Privacy Policy

This Privacy Policy explains how BZG Apps LLC. (“Sendra,” “we,” “us”) collects, uses, shares, and protects personal data in connection with the Sendra website and Service.

Two different roles. This policy covers data where Sendra acts as a controller — that is, data about you, our account holders and visitors. When you upload Contact Data about your recipients and send email through Sendra, we act as a processor on your behalf; that processing is governed by our Data Processing Agreement, and you are the controller of that data.

1. Who we are

BZG Apps LLC (‘Sendra’) is a Delaware corporation operating the Service at sendra.so. For privacy questions or to exercise your rights, contact us at support@bzgapps.com.

2. Information we collect

• Account & identity data — your name, email address, and authentication credentials (passwords are stored only as cryptographic hashes), and workspace/organization details.
• Billing data — plan, subscription status, and billing identifiers. Payments are processed by Stripe; Sendra does not store full payment-card numbers.
• Integration credentials — the Amazon SES / AWS credentials you choose to connect. These are encrypted at rest (AES-256-GCM) and used only to operate the Service on your behalf.
• Usage & workspace data — your settings, campaigns, automations, and how you interact with the Service.
• Support communications — messages, attachments, and metadata when you contact us.
• Device & log data — IP address, browser type, pages viewed, and similar information collected automatically, including through cookies and analytics on our marketing site.

3. How we use information

We use personal data to:

• provide, operate, maintain, and improve the Service;
• process billing and manage subscriptions;
• secure the Service, prevent fraud and abuse, and enforce our terms;
• provide support and respond to your requests;
• send service, transactional, and (where permitted) product communications; and
• comply with legal obligations.

Where the GDPR or UK GDPR applies, we rely on the following lawful bases: performance of a contract (Art. 6(1)(b)), our legitimate interests in operating and securing the Service (Art. 6(1)(f)), compliance with legal obligations (Art. 6(1)(c)), and your consent where required (Art. 6(1)(a)).

4. How we share information

We do not sell your personal data. We share it only:

• with service providers / sub-processors that help us run the Service — for example AWS (hosting and Amazon SES), Stripe (payments), our application hosting provider (Railway), and our analytics providers (PostHog, Google Analytics, and Aptabase) — under contracts that protect your data;
• when required by law, legal process, or to protect the rights, safety, and security of Sendra, our users, or the public; and
• in connection with a merger, acquisition, financing, or sale of assets, subject to this policy.

5. Cookies & analytics

We use cookies and similar technologies to keep you signed in, remember preferences, secure the Service, and understand usage of our marketing site and app. To understand product usage we use analytics tools including PostHog, Google Analytics, and Aptabase. You can control cookies through your browser settings; some features may not function without them.

6. Data retention

We retain personal data for as long as your account is active and as needed to provide the Service, and thereafter as required for legal, accounting, security, or dispute-resolution purposes. After account termination, we may then delete or anonymize it, consistent with the Terms of Service and DPA.

7. International data transfers

We may process and store personal data in the United States and other countries. Where we transfer personal data from the EEA, UK, or Switzerland to a country without an adequacy decision, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

8. Your rights

Depending on where you live, you may have rights to access, correct, delete, port, restrict, or object to our processing of your personal data, and to withdraw consent.

• EEA / UK (GDPR): rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with your supervisory authority.
• California (CCPA/CPRA): the rights to know, access, delete, and correct your personal information, to opt out of “sale” or “sharing” (we do not sell or share personal information as those terms are defined), and not to be discriminated against for exercising your rights.

To exercise any right, email support@bzgapps.com. We will verify and respond as required by applicable law.

9. Security

We use technical and organizational measures designed to protect personal data, including encryption of sensitive credentials at rest, access controls, and tenant isolation. No method of transmission or storage is perfectly secure, however, and we cannot guarantee absolute security.

10. Children

The Service is not directed to children under 18, and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us so we can delete it.

11. Changes to this policy

We may update this policy from time to time. If we make material changes, we will update the “Last updated” date above.

12. Contact

Privacy questions or requests: support@bzgapps.com. See also our Terms of Service, Acceptable Use Policy, and Data Processing Agreement.