GDPR Compliance

Last updated: January 10, 2026

Sendo is fully compliant with the General Data Protection Regulation (GDPR). We are committed to protecting your privacy rights and handling your personal data responsibly.

1. Your GDPR Rights

Under GDPR, you have the following rights:

1.1 Right to Access

• Request a copy of all personal data we hold about you
• Receive data in a machine-readable format (CSV/JSON)
• Access available through dashboard or by contacting us

1.2 Right to Rectification

• Correct inaccurate or incomplete personal data
• Update your information in account settings
• Request corrections via email

1.3 Right to Erasure ("Right to be Forgotten")

• Request deletion of your personal data
• Delete your account from dashboard settings
• Data will be erased within 30 days
• Some data may be retained for legal compliance

1.4 Right to Data Portability

• Receive your data in CSV or JSON format
• Transfer data to another service provider
• Export available in dashboard (Pro+) or via email request

1.5 Right to Restriction

• Request restriction of processing
• Temporarily pause data processing while disputing accuracy

1.6 Right to Object

• Object to processing of your personal data
• Opt out of marketing communications
• Object to automated decision-making

1.7 Right to Withdraw Consent

• Withdraw consent at any time
• Manage cookie preferences
• Opt out of analytics

2. How to Exercise Your Rights

To exercise any GDPR rights:

• Dashboard: Many rights can be exercised directly in your account settings
• Email: Contact privacy@sndo.app
• DPO: Contact our Data Protection Officer at dpo@sndo.app

We will respond within 30 days (or 60 days for complex requests).

3. Legal Basis for Processing

We process your data based on:

3.1 Contractual Necessity

• Providing the link management service
• Processing payments
• Managing your account

3.2 Legitimate Interest

• Improving our service
• Fraud prevention and security
• Analytics for service optimization

3.3 Consent

• Marketing communications (opt-in)
• Non-essential cookies
• Newsletter subscriptions

3.4 Legal Obligation

• Tax and accounting records
• Compliance with court orders
• Regulatory requirements

4. Data We Collect

• Account Data: Email, encrypted password, billing information
• Link Data: URLs, short codes, metadata
• Analytics Data: IP addresses (pseudonymized), device info, click data
• Usage Data: How you interact with our service

See our Privacy Policy for complete details.

5. Data Retention

• Active Accounts: Data retained while account is active
• Deleted Accounts: Deleted within 30 days
• Analytics: 12-24 months depending on plan
• Billing Records: 7 years for tax compliance

6. International Data Transfers

Your data may be transferred outside the EU/EEA. We ensure protection through:

• Standard Contractual Clauses (SCCs): EU-approved contracts
• Adequacy Decisions: Transfers to approved countries
• EU-US Data Privacy Framework: When applicable

7. Data Protection Officer

Our Data Protection Officer oversees GDPR compliance:

• Email: dpo@sndo.app
• Responsible for: Privacy compliance, data protection, handling requests

8. Data Processing Agreements

For Business and Enterprise customers:

• We act as a data processor on your behalf
• Data Processing Agreement (DPA) available
• Standard Contractual Clauses included
• Download: View DPA

9. Security Measures

• TLS/SSL encryption in transit
• AES-256 encryption at rest
• Regular security audits
• Access controls and authentication
• See Security for details

10. Breach Notification

In case of a data breach:

• We will notify authorities within 72 hours
• Affected users notified without undue delay
• Breach details and mitigation steps provided

11. Children's Privacy

• Service not intended for children under 16
• We do not knowingly collect data from children
• Parents can request deletion if discovered

12. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority:

• EU/EEA residents: Your local data protection authority
• Find your authority: EDPB Member List

13. Contact Us

For GDPR-related questions:

• Privacy Team: privacy@sndo.app
• DPO: dpo@sndo.app
• Support: Help Center