Privacy Policy
Effective date: December 15, 2025
This Privacy Policy describes how GYOGYO ("Sendable", "we", "us" or "our") collects, uses and protects information when you use the Sendable website and application (the "Service").
Controller of the data: GYOGYO, 3 rue du grand champ, 86800 Bignoux, France. Contact: antoine@sendable.sh.
1. Information we collect
1.1 Information you provide
- Account information: name, email address, password (hashed), and workspace name.
- Billing information: name, billing address and payment details.
- LinkedIn account credentials and session data you connect to your workspace.
- Content you create: campaigns, message templates, lead lists, replies and notes.
- Communications you send to us (support requests, emails, feedback).
1.2 Information collected automatically
- Usage data: pages visited, features used, clicks, and timestamps.
- Device and log data: IP address, browser type, operating system, language.
- Cookies and similar technologies for authentication, preferences and analytics.
2. How we use your information
- To provide, operate and maintain the Service.
- To authenticate you and secure your account.
- To process payments and manage subscriptions.
- To send service updates, security alerts and support messages.
- To improve features, monitor performance and prevent abuse.
- To comply with legal obligations.
3. Legal bases (GDPR)
We process personal data on the following legal bases: performance of a contract (providing the Service), our legitimate interests (improving and securing the Service), your consent (where required, e.g. marketing emails), and compliance with legal obligations.
4. Sharing and subprocessors
We do not sell your personal data. We share data only with subprocessors that help us run the Service, under a Data Processing Agreement:
| Subprocessor | Purpose | Location |
|---|---|---|
| Vercel Inc. | Application hosting and CDN | United States / EU |
| Neon Inc. | Managed PostgreSQL database | EU |
| Stripe Inc. | Payment processing and billing | United States / EU |
| Resend Inc. | Transactional email delivery | United States |
We may also disclose information if required by law, court order, or to protect the rights, property or safety of Sendable, our users or others.
5. International transfers
Some of our subprocessors are located outside the European Economic Area. When data is transferred outside the EEA, we rely on adequacy decisions or Standard Contractual Clauses approved by the European Commission.
6. Data retention
We keep your data for as long as your account is active. After account deletion, personal data is deleted within 90 days, except where we must keep it longer to comply with legal obligations (e.g. invoices for accounting purposes — 10 years).
7. Your rights
Under the GDPR you have the right to access, rectify, erase, restrict, or port your personal data, and to object to processing. You can exercise these rights at any time by writing to antoine@sendable.sh. You also have the right to lodge a complaint with the French data protection authority (CNIL).
8. Security
We use industry-standard technical and organizational measures to protect your data, including encryption in transit (TLS), encryption at rest, access controls and regular backups. No method of transmission or storage is 100% secure, however, and we cannot guarantee absolute security.
9. Children
The Service is not intended for individuals under 16. We do not knowingly collect personal data from children.
10. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. The "Effective date" at the top reflects the latest version.
11. Contact
For any question about this Privacy Policy, contact us at antoine@sendable.sh.