Sendiee processes personal data because messaging is intimate by definition. This document explains exactly what we collect, why, where it lives, who can touch it, and how to make us stop. It applies to every user of sendiee.com and our platform globally.
Overview
Codestormx (Sendiee) (“Sendiee”, “we”, “our”) provides an AI-powered messaging automation platform. This Privacy Policy describes how we collect, use, share and safeguard personal data when you visit sendiee.com or use our platform (the “Services”).
This policy is written for both (a) our direct customers (businesses using the Services) and (b) end users whose personal data we process on behalf of our customers as a data processor.
Data we collect
Customer account data
- Identifiers — name, work email, phone, billing address, GSTIN.
- Authentication — hashed passwords, OAuth tokens for Meta / Google.
- Billing — masked card data via Razorpay/Stripe; we never store full PAN.
Conversation data (processor)
- Messages exchanged on WhatsApp, Instagram or Messenger between our customer and their end users.
- Contact metadata — phone, name, profile photo, language, tags.
- Media attachments — images, voice notes, documents.
Usage data
- Device data, IP address, log timestamps, feature usage.
- Cookies — strictly necessary, analytics (PostHog), and consent-managed marketing.
How we use data
We process personal data only for the purposes set out below, and only on the legal bases described.
| Purpose | Legal basis | Retention |
|---|---|---|
| Providing the Services | Contract | Lifetime of account |
| Billing & invoicing | Legal obligation | 8 years |
| Product analytics | Legitimate interest | 24 months |
| Marketing emails | Consent | Until withdrawn |
| Fraud prevention | Legitimate interest | 5 years |
| AI model improvement | Consent (opt-in) | De-identified, indefinite |
International transfers
Sendiee is an India-incorporated entity with primary infrastructure in AWS Mumbai (ap-south-1). For redundancy and disaster recovery, encrypted backups are replicated to AWS Singapore (ap-southeast-1). For customers in the EU and UK we offer EU residency on Pro+ plans, served from AWS Frankfurt (eu-central-1).
All cross-border transfers are governed by Standard Contractual Clauses (SCCs) where required, and Data Processing Addenda are available to all customers.
Security
- Encryption at rest with AES-256; in transit with TLS 1.2+.
- Role-based access control with mandatory 2FA for all employees.
- SOC2 Type II report available under NDA (Type I attested 2025).
- Annual third-party penetration testing (last: Q4 2025, by Cobalt).
- 24/7 incident response team. Notification within 72h of confirmed breach.
Your rights
Subject to applicable law (DPDPA 2023, GDPR, CCPA), you have the right to access, correct, delete, restrict, or port your personal data, and to object to processing or withdraw consent.
You can exercise most of these rights directly from your account settings, or by emailing [email protected]. We respond within 30 days.
If you are an end user of one of our customers, please direct your request to that customer first; we will support them in fulfilling it.
Retention & deletion
When you delete your account, we delete personal data within 30 days, except where retention is required by law (tax records, audit logs). Encrypted backups are purged within 90 days.
End-user conversation data is retained per the data controller's (our customer's) instructions, configurable from 7 days to indefinite.
Children's data
The Services are not directed to children under 18. We do not knowingly collect data from minors. If you believe we have, please email [email protected] and we will delete it promptly.
Changes
We may update this policy. Material changes are notified at least 30 days before they take effect, by email and via an in-app banner. Historical versions are available at sendiee.com/legal/archive.
Contact us
Data Protection Officer
Email: [email protected]
Postal: Codestormx (Sendiee), Attn: DPO, 42 Brighton Rd, Barrie, ON L4M 6S4, Canada.
Email our DPO at [email protected] or write to Codestormx (Sendiee), Attn: Privacy, 1/106/C, Velangkattu Thottam, Tiruppur, Tamil Nadu 641665, India.