Privacy Policy
Last updated: March 1, 2025
1. Information We Collect
We collect information you provide directly: account details (name, email, phone), payment information, contact lists you upload, and message content. We also collect usage data automatically: IP addresses, browser type, device information, and how you interact with our platform.
2. How We Use Your Information
We use your information to provide and improve our services, process and deliver messages, handle billing, send service notifications, prevent fraud, and comply with legal obligations. We do not use your message content or contact data for advertising purposes.
3. Message Data
Message content is processed solely for the purpose of delivery and is retained for 90 days to support delivery reporting and troubleshooting. Contact data you upload remains your property. We do not read, analyze, or sell your message content or contact information.
4. Data Sharing
We share data only with: carrier networks (for message delivery), payment processors (for billing), cloud infrastructure providers (for hosting), and as required by law. We do not sell personal information to third parties. All sub-processors are bound by data processing agreements.
5. Data Security
We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, regular security audits, SOC 2 Type II compliance, and role-based access controls. We promptly notify affected users in the event of a data breach.
6. Data Retention
Account data is retained while your account is active. Message logs are retained for 90 days. Analytics data is retained for 12 months. Upon account deletion, all personal data is removed within 30 days, with backups purged within 90 days.
7. Your Rights
You have the right to access, correct, export, or delete your personal data at any time through your account settings or by contacting us. For users in the EU/EEA, you have additional rights under GDPR including the right to object to processing and data portability.
8. Cookies and Tracking
We use essential cookies for authentication and session management. We use optional analytics cookies to improve our service. You can manage cookie preferences through your browser settings. We do not use tracking cookies for advertising.
9. International Transfers
Our servers are located in the United States and Canada. If you access our services from outside these regions, your data may be transferred internationally. We ensure appropriate safeguards are in place for all international data transfers.
10. Children's Privacy
Our services are designed for business use and are not directed at individuals under 18. We do not knowingly collect personal information from children. If we learn we have collected such data, we will promptly delete it.
11. Changes to This Policy
We may update this policy periodically. We will notify you of material changes via email or in-app notification at least 30 days before they take effect. The date at the top of this page indicates the last revision.
For privacy-related inquiries, contact our Data Protection Officer at privacy@mercurysend.com or visit our contact page.