Effective Date: July 2, 2026
This Privacy Policy ("Policy") describes how SendGauge ("Company," "we," "us," or "our") collects, uses, stores, and discloses information when you use the SendGauge platform, website, APIs, and related services (collectively, the "Service"). The Service includes (a) email reply automation, which connects to your email mailbox to detect replies to campaigns you configure and send follow-up replies on your behalf, and (b) email deliverability monitoring and analytics. By accessing or using the Service, you acknowledge that you have read and understood this Policy.
1.1 Account Information
When you create an account via Google OAuth, we receive and store your name, email address, and profile image as provided by Google. We do not collect or store your Google account password.
1.2 Connected Mailbox Data (Reply Automation)
To provide reply automation, you connect an email mailbox (for example, a Gmail or Google Workspace account) via OAuth 2.0. We store the OAuth access and refresh tokens required to access that mailbox on your behalf. Using this access, we:
We access only what is necessary to operate the automations you configure. We do not read, index, or store your entire mailbox, and we do not access messages that are unrelated to the campaigns you set up. See Section 2 ("Google User Data and Limited Use") for additional commitments that apply to data obtained from Google APIs.
1.3 Reply and Subscriber Data
When a person replies to one of your campaigns and the reply matches an automation, we store the reply's sender name and email address, subject, message content (with quoted history removed), timestamps, and thread and message identifiers, along with a record of any follow-up we sent and any tag we applied on your behalf in a connected email service provider. This lets us display your reply inbox, prevent duplicate sends, and show your automation activity.
1.4 Google Postmaster Tools Data
If you use deliverability monitoring, we request access to your Google Postmaster Tools data via OAuth 2.0 and store the tokens needed to retrieve it. The data retrieved includes domain reputation metrics, spam rates, authentication success ratios (DKIM, SPF, DMARC), encryption ratios, and related deliverability metrics.
1.5 Email Service Provider Credentials
If you connect an email service provider (e.g., Mailchimp, Kit, Beehiiv, ActiveCampaign, MailerLite), we store the API key or access credentials you provide. These credentials are used solely to retrieve email performance data and, where you enable it, to tag repliers on your behalf.
1.6 Billing Information
Payment processing is handled by Stripe, Inc. We store your Stripe customer identifier and subscription identifiers. We do not store your credit card number, bank account information, or other payment instrument details. Such information is collected and processed directly by Stripe in accordance with Stripe's Privacy Policy.
1.7 Domain and Deliverability Data
We collect and cache data related to the email domains you register with the Service, including domain names, DNS records, blocklist status, inbox placement test results, and AI-generated deliverability insights and scores.
1.8 Alert and Waitlist Information
If you configure alerts, we store your alert preferences, including notification channel settings and any webhook URLs you provide. If you join a waitlist, we collect your name, email address, and the answers you provide in the waitlist form.
1.9 Marketing and Analytics Data
We use Meta (Facebook) Pixel to collect anonymized analytics and conversion tracking data. We also capture UTM parameters (source, medium, campaign, content) associated with your initial visit for marketing attribution purposes. This data is stored alongside your account record.
1.10 Automatically Collected Information
When you access the Service, our servers and third-party infrastructure providers may automatically collect standard log data, including your IP address, browser type, operating system, referring URLs, pages viewed, and timestamps.
SendGauge's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
You can review and revoke SendGauge's access to your Google account at any time at myaccount.google.com/permissions, and you can disconnect your mailbox from within the Service. See Section 6 ("Data Retention and Deletion").
We use the information we collect to:
We share information with third-party service providers that assist us in operating the Service. These providers process your information on our behalf and are contractually obligated to use it only for the purposes we specify. Our current third-party service providers include:
| Provider | Purpose | Data Shared |
|---|---|---|
| OAuth authentication, Gmail access for reply automation, and Postmaster Tools API | OAuth tokens; access to matching reply messages and the follow-ups we send on your behalf; domain identifiers | |
| Supabase | Authentication, database, and infrastructure | Account data, OAuth tokens, reply and subscriber data, ESP credentials, domain data, all operational data |
| Railway | Application hosting | All data processed by the application passes through Railway infrastructure |
| Stripe | Payment processing and subscription management | Email address, subscription details |
| Anthropic | AI-powered deliverability insights | Domain metrics and deliverability data (no Gmail message content; no personally identifiable subscriber data) |
| Resend | Transactional email delivery (account and alert emails) | Email address, name |
| Meta (Facebook) | Advertising analytics and conversion tracking | Anonymized page view and conversion events |
| Cloudflare | DNS and CDN | Web traffic metadata |
We do not send Gmail message content or your reply/subscriber data to advertising, marketing, or AI model-training services. Each provider maintains its own privacy policy and security measures.
Your data is stored on infrastructure provided by Supabase (PostgreSQL with row-level security policies) and Railway (application hosting), located in the United States. Sensitive credentials — including Google OAuth tokens and email service provider API keys — are encrypted at rest (AES-256-GCM) and further protected by row-level security policies that restrict access to the authenticated owner of the data.
We implement commercially reasonable administrative, technical, and physical safeguards designed to protect your information. However, no method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security.
We retain your account information and associated data for as long as your account is active or as needed to provide the Service. Reply and subscriber data is retained while your account is active so we can display your inbox and activity and prevent duplicate sends. Cached deliverability data is retained and periodically refreshed while your account is active.
You may disconnect a mailbox at any time from within the Service, which stops all access and sending for that mailbox. When you disconnect a mailbox or delete your account, we delete the associated OAuth tokens and, upon request, the stored reply and subscriber data associated with that mailbox, except where retention is required to comply with legal obligations, resolve disputes, or enforce our agreements. You may also revoke access directly at myaccount.google.com/permissions. To request deletion, contact alyssa@sendgauge.com.
Depending on your jurisdiction, you may have the right to:
To exercise any of these rights, please contact us at alyssa@sendgauge.com. We will respond within thirty (30) days, or such shorter period as required by applicable law.
The Service is operated from the United States. If you access the Service from outside the United States, you acknowledge that your information will be transferred to, stored, and processed in the United States and other jurisdictions where our service providers operate, which may have data protection laws that differ from those of your jurisdiction.
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly.
The Service uses cookies and similar technologies for authentication and session management. We also use the Meta (Facebook) Pixel, which places cookies to track conversions and page views for advertising purposes. You may control cookie behavior through your browser settings, but disabling cookies may impair the functionality of the Service.
We may update this Policy from time to time. We will notify you of material changes by posting the updated Policy on the Service and updating the "Effective Date" above. Your continued use of the Service after such changes constitutes your acceptance of the revised Policy.
If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: alyssa@sendgauge.com