SendCheck logoSendCheckDeliverability control center
Privacy policy

Your data, protected by design

This policy explains what data SendCheck collects, how it is used, and the choices available to you while operating a workspace dedicated to email deliverability.

Effective date: October 20, 2025

Information we collect

  • Account data such as email addresses, names, and authentication provider IDs when you sign in with a magic link, Google, or GitHub.
  • Workspace data including domain names, DNS records, remediation notes, and alert preferences that you or your teammates add to SendCheck.
  • Usage diagnostics like feature adoption, latency, and error rates that help us maintain 99.98% uptime.
  • Billing data processed through Stripe when you upgrade to Starter or Team plans. We never store full payment card numbers.

How we use your data

  • Run deterministic SPF, DKIM, DMARC, and BIMI checks against the domains you monitor.
  • Generate provider-specific remediation guidance and PDF reports.
  • Send transactional messages about workspace status, alert notifications, usage limits, and product updates.
  • Improve platform reliability, prevent abuse, and develop new features such as additional integrations.

How data is shared

  • Infrastructure providers (Vercel, Neon, Upstash, AWS) process data solely to deliver the service.
  • Stripe manages subscription billing and retains limited customer metadata required for invoicing.
  • Support tooling (Linear, HelpScout, Slack) accesses account information only when you initiate a support ticket.
  • We never sell customer data to third parties or use it for advertising.

Retention & deletion

DNS snapshots and reports remain accessible for as long as your workspace exists. When you delete a domain or workspace, related DNS records, alerts, and PDFs are purged within 30 days from primary storage and 45 days from encrypted backups.

Email addresses for marketing communications are retained until you unsubscribe. Transactional emails (receipts, legal notices) are stored to meet regulatory obligations.

Security

SendCheck encrypts data in transit (TLS 1.2+) and at rest. Access to production systems is restricted to trained personnel using SSO, MFA, and audited role-based permissions. We run daily vulnerability scans and undergo third-party penetration testing annually.

You can enable domain-level safeguards such as drift alerts and workspace access controls to reduce risk on your side as well.

Your rights & choices

  • Request access to the data we hold about you.
  • Correct inaccurate profile information.
  • Export domain reports and workspace records.
  • Delete your account and associated workspaces.
  • Opt out of marketing emails by using the unsubscribe controls in the message.

To exercise these rights, email privacy@sendcheck.email from the address associated with your workspace. We verify requests before taking action and respond within 30 days.

International data transfers

SendCheck stores data in the European Union (Neon Postgres) and the United States (Vercel, AWS). When we transfer data internationally we rely on Standard Contractual Clauses or other lawful transfer mechanisms. We only work with subprocessors that maintain industry-recognized security compliance (SOC 2, ISO 27001, or equivalent).

Updates

We may update this Privacy Policy to reflect new features, subprocessors, or legal requirements. We will notify workspace owners via email for material changes. The “Effective date” below indicates the last revision.

Need our DPA or subprocessor list?

Enterprise customers can request signed Data Processing Agreements and detailed security documentation.

Request documentation