal@sendvio.com.

14. Contact

If you have any questions, concerns, or complaints regarding this Privacy Notice or your personal data, please contact:

Sendvio Privacy Team