Who We Are
Sendora (“Sendora,” “we,” “us,” or “our”) operates the website sendora.meand all associated sub-domains, mobile applications, application programming interfaces (APIs), and services (collectively, the “Services”). Sendora is a privacy-first email platform that enables users to send, receive, and manage electronic mail without the use of advertising, behavioural tracking, or data profiling.
For the purposes of applicable data protection legislation — including, without limitation, the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK GDPR, India's Information Technology Act 2000 and the Digital Personal Data Protection Act 2023 (“DPDPA”), and the California Consumer Privacy Act (“CCPA”) — Sendora is the data controller responsible for determining the purposes and means of processing your personal data.
Our registered contact email is privacy@sendora.me.
Scope of This Policy
This Privacy Policy applies to all individuals who:
- Visit or browse our website at sendora.me or any of its sub-domains;
- Register for and use a Sendora email account (including on behalf of an organisation);
- Use the Sendora Temporary Inbox feature;
- Send or receive email messages through our platform;
- Interact with our APIs, widgets, or integrations;
- Contact us for support, sales inquiries, or any other purpose;
- Subscribe to any communications from Sendora.
This policy does not apply to third-party websites, services, or applications that may link to or from our Services. We encourage you to review the privacy policies of any third-party services you access through or in connection with Sendora.
Information We Collect
We collect information in three principal ways: information you provide to us directly, information collected automatically when you use our Services, and information received from third parties in the course of providing our Services.
3.1 Information You Provide Directly
| Account registration data | Username, email address, password hash (we store a cryptographic hash — never a plain-text password), and optionally a display name or avatar image. |
| Passkey / WebAuthn credentials | Public-key credential identifiers, authenticator attestation data, and device-bound key material used to authenticate you without a password. Private keys never leave your device. |
| Email messages | The To, From, Cc, Bcc, Subject, message body, attachments, and associated metadata (timestamps, thread identifiers) of all messages you send and receive through our platform. |
| Draft content | Automatically saved draft bodies, recipients, and attachments while you are composing a message. |
| Custom domain configuration | Domain names, DNS verification records, and associated mailbox definitions submitted by users who connect a custom domain. |
| Support communications | Content of messages, emails, or form submissions you send to our support team. |
| Payment information | Subscription tier selection, billing cycle preference, and Razorpay-generated transaction identifiers. We do not store full card numbers, CVVs, or bank account details — all payment card processing is handled exclusively by Razorpay. |
| Profile and settings data | Theme preference, compose font, notification settings, signature, and other account-level preferences. |
3.2 Information Collected Automatically
| Log data | IP address, browser type and version, operating system, referring URL, pages visited, time spent, and the date and time of each request. |
| Session tokens | Cryptographically signed session identifiers stored as HTTP-only, Secure, SameSite cookies used solely for authentication. These are not used for advertising or tracking. |
| Device information | General device type (desktop, tablet, mobile), viewport dimensions, and language preference — used to render the application correctly. |
| Approximate geolocation | Country or region inferred from IP address using an offline GeoIP database (geoip-lite). We do not use GPS, cell tower, or Wi-Fi triangulation data. Precise location is never collected. |
| Usage events | Actions performed within the application — such as opening a message, composing, or switching folders — collected to operate and improve the service. These events are not shared with advertising platforms. |
| Rate-limiting identifiers | Hashed IP addresses retained briefly in our Upstash Redis cache solely to enforce rate limits and prevent abuse. |
3.3 Information Received from Third Parties
When external senders deliver email to your Sendora address, we receive the message content, headers, and metadata from our email infrastructure provider (Resend) via inbound webhook. We do not solicit or acquire personal data about you from data brokers, advertising networks, or social media platforms.
How We Use Your Information
We use the information we collect for the following purposes:
| Providing the Services | Routing, storing, and displaying email messages; authenticating users; maintaining session state; providing compose, inbox, search, and labelling functionality. |
| Account management | Creating and managing your account, processing plan upgrades or downgrades, managing billing, and communicating account-related notices (e.g., storage warnings, password resets). |
| Security and fraud prevention | Detecting and blocking spam, phishing, and malicious content; enforcing rate limits; preventing unauthorised access; monitoring for account takeover attempts; and reviewing suspicious activity. |
| Service improvement | Analysing aggregated, anonymised usage patterns to prioritise features, diagnose performance issues, and improve reliability. Individual message content is never used for this purpose. |
| AI-assisted features | Powering Smart Compose suggestions, email summarisation, and AI-assisted reply drafting when those features are enabled by you (see Section 7 for full detail). |
| Customer support | Responding to your inquiries, resolving disputes, and troubleshooting issues. |
| Legal compliance | Meeting our obligations under applicable law, responding to lawful requests from public authorities, and enforcing our Terms of Service. |
| Transactional communications | Sending account notifications, security alerts, billing receipts, and service announcements. We do not send unsolicited marketing emails. |
We will never use your email content to build advertising profiles, sell or license data to third parties for marketing purposes, or allow third-party advertising networks to access your information.
Legal Basis for Processing (GDPR & UK GDPR)
For users in the European Economic Area (EEA), the United Kingdom, and other jurisdictions that require a lawful basis for personal data processing, we rely on the following:
| Performance of a contract (Art. 6(1)(b) GDPR) | Processing necessary to create and maintain your account, deliver email services, process payments, and provide all core features you have signed up for. |
| Legitimate interests (Art. 6(1)(f) GDPR) | Security monitoring, spam detection, fraud prevention, service analytics (on aggregated data), and improving platform reliability — where our interests do not override your fundamental rights. |
| Legal obligation (Art. 6(1)(c) GDPR) | Compliance with applicable law, court orders, and regulatory requirements, including lawful requests from law enforcement. |
| Consent (Art. 6(1)(a) GDPR) | Where we rely on consent (e.g., for optional AI features that process message content), you may withdraw it at any time without affecting the lawfulness of prior processing. |
Email Processing & Storage
The core purpose of Sendora is to handle electronic mail on your behalf. This section explains precisely how we handle message content.
6.1 Inbound Messages
When a message is addressed to your Sendora inbox, our email infrastructure provider (Resend) receives the message, performs initial spam and malware filtering, and delivers it to our servers via a secure webhook. We parse, index, and store the full message — including headers, body, and attachments — in our database, associated with your account. Message content is stored in encrypted form at rest.
6.2 Outbound Messages
When you send a message, we pass it to Resend's outbound SMTP infrastructure for delivery. Resend may retain transactional log data (metadata such as recipient address, delivery status, and timestamps) in accordance with their own privacy policy. We store a copy of sent messages in your Sent folder.
6.3 Anonymous Sending
If you enable the “Send Anonymously” feature, your message is dispatched via a rotating alias address (e.g., anon-xxxx@sendora.me). Your real email address is not disclosed to the recipient. Replies are routed back to your inbox through this alias. We retain the alias-to-identity mapping internally to enable reply routing; this mapping is deleted when the alias expires or you delete your account.
6.4 Scheduled & Queued Messages
Messages you schedule for future delivery are stored securely in our jobs queue until the scheduled send time. You may cancel a scheduled message before it is dispatched. The five-second undo window that follows an immediate send is implemented via a brief pre-delivery hold; if you do not undo within that window, the message is dispatched and cannot be recalled.
6.5 Confidential Messages
When you send a message in Confidential Mode, the message body is stored with a defined expiry date. After that date, the message body is permanently deleted from our servers. Recipients view the message via a one-time access link; optional passcode protection may require the recipient to verify via email OTP before viewing. Expired confidential messages cannot be recovered.
6.6 Attachments
File attachments are uploaded to Cloudinary, our cloud media storage provider, via a secure server-side connection. We store the Cloudinary URL and metadata in our database linked to the relevant draft or message. Cloudinary applies its own security controls to stored files. Attachments associated with deleted messages are permanently removed from Cloudinary within 30 days of message deletion.
6.7 Search Indexing
We maintain a full-text index of your messages to power the in-app search feature. This index is stored on our own infrastructure, linked to your account, and is never shared with or accessible by third-party search providers or advertisers.
AI-Powered Features
Sendora offers optional AI-assisted features powered by Google Gemini (“Gemini”), including:
- Smart Compose — inline suggestions as you type;
- AI Write — drafting or rewriting email content based on your instructions;
- Email Summarisation — condensing long messages into a brief summary;
- Smart Reply Suggestions — proposing short reply options for received messages.
When you invoke an AI feature, relevant portions of your email content (such as the message you are composing or reading) are transmitted to Google Gemini's API over an encrypted connection. Google processes this content to generate the AI output and returns the result to our servers, which display it in your compose window.
Important: Google Gemini's use of data submitted through the API is governed by Google's API Terms of Service and Google Cloud Privacy Notice. As of the date of this policy, Google does not use API inputs to train its models by default. We recommend reviewing Google's current policies at cloud.google.com/terms/cloud-privacy-notice.
AI features are optional. Smart Compose can be disabled in Settings → Compose preferences. AI features that process message content are only invoked when you explicitly trigger them (e.g., clicking the “AI” button or accepting an inline suggestion). We do not automatically or in the background send your full inbox to any AI service.
Cookies & Tracking Technologies
8.1 Cookies We Use
| Session cookie | An HTTP-only, Secure, SameSite=Lax cookie containing a signed session token used to authenticate you. This cookie is strictly necessary for the application to function. It expires when you log out or after a rolling period of inactivity. | Strictly necessary |
| CSRF token | A per-session token used to prevent cross-site request forgery attacks. Set as an HTTP-only cookie. | Strictly necessary |
| Turnstile challenge cookie | Cloudflare Turnstile may set short-lived cookies as part of the bot-detection CAPTCHA challenge on signup and login forms. These are functional and privacy-preserving by design. | Strictly necessary / Functional |
| Theme preference | A non-cookie mechanism (localStorage) may be used to remember your chosen colour theme. This stores only a string such as “light” or “dark” locally in your browser and is not transmitted to our servers. | Functional |
8.2 What We Do Not Use
We do not use:
- Third-party advertising cookies or ad network trackers;
- Analytics cookies from Google Analytics, Meta Pixel, or similar platforms;
- Cross-site tracking or fingerprinting scripts;
- Persistent marketing cookies of any kind.
8.3 Managing Cookies
You can instruct your browser to refuse all cookies or to indicate when a cookie is being set. However, if you refuse strictly necessary cookies (such as the session cookie), you will not be able to log in to your Sendora account. Most browser manufacturers provide help pages relating to cookie management in their documentation.
Third-Party Service Providers
To operate our Services, we engage a limited number of carefully selected third-party processors. Each has been assessed against our data protection standards and is bound by contractual obligations (such as Data Processing Agreements) to process data only on our documented instructions and in accordance with applicable law.
| Resend (resend.com) | Email infrastructure — outbound SMTP delivery and inbound webhook processing. Resend processes message headers and content transiently during delivery. | United States | resend.com/legal/privacy-policy |
| Cloudinary (cloudinary.com) | Cloud media storage for file attachments and user avatars. Files are stored encrypted at rest. | United States / EU | cloudinary.com/privacy |
| Razorpay (razorpay.com) | Payment processing for paid Sendora subscriptions and add-ons. Card data is processed entirely by Razorpay and never touches our servers. | India | razorpay.com/privacy |
| Upstash (upstash.com) | Redis-based rate limiting and caching. Stores only hashed identifiers (IP hashes, user IDs) for a brief period, never message content. | United States / EU | upstash.com/privacy |
| Google Gemini API (cloud.google.com) | AI content generation for optional Smart Compose, AI Write, and summarisation features. Invoked only on explicit user action. | United States | cloud.google.com/terms/cloud-privacy-notice |
| Cloudflare Turnstile (cloudflare.com) | Bot-detection CAPTCHA on signup and login forms. Privacy-preserving; no advertising profiling. | Global | cloudflare.com/privacypolicy/ |
We do not sell, rent, or otherwise transfer your data to any party for advertising, data brokerage, or commercial profiling purposes.
Data Sharing & Disclosure
We treat your data as confidential. We will share your personal data only in the following circumstances:
10.1 Service Providers
With the third-party processors listed in Section 9, strictly to the extent necessary to provide the Services and under enforceable confidentiality and data protection obligations.
10.2 Legal Requirements
We may disclose personal data where we believe in good faith that disclosure is necessary to:
- Comply with a legal obligation, applicable law, or binding regulation;
- Respond to a valid court order, subpoena, or warrant issued by a competent authority;
- Protect the rights, property, or safety of Sendora, our users, or the public;
- Detect, prevent, or address fraud, security vulnerabilities, or technical issues.
Where permitted by law, we will notify you before disclosing your data in response to a legal demand, so that you may seek a protective order or other appropriate remedy.
10.3 Business Transfers
If Sendora undergoes a merger, acquisition, reorganisation, or sale of all or a portion of its assets, your personal data may be transferred as part of that transaction. We will provide notice via a prominent announcement on our website and, where required, obtain your consent before your data is transferred and becomes subject to a materially different privacy policy.
10.4 With Your Consent
We may share your data with additional third parties where you have given us explicit, informed consent to do so. You may withdraw such consent at any time.
10.5 Aggregate & Anonymised Data
We may share aggregated, anonymised statistical data (e.g., “X% of users prefer dark mode”) with partners, investors, or the public. Such data cannot be used to identify any individual user.
Data Retention
We retain personal data for as long as is necessary to fulfil the purposes described in this policy, to maintain your account, and to comply with our legal obligations. The following periods apply:
| Account data (name, email address, password hash) | For the lifetime of your account. Upon account deletion, this data is permanently purged within 30 days. |
| Email messages (inbox, sent, archived) | For the lifetime of your account. Deleted messages are moved to Trash and permanently purged after 30 days, or immediately upon request. |
| Draft messages | Retained until you send, discard, or delete the draft. Purged within 7 days of account deletion. |
| Attachments | Retained alongside the associated message. Purged from Cloudinary within 30 days of message deletion. |
| Confidential messages | Message body purged upon the user-defined expiry date. Metadata may be retained for up to 90 days for delivery audit purposes. |
| Session tokens | Expire on logout or after 30 days of inactivity, whichever comes first. |
| Log & security data (IP addresses, request logs) | Retained for a maximum of 90 days, used solely for security monitoring, rate limiting, and abuse prevention. |
| Rate-limiting cache data (Upstash Redis) | Retained for the duration of the applicable rate-limit window — typically between 1 minute and 24 hours. |
| Payment & billing records | Retained for 7 years to comply with financial and tax regulations. |
| Support communications | Retained for 2 years after the closure of the support ticket, or until you request deletion, whichever is sooner. |
After the applicable retention period, data is securely and irreversibly deleted or anonymised.
Security
We implement a comprehensive set of technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:
12.1 Encryption
- In transit: All data transmitted between your browser and our servers uses TLS 1.2 or TLS 1.3 with strong cipher suites. Email delivery to and from Resend uses encrypted SMTP (STARTTLS / TLS).
- At rest: Databases, file storage (Cloudinary), and backups are encrypted using AES-256 or equivalent standards.
- Passwords: We store only a cryptographic hash of your password using Argon2id, an industry-leading, memory-hard hashing algorithm. We can never retrieve your plain-text password.
12.2 Authentication
- Support for Passkeys (WebAuthn / FIDO2) — phishing-resistant, device-bound authentication that eliminates reliance on passwords.
- Session token rotation on privilege escalation events.
- Automatic session invalidation after periods of inactivity.
- Account lockout and rate limiting on repeated failed login attempts.
12.3 Infrastructure Security
- Access to production infrastructure is restricted to a minimal number of authorised personnel using multi-factor authentication.
- All changes to production systems are audited and logged.
- Automated vulnerability scanning and dependency auditing of our codebase.
- Spam and malware filtering on all inbound email.
12.4 Incident Response
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (as required by GDPR Article 33) and, where required, notify affected users without undue delay.
While we take every reasonable precaution to safeguard your data, no system is completely immune to security risks. We encourage you to use a strong, unique password or a Passkey, and to contact us immediately if you suspect unauthorised access to your account.
International Data Transfers
Sendora operates in India, and our primary data storage infrastructure is located there. However, because we use service providers whose infrastructure may be based in the United States or the European Union (see Section 9), your data may be transferred to and processed in countries outside your home jurisdiction.
Where we transfer data to countries that do not provide an equivalent level of data protection to your home jurisdiction (for example, transfers from the EEA to the United States), we rely on one or more of the following safeguards:
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- An adequacy decision by the European Commission in relation to the recipient country;
- Binding Corporate Rules where applicable;
- The UK International Data Transfer Agreement (IDTA) for UK GDPR transfers.
You may request a copy of the relevant transfer mechanisms by contacting us at privacy@sendora.me.
Your Privacy Rights
Depending on your location, you may have the following rights with respect to your personal data. We will respond to all verified requests within the timeframes required by applicable law (typically 30 days, extendable by a further 30 days in complex cases).
14.1 Rights Under GDPR / UK GDPR (EEA & UK Users)
| Right of access (Art. 15) | Obtain a copy of the personal data we hold about you, along with information about how it is processed. |
| Right to rectification (Art. 16) | Request correction of inaccurate or incomplete personal data. |
| Right to erasure / 'right to be forgotten' (Art. 17) | Request deletion of your personal data where there is no legitimate reason for us to continue processing it. You can delete your account at any time in Settings → Account → Delete Account. |
| Right to restriction of processing (Art. 18) | Request that we temporarily suspend processing of your data while a dispute is resolved. |
| Right to data portability (Art. 20) | Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller. You can export your inbox data in standard formats from Settings → Export. |
| Right to object (Art. 21) | Object to processing based on legitimate interests. We will cease such processing unless we can demonstrate compelling legitimate grounds that override your interests. |
| Right to withdraw consent (Art. 7(3)) | Withdraw consent at any time where processing is based on consent (e.g., AI features). Withdrawal does not affect the lawfulness of prior processing. |
| Right to lodge a complaint | Lodge a complaint with your local supervisory authority. For EEA users, this is the data protection authority in your Member State. For UK users, this is the Information Commissioner's Office (ICO). |
14.2 Rights Under the CCPA (California Users)
If you are a California resident, the CCPA grants you the following additional rights:
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties we share it with.
- Right to Delete: Request deletion of personal information we have collected from you, subject to certain exceptions.
- Right to Opt Out of Sale: We do not sell personal information as defined by the CCPA, and we have not done so in the preceding 12 months.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
- Right to Correct: Request correction of inaccurate personal information we hold about you.
- Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond providing our Services.
To submit a CCPA request, please email privacy@sendora.me with the subject line “CCPA Rights Request.” We will verify your identity before processing any request.
14.3 Rights Under India's DPDPA (Indian Users)
If you are located in India, you have the following rights under the Digital Personal Data Protection Act 2023:
- Right to access information about the personal data we process about you;
- Right to correction and erasure of your personal data;
- Right to grievance redressal — you may lodge a complaint with our Grievance Officer at privacy@sendora.me;
- Right to nominate another individual to exercise these rights on your behalf in the event of your death or incapacity.
14.4 How to Exercise Your Rights
To exercise any of the rights described above, please contact us at privacy@sendora.me or use the relevant in-app controls in your account Settings. We may ask you to verify your identity before fulfilling any request. We will not charge a fee for making a request unless it is manifestly unfounded or excessive.
Many data rights can be exercised directly within your account:
- Export your data: Settings → Account → Export
- Delete your account: Settings → Account → Delete Account
- Manage AI features: Settings → Compose
- Change your password / passkeys: Settings → Security
- Review active sessions: Settings → Security → Active Sessions
Children's Privacy
Our Services are not directed to, and we do not knowingly collect personal data from, individuals under the age of 13 (or, where applicable, such higher age as required by local law — for example, 16 in certain EEA Member States under GDPR recital 38).
If you are a parent or guardian and you believe that your child has provided personal data to us without your consent, please contact us immediately at privacy@sendora.me. We will take prompt steps to delete such data from our systems.
Custom domain users
If you are accessing Sendora through a custom domain provisioned by your organisation (“Organisation”), the following applies:
- The organisation that has contracted for custom-domain or related paid services is typically the primary data controller for the email data associated with that domain. Sendora may act as a data processor on behalf of that organisation for such data.
- The Organisation's administrators may have access to email account metadata (such as mailbox names and storage usage) for accounts under their domain. Administrators do not have access to the content of individual users' messages unless separately authorised and configured.
- This Privacy Policy governs Sendora's own data controller activities. Organisations using custom domains should also refer to any Data Processing Agreement (“DPA”) entered into with Sendora.
- If you are an individual user under an Organisation's Sendora account, please also review your Organisation's own privacy policy, as it may govern how they use data collected through Sendora.
Temporary Inbox
The Sendora Temporary Inbox is a disposable email feature that allows users to receive messages at a randomly generated, short-lived email address without creating a full Sendora account.
- Temporary addresses are valid for a defined time period (shown on screen) and are automatically deleted thereafter.
- Messages received at a temporary address are stored for the duration of the inbox’s validity and are automatically purged on expiry.
- No account registration or personal data is required to use a Temporary Inbox. However, we log IP addresses and request data per our standard log retention policy (Section 11) for security and abuse prevention.
- Temporary inboxes are intended for legitimate, lawful use. We reserve the right to terminate any temporary address used for spam, fraud, or abuse without notice.
- Some features of the Temporary Inbox (such as retention extension or export) may require a Sendora account.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Post the revised policy on this page with an updated “Last updated” date at the top;
- Notify registered users via an in-app banner or notification and/or email to the address associated with your account, at least 14 days before the change takes effect (for material changes);
- Where required by applicable law, seek your consent before applying material changes.
We encourage you to review this page periodically. Your continued use of the Services after the effective date of any change constitutes your acceptance of the updated policy, to the extent permitted by law. If you disagree with a change, you should stop using the Services and may request deletion of your account.
Prior versions of this Privacy Policy are available upon request by emailing privacy@sendora.me.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Team:
General Privacy Enquiries
privacy@sendora.meSupport & Account Issues
support@sendora.meSecurity Vulnerabilities
security@sendora.meWe aim to acknowledge all privacy-related enquiries within 2 business days and to resolve substantive requests within 30 days (or as required by applicable law). If you are unsatisfied with our response, you have the right to escalate your complaint to the relevant supervisory authority in your jurisdiction.