Sendd Privacy Policy

Last Updated: February 2026

Version: 1.0

Sendd, Inc. (United States) and Sendd Limited (New Zealand) (collectively referred to as “Sendd,” “we,” “us,” or “our”) are committed to protecting your privacy and handling personal information transparently and securely.

Sendd is a global commerce infrastructure platform designed for merchants, creators, and businesses. We prioritize privacy-by-design architecture, merchant data ownership, data minimization, and security-first infrastructure.

Sendd complies with applicable privacy and data protection laws, including:

  • New Zealand Privacy Act 2020
  • Applicable United States federal and state privacy laws
  • Where applicable, global privacy and data protection standards

This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you use Sendd.store, Sendd marketplaces, and related services (collectively, the “Services”).

Definitions

  • Personal Information / Personal Data — Information relating to an identified or identifiable individual.
  • Processing — Collection, storage, use, disclosure, analysis, transfer, or deletion of data.
  • Merchant — A business or individual using Sendd to sell or facilitate commerce.
  • End User / Customer — A person interacting with a Merchant using Sendd infrastructure.

1. Scope

This Privacy Policy applies to:

Merchants

Merchants using Sendd to sell, facilitate, or manage transactions and customer interactions for physical goods, digital goods, services, events, subscriptions, rentals, pre-orders, payment collection, inquiry submissions, and URL-based or external checkout experiences.

Includes:

  • Storefront hosting
  • Marketplace participation
  • Payment orchestration
  • Booking and scheduling
  • Membership or gated access
  • Hybrid online-to-offline commerce

Customers and End-Users

Customers interacting with merchants via Sendd-powered stores, marketplaces, payment links, or commerce experiences.

Visitors

Visitors to Sendd websites, applications, and infrastructure.

Controller vs Processor Model

For most transaction and end-user data:

  • Merchants act as Data Controllers
  • Sendd acts as a Data Processor

Sendd processes end-user data only according to merchant instructions.

Sendd offers a Data Processing Addendum (DPA) for merchants requiring contractual data protection commitments.

2. Information We Collect

2.1 Information You Provide Directly

Including:

  • Name
  • Email address
  • Login credentials
  • Billing and payment information
  • Merchant business verification information
  • Support communications
  • Store, product, or listing content

2.2 Information Collected Automatically

Including:

  • Device and browser information
  • IP address
  • Usage activity and session behavior
  • Cookies and tracking technologies
  • Performance logs and diagnostic data

2.3 Information From Third Parties

Including:

  • Payment processors (e.g., Stripe or similar providers)
  • Authentication providers (e.g., Google login)
  • Fraud and risk providers
  • Infrastructure and hosting providers

2.4 Sendd Mobile App

Data collected and stored on device:

  • Authentication tokens (access token, refresh token) - stored securely using the device’s native secure storage (iOS Keychain / Android Keystore) and cleared upon logout

Data accessed from the server (not stored locally):

  • Event details (name, date, venue, capacity, ticket statistics)
  • Attendee information (name, email, phone, ticket type, check-in status) - fetched on demand and not cached

Device permissions:

  • Camera - used solely for scanning QR codes on event tickets. No photos or video are captured or stored.

What the app does not do:

  • Does not collect analytics or usage telemetry
  • Does not use third-party tracking or advertising SDKs
  • Does not store attendee data on the device
  • Does not access contacts, location, microphone, or other device sensors

We process personal data based on:

  • Contract performance (accounts, transactions, payouts)
  • Legitimate interests (fraud prevention, platform security, product improvement)
  • Consent (marketing or optional tracking)
  • Legal obligation (tax, compliance, regulatory obligations)

4. How We Use Personal Information

We use personal data to:

  • Operate Sendd Services
  • Authenticate users and prevent fraud
  • Process payments and payouts
  • Provide support
  • Improve platform features and performance
  • Send operational service communications
  • Send marketing communications (where permitted or consented)
  • Meet legal and regulatory requirements
  • Maintain platform security

Sendd processes end-user data only according to merchant instructions.

5. Google User Data

If connected, Sendd may:

  • Access Google identity data for authentication
  • Improve user experience
  • Store data securely with restricted access
  • Share only with operational service providers per Google Limited Use requirements

6. Marketplace Data Separation

Sendd is designed around merchant data ownership:

  • Merchants own their customer relationships
  • Sendd does not sell merchant customer data
  • Sendd does not cross-market between merchants
  • Sendd does not directly market to merchant customers unless authorized

7. AI and Automated Processing

Sendd may use AI or automation for:

  • Security
  • Fraud detection
  • Product improvement
  • Platform performance

Sendd will:

  • Not train generalized AI models on identifiable merchant or customer data without permission
  • Use anonymized or aggregated data where permitted
  • Maintain safeguards to prevent data exposure

8. Disclosure of Personal Information

Service Providers and Subprocessors

Sendd works with service providers for infrastructure, hosting, payments, analytics, email delivery, and security.

Sendd maintains a current list of subprocessors available at sendd.store/subprocessors (or available upon request).

Merchants

End-user data is shared with merchants involved in the transaction.

Where required by law, legal process, or regulatory obligation.

Business Transfers

If Sendd undergoes merger, acquisition, financing, or restructuring.

9. Data Sales and Advertising

Sendd:

  • Does not sell personal information
  • Does not share personal data for cross-merchant advertising targeting

If advertising tools are introduced, required opt-outs will be provided.

10. Security and Incident Response

Sendd maintains security protections including:

  • Encryption in transit and at rest (where applicable)
  • Access controls and authentication controls
  • Monitoring and logging
  • Security reviews

While no system is completely secure, Sendd maintains industry-standard safeguards aligned with modern data protection standards.

Breach Notification

If a confirmed breach occurs, Sendd will:

  • Investigate and mitigate
  • Notify affected parties where legally required
  • Notify regulators within required legal timeframes
  • Coordinate with authorities and partners

11. Data Retention

Data is retained based on:

  • Service necessity
  • Legal and regulatory requirements
  • Fraud and security needs
  • Merchant instructions

Examples:

  • Transaction records — retained for tax and financial compliance
  • Security logs — retained for fraud prevention and platform security
  • Account data — retained while account is active and for reasonable post-closure period

Deletion requests can be made via: [email protected]

12. Cookies and Tracking

Used for:

  • Platform functionality
  • Security
  • Analytics and performance

Browser settings may disable cookies but may affect functionality.

Sendd currently does not respond to browser Do Not Track signals unless required by law.

13. International Data Transfers

Data may be processed in:

  • United States
  • New Zealand
  • Other service provider jurisdictions

Safeguards may include:

  • Standard Contractual Clauses (SCCs)
  • Contractual data protection agreements
  • Equivalent legal safeguards

14. Your Privacy Rights

Depending on location, you may have rights to:

  • Access personal data
  • Correct inaccurate data
  • Request deletion
  • Request portability
  • Object to certain processing

Residents of certain U.S. states may have additional rights, including:

  • Know categories of data collected
  • Know categories of third parties data is shared with
  • Opt out of certain data sharing
  • Limit use of sensitive personal information (where applicable)

Sendd may verify your identity before fulfilling requests.

Contact: [email protected]

15. Children’s Privacy

Sendd Services are not directed to children under 13 (or 16 where applicable).

Sendd does not knowingly collect personal information from children. If we become aware such data has been collected, we will delete it.

16. Merchant Responsibilities

Merchants must:

  • Follow applicable privacy laws
  • Obtain required user consents
  • Protect sensitive personal information
  • Avoid unlawful or deceptive data practices

17. Acceptable Use and Termination

Users must not:

  • Commit fraud or illegal activity
  • Violate intellectual property rights
  • Upload malicious content
  • Abuse platform infrastructure

18. Intellectual Property

Sendd owns platform technology and code.

Merchants retain ownership of their content but grant Sendd operational rights necessary to provide Services.

19. Governing Law

Applicable based on contracting entity:

  • Sendd Limited → New Zealand law
  • Sendd, Inc. → United States law

20. Policy Updates

Policy updates take effect when published. Continued use of Services indicates acceptance.

21. Contact

Sendd Privacy Team

[email protected]

Logo

Contact us

Email: [email protected]Turn your Sendd stores into a bustling marketplace with a few clicks using Sendd Market.Made with ❤️ in
Wellington, New Zealand
© 2026 Sendd. All rights reserved.