Sendcraft

Privacy Policy

Last updated: October 4, 2025

Sendcraft is a Google Sheets extension and companion web dashboard that helps users generate and send personalized email campaigns. This Privacy Policy explains what data we collect, why we collect it, how we use it, where we store it, and how you can request deletion or export of your data.

1. Who we are

Sendcraft is currently operated by the founder, Boris Nezlobin. Sendcraft is not yet a separate legal entity. Contact: team@sendcraft.app.

2. Summary

• We do not ever sell or share your data.
• We use Vercel Analytics and Page Speed measurements to improve the Sendcraft website. No such data is identifiable or shared.
• Data is retained indefinitely unless you request deletion. Request deletion by emailing team@sendcraft.app.
• We use Google sign-in, and the only data we store is your email address and campaign data. Your data is stored in Firestore, a Google database product.
• Emails are sent from your own Gmail account (via Google Apps Script and related Google services).
• When you send a campaign, we record recipient email addresses and a timestamp for when a recipient last opened an email. We also store the template you used and campaign metadata.

3. Data we collect

We collect and store the following categories of data when you use Sendcraft:

• Account identifier: your Google account email address (and optional display name if provided).
• Campaign data: campaign title, stored template (HTML), list of recipient email addresses, and per-recipient metadata including the timestamp of the last "opened" event.
• Session cookie: an OAuth token / session token kept in a cookie to authenticate the dashboard and API requests. Tokens are not ever sold and exported off your device only as needed to verify identity with Google or when set as a session cookie for server-side verification.
• Service analytics: minimal product analytics (Vercel Analytics and Speed Insights) for performance and usage statistics. Not identifiable.
• Technical logs: errors and server logs needed for debugging and operation. These are retained for a maximum of one hour.

4. How we use your data

• To send emails: we read the Google Sheet data you choose to connect and use Google Apps Script to send personalized messages on your behalf.
• Personalization and AI processing: To generate and personalize email content, Sendcraft uses third-party AI inference services, including Hack Club AI. Only the text data you choose to include in your Google Sheet (such as recipient names, roles, or public information used for personalization) is sent to these services. These services process the data temporarily to generate email text and do not retain it after the request completes. Processing by these providers is subject to their own privacy policies.
• Operations and security: tokens and logs are used to authenticate, troubleshoot, and secure the service.
• Analytics: aggregated, non-identifying metrics used to measure performance and improve Sendcraft.

5. Sharing and third parties

We do not sell or rent your personal data. We may share or disclose data only in the following limited cases:

• With Google as required to authenticate users and to send email (Google APIs and Google Apps Script).
• With service providers who process data on our behalf (hosting, analytics). These providers act only on our instructions and are contractually bound to protect data.
• If required by law or to respond to lawful requests from authorities, or to protect rights, property, or personal safety.

6. Cookies, tokens, and authentication

Authentication uses Google OAuth. Sendcraft stores an ID token / session token in a secure cookie for session management. That token is used to verify identity server-side via Google userinfo endpoints. We do not export tokens except to verify identity with Google. If you sign in from the Google Sheets extension, the extension provides an OAuth token which the dashboard may accept to sign you in.

7. Storage and security

Data is stored in Firestore (Google Cloud). Transport of data is encrypted via HTTPS. We use reasonable administrative, technical, and physical safeguards appropriate to the sensitivity of the information. No system is perfect; we cannot guarantee absolute security.

8. Data retention and deletion

We retain campaign data indefinitely until you request deletion. To delete your account and all associated data, contact team@sendcraft.app. Requests to export your data or erase it will be handled by email and will include reasonable verification steps.

9. International users and GDPR

Sendcraft is available globally and may transfer or store data in jurisdictions outside your country. If you are in the EU, UK, or other jurisdictions with privacy laws, you have rights including access, rectification, erasure, and portability. To exercise those rights, contact team@sendcraft.app. We will respond within a reasonable timeframe and may require identity verification.

10. Children

Sendcraft is not designed specifically for children. If you are under the age required by local law for consent (for example, under 16 in some jurisdictions or 13 in others), do not sign up without parental consent. If an account for a minor is created in error, contact team@sendcraft.app to request deletion.

11. Business model

Sendcraft is currently free. We may offer paid plans in the future (paying customers receive additional features and priority support). We do not monetize personal data; paid plans are for access and service levels.

12. Changes to this policy

We may update this Privacy Policy. Notice of material changes will be posted on the site with a revised “last updated” date. Continued use of the Service after such changes constitutes acceptance of the updated policy.

13. Contact

Questions, export or deletion requests, or privacy concerns: team@sendcraft.app.

Note: this Privacy Policy describes current practices for an early-stage product. As Sendcraft grows, we will refine our practices and update this policy accordingly.