← Back to home

Privacy Policy

Last updated: April 8, 2026

This policy describes how Sendcore (“Sendcore”, “we”) processes personal data when you use the website and the platform (together, the “Service”).

1. Data controller

The data controller is the entity operating Sendcore. If you use Sendcore to send communications to your customers, you may act as data controller or processor for recipients’ data. In that case, this policy covers the data processed by Sendcore as the platform provider.

2. Data we process

Depending on the features you use, we may process the following categories of data:

  • Account data: email, user identifier, authentication data (handled via Supabase Auth).
  • Email settings: sending domain, domain verification status, DNS records needed for setup (SPF/DKIM/DMARC), sender name, “from” and “reply-to” addresses.
  • Campaign data: subject line, preheader, content (HTML/text), campaign settings and metadata, UTM parameters.
  • Address books/segments: lists or segments created by the user and related email addresses entered/imported.
  • Integrations: if you connect Shopify, we process store identifiers and access tokens required for connection and syncing.
  • Delivery and engagement data: technical identifiers of sent messages and engagement metrics (e.g., opens/clicks). If you enable tracking, providers may also include technical details (e.g., IP address and user agent) in webhook payloads.
  • Technical data: logs and data necessary for security, abuse prevention, and diagnostics (e.g., timestamps, error events).

3. Purposes and legal bases

  • Service delivery (contract performance): account creation and management, campaign creation, message sending, reporting.
  • Security and fraud/abuse prevention (legitimate interest): infrastructure protection, technical logging and auditing.
  • Legal obligations (legal obligation): where applicable.
  • Optional features: for example AI suggestions for copy/email (if enabled), and third‑party integrations (contract performance or legitimate interest, depending on the case).

Note: sending marketing emails to recipients requires that you have an appropriate legal basis (e.g., consent, soft opt‑in, etc.) and that you provide recipients with your privacy notice and unsubscribe mechanism.

4. Recipients and service providers (processors)

To provide the Service we use vendors that may process data on our behalf, for example:

  • Supabase (authentication and database).
  • Vercel (hosting and application delivery).
  • Resend (email sending and deliverability/engagement webhooks).
  • Shopify (if you enable the integration).
  • Google Gemini API (only if you enable AI features and configure an API key).

We may also disclose data to competent authorities when required by law.

5. International transfers

Some vendors may process data outside the European Economic Area. In such cases, we rely on appropriate safeguards (for example, Standard Contractual Clauses) as required by applicable law.

6. Data retention

We retain data for as long as needed to provide the Service and to comply with legal obligations, resolve disputes, and enforce our rights. Campaign and reporting data is kept while your account remains active or until you request deletion, unless different retention obligations apply.

7. Cookies and similar technologies

We use cookies and similar technologies for authentication, preferences, and Service functionality. If we publish a separate Cookie Policy, it will be available from the footer.

8. Your rights

Subject to applicable law, you may exercise your rights of access, rectification, erasure, restriction, portability, and objection. If you believe processing violates data protection law, you may lodge a complaint with the competent supervisory authority.

If you are a recipient of emails sent via Sendcore, to exercise rights regarding data processed by the sender you should contact the sender directly.

9. Contact

For privacy requests you can contact us using the details available in the “Contacts” section of the website, or via the support email associated with the Service (if provided in your contract/account area).

This page is provided for informational purposes and may require legal adjustments depending on your business model, the countries you operate in, and the integrations actually enabled.