Home/Legal Hub/Privacy Policy
    Legal & Policies

    Privacy Policy

    Last Updated: 2026-06-07

    Welcome to  Simply Send , an email delivery service provided by Simply Invent Labs LLC ("we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

    Please read this Privacy Policy carefully. By accessing or using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

    1. Definitions

    For the purposes of this Privacy Policy:

    • Service means the simplysend.email website and the  Simply Send  email delivery service.
    • Personal Data means data about a living individual who can be identified from those data.
    • Usage Data is data collected automatically, generated by the use of the Service or from the Service infrastructure itself.
    • Cookies are small files stored on your device (computer or mobile device).
    • Data Controller means the natural or legal person who determines the purposes for which and the manner in which any personal data are processed. For this Privacy Policy, we are a Data Controller of your data.
    • Data Processors (or Service Providers) means any natural or legal person who processes the data on behalf of the Data Controller.
    • Data Subject is any living individual who is using our Service and is the subject of Personal Data.
    • Sub-Processor means any third-party service provider engaged by us to process Personal Data on your behalf as part of delivering the Service.

    2. Information We Collect

    We collect several different types of information for various purposes to provide and improve our Service to you.

    2.1 Information You Provide

    When you use our Service, we may ask you to provide us with certain personally identifiable information, including but not limited to:

    • Account information (name, email address, password)
    • Contact information (email, phone number, address)
    • Billing and payment information
    • Email content, subject lines, and recipient addresses
    • Contact lists and subscriber data: email addresses and subscription status of recipients you manage through the Service
    • Campaign data: campaign names, schedules, targeting settings, and performance analytics you create within the Service
    • Email event data: delivery, open, click, bounce, complaint, and unsubscribe events associated with emails you send through the Service
    • Customer support communications

    2.2 Information We Collect Automatically

    We automatically collect certain information when you visit, use, or navigate our Service, including:

    • Usage Data: Information about how you interact with our Service, including API calls, email delivery metrics, and feature usage.
    • Log Data: Information that your browser sends whenever you visit our Service, including your IP address, browser type, and pages visited.
    • Device Information: Information about your device, including hardware model, operating system, and mobile network information.
    • Cookies and Tracking Technologies: We use cookies and similar tracking technologies to track activity on our Service.

    2.3 Third-Party Tools

    We use trusted third-party services to provide, improve, and support the Service:

    • Microsoft Clarity & Google Analytics: We use these tools to understand how you use our website (e.g., pages visited, time on site). These tools use cookies and tracking technology to collect Usage Data.
    • Zoho SalesIQ & Zoho Desk: We use Zoho SalesIQ for live chat and Zoho Desk for support ticketing. These services collect personal information such as name, email address, and IP address to facilitate customer support.
    • Amazon Web Services (AWS): Our core infrastructure runs on AWS, including email delivery via Amazon SES, data storage (DynamoDB, S3), and compute (Lambda). Email event data, contact lists, and campaign analytics are stored and processed within AWS.
    • Oracle Cloud Infrastructure (OCI): We use OCI as a secondary email delivery provider. When emails are routed through OCI, recipient email addresses and message content are processed by OCI in accordance with their privacy and security policies.
    • Stripe: We use Stripe for secure payment processing. We do not store your full credit card details on our servers.
    • Cloudflare: We use Cloudflare for content delivery and security. Cloudflare may process technical data such as IP addresses and request metadata.

    2.4 Sensitive and Biometric Data Disclaimer

    We do not knowingly collect, request, or process any sensitive personal data or special categories of personal data (such as biometric data, genetic data, health information, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or sexual orientation). If you believe such information has been mistakenly uploaded or transmitted through the Service, please contact us immediately so we can remove it.

    3. How We Use Your Information

    We use the collected data for various purposes, including:

    • To provide and maintain our Service
    • To notify you about changes to our Service
    • To allow you to participate in interactive features of our Service
    • To provide customer support via email, Zoho Desk ticketing, or Zoho SalesIQ chat
    • To gather analysis or valuable information so that we can improve our Service (via Clarity and GA)
    • To monitor the usage of our Service
    • To detect, prevent and address technical issues, fraud, and abuse
    • To conduct compliance and abuse inspections: We may access and review the content of emails sent through the Service on a random or targeted basis to verify compliance with our Acceptable Use Policy, applicable laws, and third-party provider requirements. Such access is limited to authorised personnel and is used solely for enforcement purposes.
    • To enforce our Terms of Service and Acceptable Use Policy
    • To provide you with news, special offers, and general information about other goods, services, and events which we offer (where you have consented or where we have a legitimate interest)
    • To comply with our legal obligations

    4. Purpose Limitation

    We are committed to using your data only for the purposes described in this policy. Below is a clear summary of what we do and do not do with your data:

    ✅ What We DO

    • Deliver your emails as instructed
    • Provide delivery analytics and reporting
    • Improve service reliability and performance
    • Prevent abuse, spam, and fraud
    • Comply with our legal obligations
    • Use aggregated, anonymised data for infrastructure improvements
    • Conduct random compliance and abuse inspections of email content (limited to authorised personnel, solely for enforcement)

    🚫 What We DON'T Do

    • Sell your data to third parties
    • Use your email content for advertising
    • Train AI or ML models on your message content
    • Share data beyond what is necessary to provide the Service
    • Access your message content for any purpose other than compliance enforcement, abuse detection, or legal obligations

    5. Data Security

    We take the security of your data seriously and implement appropriate technical and organizational measures to protect it, including:

    • All data is encrypted in transit using TLS 1.2+
    • Data stored in our databases and storage services is encrypted at rest using AES-256 encryption with AWS-managed keys (SSE-S3 / SSE-DynamoDB)
    • Role-based access controls limiting data access to authorised personnel only
    • Access logging for sensitive operations via AWS CloudWatch
    • Infrastructure security provided by AWS and Cloudflare, including DDoS protection, TLS enforcement, and network-level controls
    • Dead-letter queues and data retention controls to limit exposure of message data
    Note: While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but we take reasonable steps to protect your information from unauthorized access, use, or disclosure.

    6. Data Retention

    We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy:

    • Account Information: Retained for as long as your account is active and for up to 30 days after account deletion, after which it is permanently removed (except where legal obligations require longer retention).
    • Email Records & Event Data: Email delivery records (including recipient address, subject, status, and email events such as opens, clicks, bounces, and complaints) are retained for up to 120 days, after which they are automatically deleted. Contact list subscription data is retained for as long as your account is active.
    • Campaign Data: Campaign configuration and aggregate statistics are retained for as long as your account is active.
    • Logs and Analytics: Retained for up to 12 months for security and analytics purposes. Usage data in Clarity/GA is retained according to their standard retention periods.
    • Billing Information: Retained as required by tax and accounting laws (typically 7 years).
    • Support Data (Zoho Desk/SalesIQ): Retained in accordance with Zoho's data retention policies, typically for the duration of the support relationship plus a reasonable period thereafter.

    You can request deletion of your personal data by contacting us at [email protected], subject to our legal obligations.

    7. Data Sharing and Disclosure

    We may share your information in the following circumstances:

    • Service Providers (Sub-Processors): We share data with third-party companies (such as Zoho, Microsoft, Google, AWS, OCI, Cloudflare, and Stripe) to facilitate our Service. All sub-processors are bound by Data Processing Agreements (DPAs) and are contractually obligated to process data only on our documented instructions.
    • Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or a prominent notice on our website at least 30 days prior to any such transfer and the change in ownership.
    • Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency), and only to the extent required by applicable law.
    • Protection of Rights: We may disclose your information when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

    We do not sell, rent, or trade your Personal Data to third parties for their own marketing or commercial purposes.

    8. Your Data Protection Rights

    Depending on your location, you may have certain rights regarding your personal information, including:

    • Access: You can request a copy of your personal data.
    • Correction: You can request correction of any inaccurate or incomplete data.
    • Deletion: You can request deletion of your personal data (including data stored in our support and analytics tools), subject to our legal retention obligations.
    • Objection: You can object to our processing of your personal data where we rely on legitimate interests as the legal basis.
    • Portability: You can request a copy of your data in a structured, commonly-used, machine-readable format.
    • Restriction: You can request that we restrict the processing of your personal data in certain circumstances — for example, while we verify the accuracy of your data or while you contest our grounds for processing.
    • Withdraw Consent: Where we rely on your consent as the legal basis for processing, you can withdraw it at any time without affecting the lawfulness of processing carried out prior to withdrawal.

    To exercise any of these rights, please contact us at [email protected]. We may need to verify your identity before processing your request. We will respond to your request within 30 days (or within the timeframe required by applicable law).

    If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority (e.g., the relevant EU supervisory authority, or the UK Information Commissioner's Office).

    9. California Privacy Rights (CCPA & CalOPPA)

    If you are a California resident, you have the right to:

    • Request access to the categories and specific pieces of personal information we have collected about you
    • Request deletion of your personal information
    • Opt-out of the sale of your personal information (we do not sell personal information)
    • Not be discriminated against for exercising any of these rights

    To make a request, please contact us at [email protected]. We will respond to your request within 45 days.

    10. International Data Transfers

    Simply Invent Labs LLC is headquartered in the United States. Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those of your jurisdiction.

    Where we transfer Personal Data from the European Economic Area (EEA), the United Kingdom, or Switzerland to countries that have not received an adequacy decision from the relevant authority, we rely on the following safeguards:

    • Standard Contractual Clauses (SCCs): We use the European Commission-approved Standard Contractual Clauses with all sub-processors and service providers that process personal data outside the EEA. These contractually obligate them to provide an equivalent level of data protection.
    • Data Processing Agreements (DPAs): All third-party sub-processors (including AWS, OCI, Stripe, Zoho, Cloudflare, and Google) are bound by DPAs that require them to process your data only on our documented instructions and in accordance with applicable data protection law.
    • Transfer Impact Assessments: Where required, we conduct transfer impact assessments to ensure that adequate protections are in place.

    If you have questions about the safeguards we use for international data transfers, please contact us at [email protected].

    11. AI/ML Data Usage

    We do NOT train AI or machine learning models on your email content. Your message content, recipient lists, and campaign data remain private and are never used to train AI systems — whether operated by us or any third party.

    Where we use automated or AI-assisted systems, they operate only on aggregated or anonymised data and are limited to the following internal purposes:

    • Spam and abuse detection: Identifying and blocking unsolicited or harmful email traffic to protect our infrastructure and recipients.
    • Fraud prevention: Detecting anomalous account activity that may indicate fraudulent use.
    • Delivery optimisation: Analysing aggregate delivery patterns to improve routing and infrastructure performance.
    • Infrastructure monitoring: Automated alerting on system health and performance metrics.

    You may contact us at [email protected] if you have any questions about how we use automated systems in connection with your data.

    12. Automated Decision-Making

    We use automated systems to help operate, secure, and enforce our Service. The following automated processes may directly affect your account:

    • Spam detection: Automated scanning of sending patterns (not message content) to identify and block spam or abusive traffic. This may result in automatic throttling or temporary suspension of sending.
    • Bounce and complaint rate monitoring:Automated thresholds for bounce rates (>2%) and complaint rates (>0.1%) may trigger automatic account restrictions to protect our sending infrastructure.
    • Fraud detection: Automated analysis of account activity may flag suspicious behaviour and result in account holds pending manual review.
    • Rate limiting: Automated throttling of sending volume to protect infrastructure and prevent abuse.

    Where an automated decision significantly affects your account (such as a suspension or restriction), you have the right to request human review of that decision. To do so, please contact [email protected]. We will review your case and respond within 5 business days.

    Manual Compliance Inspections

    In addition to automated systems, authorised Simply Send personnel may conduct manual, random, or targeted inspections of email content sent through the Service. These inspections are performed solely to:

    • Verify compliance with our Acceptable Use Policy
    • Investigate suspected violations of applicable law (including CAN-SPAM, CASL, GDPR)
    • Respond to third-party provider compliance requirements or complaints
    • Investigate reports of abuse, spam, or harmful content submitted by recipients or providers

    Access is restricted to a limited number of authorised personnel, is logged for audit purposes, and the content accessed is not used for any commercial purpose. By using the Service, you acknowledge and consent to this access as a condition of using a shared email delivery infrastructure.

    13. Children's Privacy

    Our Service is not intended for use by children. We do not knowingly collect personally identifiable information from:

    • Children under the age of 16 if they are located in the European Economic Area or United Kingdom (as required by GDPR Article 8 and the UK GDPR).
    • Children under the age of 13 in all other jurisdictions (including the United States, in compliance with COPPA).

    If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us immediately at [email protected]. If we become aware that we have collected Personal Data from a child without verification of parental consent (where required), we will take steps to remove that information from our servers promptly.

    14. Changes to This Privacy Policy

    We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this Privacy Policy.

    For material changes that affect your rights or how we process your data, we will provide at least 30 days' advance notice via email to the address associated with your account.

    You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

    15. Contact Us

    If you have any questions about this Privacy Policy, our privacy practices, or to exercise your data rights, please contact us at: [email protected]

    Simply Invent Labs LLC
    Email: [email protected]