Effective Date: May 21, 2026
This Privacy Policy ("Policy") describes how SendGauge ("Company," "we," "us," or "our") collects, uses, stores, and discloses information when you use the SendGauge platform, website, APIs, and related services (collectively, the "Service"). By accessing or using the Service, you acknowledge that you have read and understood this Policy.
1.1 Account Information
When you create an account via Google OAuth, we receive and store your name, email address, and profile image as provided by Google. We do not collect or store your Google account password.
1.2 Google Postmaster Tools Data
To provide the Service, we request access to your Google Postmaster Tools data via OAuth 2.0. We store the OAuth access token and refresh token necessary to retrieve this data on your behalf. The data retrieved includes domain reputation metrics, spam rates, authentication success ratios (DKIM, SPF, DMARC), encryption ratios, and related deliverability metrics. We do not access, read, store, or process the contents of your emails, your contact lists, or any other data from your Google account beyond what is strictly necessary to retrieve Postmaster Tools metrics.
1.3 Email Service Provider Credentials
If you connect an email service provider (e.g., Mailchimp, Kit, Beehiiv, ActiveCampaign, MailerLite), we store the API key or access credentials you provide. These credentials are used solely to retrieve email performance data from the connected provider on your behalf.
1.4 Billing Information
Payment processing is handled by Stripe, Inc. We store your Stripe customer identifier and subscription identifiers. We do not store your credit card number, bank account information, or other payment instrument details. Such information is collected and processed directly by Stripe in accordance with Stripe's Privacy Policy.
1.5 Domain and Deliverability Data
We collect and cache data related to the email domains you register with the Service, including domain names, DNS records, blocklist status, inbox placement test results, and AI-generated deliverability insights and scores.
1.6 Alert Configuration
If you configure alerts, we store your alert preferences, including notification channel settings and any Slack webhook URLs you provide.
1.7 Waitlist Information
If you join our waitlist, we collect your name and email address.
1.8 Marketing and Analytics Data
We use Meta (Facebook) Pixel to collect anonymized analytics and conversion tracking data. We also capture UTM parameters (source, medium, campaign, content) associated with your initial visit for marketing attribution purposes. This data is stored alongside your account record.
1.9 Automatically Collected Information
When you access the Service, our servers and third-party infrastructure providers may automatically collect standard log data, including your IP address, browser type, operating system, referring URLs, pages viewed, and timestamps.
We use the information we collect to:
We share information with third-party service providers that assist us in operating the Service. These providers process your information on our behalf and are contractually obligated to use it only for the purposes we specify. Our current third-party service providers include:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication, database, and infrastructure | Account data, OAuth tokens, ESP credentials, domain data, all operational data |
| Stripe | Payment processing and subscription management | Email address, subscription details |
| OAuth authentication and Postmaster Tools API | OAuth tokens, domain identifiers | |
| Anthropic | AI-powered deliverability insights | Domain metrics and deliverability data (no personally identifiable information) |
| Resend | Transactional email delivery | Email address, name |
| Meta (Facebook) | Advertising analytics and conversion tracking | Anonymized page view and conversion events |
| Railway | Application hosting | All data processed by the application passes through Railway infrastructure |
| Cloudflare | DNS and CDN | Web traffic metadata |
We do not control the security practices of these third-party providers. Each provider maintains its own privacy policy and security measures. We are not responsible for any breach, unauthorized access, or data loss occurring within these third-party systems.
Your data is stored on infrastructure provided by Supabase (PostgreSQL database with row-level security policies) and Railway (application hosting). Sensitive credentials, including Google OAuth tokens and ESP API keys, are stored in the database and protected by row-level security policies that restrict access to the authenticated owner of the data.
We implement commercially reasonable administrative, technical, and physical safeguards designed to protect your information. However, no method of electronic storage or transmission is completely secure. We cannot and do not guarantee the absolute security of your data. You acknowledge that you provide your information at your own risk.
We retain your account information and associated data for as long as your account is active or as needed to provide the Service. Cached deliverability data (domain stats, ESP stats, AI insights) is retained and periodically refreshed while your account is active. Waitlist data is retained until you request its removal. Upon account termination, we may retain certain data as necessary to comply with legal obligations, resolve disputes, or enforce our agreements.
Depending on your jurisdiction, you may have the right to:
To exercise any of these rights, please contact us at alyssa@sendgauge.com. We will respond to your request within thirty (30) days, or such shorter period as required by applicable law.
The Service is operated from the United States. If you access the Service from outside the United States, you acknowledge that your information will be transferred to, stored, and processed in the United States and other jurisdictions where our service providers operate. These jurisdictions may have data protection laws that differ from those of your jurisdiction.
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take steps to delete such information promptly.
The Service uses cookies and similar technologies for authentication and session management. We also use the Meta (Facebook) Pixel, which places cookies to track conversions and page views for advertising purposes. You may control cookie behavior through your browser settings, but disabling cookies may impair the functionality of the Service.
We may update this Policy from time to time. We will notify you of material changes by posting the updated Policy on the Service and updating the "Effective Date" above. Your continued use of the Service after such changes constitutes your acceptance of the revised Policy.
If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: alyssa@sendgauge.com