Privacy Policy

1. Information We Collect

1.1 Information You Provide

We collect information you directly provide to us, including:

• Account registration information (name, email address, company details)
• Payment and billing information
• Profile information and preferences
• Communications with our support team
• Feedback, surveys, and other voluntary submissions

1.2 Information We Collect Automatically

When you use our services, we automatically collect:

• Usage data and analytics (API calls, feature usage, performance metrics)
• Device information (IP address, browser type, operating system)
• Log data (access times, pages viewed, actions taken)
• Email infrastructure performance data
• Cookies and similar tracking technologies

1.3 Email Infrastructure Data

As a cold email infrastructure provider, we process:

• Domain configuration and DNS records
• Email account metadata (sender addresses, delivery status, bounce records)
• Email subject lines and preview text for deliverability analysis
• Reply content for our unified inbox and reply detection features
• Delivery statistics and performance metrics
• SMTP authentication data

1.4 Google User Data

When you authenticate with Google OAuth, we access only:

• Your email address
• Your name (basic profile information)

We use this Google user data solely to:

• Create and authenticate your ColdSend account
• Display your name in your dashboard
• Send you important service notifications

We never:

• Transfer Google user data to third parties
• Use Google user data for advertising or marketing
• Allow human access to Google user data (except for security/law compliance)
• Use Google user data to determine credit-worthiness

2. AI and Machine Learning

We use artificial intelligence and machine learning to improve our services. This includes:

• Reply detection and classification: We analyze incoming reply content to categorize responses (interested, not interested, out-of-office, etc.) and surface priority conversations in your unified inbox.
• Copy generation assistance: Our AI tools help generate email subject lines, body copy, and follow-up sequences based on your inputs and preferences.
• Deliverability scoring: We analyze email content patterns, subject lines, and sending behaviour to provide deliverability recommendations.
• Lead scoring: We process engagement data (opens, clicks, replies) to help you identify high-intent prospects.

How we handle AI-processed data:

• Email content processed for reply detection is stored only as long as necessary to provide the feature.
• We do not use your email content to train general-purpose AI models.
• AI processing is automated; human reviewers do not read your emails except as required for security or legal compliance.
• If you have concerns about AI processing, contact us on Discord and we will review your request.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our email infrastructure services
• Process payments and manage your account
• Provide customer support and respond to inquiries
• Monitor and analyze usage patterns to improve performance
• Ensure security and prevent fraud
• Comply with legal obligations
• Send important service updates and notifications
• Develop new features and services, including AI-powered tools

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information in the following circumstances:

4.1 Service Providers

We work with trusted third-party service providers who assist us in operating our business, including:

• Cloud hosting providers (AWS, Google Cloud, Microsoft Azure)
• Payment processors (Stripe)
• Analytics services (Google Analytics)
• Customer support tools
• Security and monitoring services
• AI/ML infrastructure providers (for processing, not model training)

4.2 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes or government requests
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Enforce our Terms of Service

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

4.4 Google User Data Protection

Google user data obtained through OAuth is never:

• Sold, traded, or rented to any third parties
• Used for advertising or promotional purposes
• Combined with data from other sources for profiling
• Accessed by employees except as required for security incidents or legal compliance

5. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption in transit and at rest
• Regular security audits and monitoring
• Access controls and authentication
• Secure data centers and infrastructure
• Employee training on data protection

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using industry-standard practices.

Google user data is protected with additional safeguards:

• Stored separately from other user data
• Access logging and monitoring
• Encrypted with industry-standard protocols
• Limited access controls (only automated systems, no human access)

6. Data Retention

We retain your information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Maintain accurate financial records

Specific retention periods:

• Account data: Retained for the life of your account plus 30 days after deletion.
• Email campaign data: Retained for 12 months after campaign completion for analytics and compliance.
• Bounce and suppression data: Retained indefinitely to prevent re-sending to invalid addresses.
• Reply data: Retained for 6 months, after which content is anonymized or deleted.
• Payment records: Retained for 7 years per tax and accounting requirements.

When you close your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain certain information for legal or regulatory purposes.

Google user data is retained only as long as you maintain an active account. Upon account deletion, Google user data is removed within 7 days.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

7.1 Access and Portability

You can request access to your personal information and receive a copy in a structured, machine-readable format.

7.2 Correction and Updates

You can update your account information at any time through your dashboard or by contacting us.

7.3 Deletion

You can request deletion of your personal information, subject to certain legal and legitimate business requirements.

7.4 Marketing Communications

You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or contacting us directly.

7.5 AI Feature Opt-Out

AI-powered features (reply detection, copy generation, lead scoring) are integral to ColdSend's operations. If you have specific concerns about AI processing, please reach out to us on our Discord server. We will review your request on a case-by-case basis and can explore alternatives, such as deploying a local model for your account, where feasible.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your session and preferences
• Analyze website traffic and usage patterns
• Improve our services and user experience
• Provide security features

You can control cookies through your browser settings, but disabling certain cookies may affect the functionality of our services.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data during international transfers, including:

• Standard contractual clauses approved by regulatory authorities
• Adequacy decisions by relevant data protection authorities
• Other legally recognized transfer mechanisms

10. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will delete such information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending an email notification to registered users
• Providing notice through our services

Your continued use of our services after the effective date of any changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days. For urgent privacy concerns, please mark your email as "URGENT - Privacy Request."

13. Google Limited Use Compliance

Our use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.