Privacy Policy

Welcome to SendFast (the "Service"), operated by Tekodot Ltd ("Tekodot," "we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use our website, https://sendfast.app, and related services.

By accessing or using SendFast, you agree to the collection and use of your information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

1. Who We Are

Data Controller:

Tekodot Ltd, a company registered in Northern Ireland (Company No. NI724147), is the "data controller" of your personal data for purposes of the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws.

Contact Details:

• Registered Address: Unit 1 Weavers Court, Linfield Road, Belfast, Northern Ireland, BT12 5GH
• Email: support@sendfast.app
• Data Protection Lead: Our Data Protection Lead is Luke Lucas, who can be reached at support@sendfast.app.

EU Representation: Since we may serve EU residents, our representative for EU data protection matters is Luke Lucas, located in Northern Ireland.

2. Information We Collect

We collect and process personal data in a few different ways:

Account & Payment Information

• Identifiers: When you create an account, we collect your email address (and any password or tokens needed for authentication via our third-party provider, Clerk).
• Billing: For subscriptions, we collect billing-related information through our third-party payment processor, Stripe. We do not store your full payment card details on our servers.

Uploaded Files

• You may upload files ("User Content") that could contain personal data. We do not actively scan or analyze file contents, but our partners (e.g., UploadThing, which may use AWS) might perform basic checks (e.g., antivirus) to ensure file safety.
• We only access or view the content of uploaded files when necessary to provide customer support, enforce our Terms of Service, or if we ourselves are the users uploading the files.

Usage & Analytics Data

• We automatically collect certain technical information about your visit, such as IP address, device type, browser version, and timestamps.
• We use Google Analytics and PostHog to understand user activity and improve the Service.

Cookies & Similar Technologies

• We use cookies and local storage to help manage sessions, remember user preferences, and gather analytics.
• We do not currently use any other third-party tracking cookies beyond those necessary for Google Analytics and PostHog.

Marketing Communications

We may collect your name (if provided) and email address to send you newsletters or promotional emails via resend. You can opt out anytime by clicking the "unsubscribe" link in these emails or contacting us directly.

3. How We Use Your Information

We use your personal data for the following purposes, relying on different legal bases under the UK GDPR and other relevant laws:

Service Provision & Account Management

• To register your account and authenticate your login.
• To process your subscription payments (via Stripe).
• Legal Basis: Performance of a contract (UK GDPR Art. 6(1)(b)).

Customer Support & Communication

• To respond to inquiries, provide technical assistance, and notify you of important service updates (e.g., file downloads, account notices).
• Legal Basis: Performance of a contract or legitimate interests (Art. 6(1)(f)).

Analytics & Service Improvement

• To understand usage patterns, troubleshoot issues, and develop new features.
• Legal Basis: Legitimate interests (Art. 6(1)(f)).

Marketing & Newsletters

• To send occasional promotional materials about SendFast and related offers, if you have not opted out.
• Legal Basis: Consent or legitimate interests, depending on region and applicable marketing laws (Art. 6(1)(a) or 6(1)(f)).

Legal Obligations & Enforcement

• To comply with legal requirements, investigate potential violations of our Terms of Service, or respond to lawful requests by public authorities.
• Legal Basis: Compliance with a legal obligation (Art. 6(1)(c)).

4. How We Share Your Information

We do not sell or rent your personal data. However, we may share it in the following contexts:

Service Providers ("Processors")

• Stripe for payment processing.
• Clerk for authentication and user account management.
• UploadThing (and underlying providers such as AWS) for file hosting.
• Google Analytics and PostHog for analytics.
• resend for marketing emails.

Each provider only processes data on our behalf and under our instructions, consistent with this Privacy Policy.

Business Transactions

If Tekodot is involved in a merger, acquisition, or asset sale, user data may be transferred to the successor entity under the same or similar data protection obligations.

Legal Compliance

We may disclose personal data if required by law, court order, or if we believe such disclosure is necessary to protect our rights, property, or the safety of others.

5. International Data Transfers

Our Service (and our partners) may use data centers and services located in multiple regions worldwide. Therefore, your personal data may be transferred and stored outside the UK or the European Economic Area (EEA).

Legal Mechanisms: Where such cross-border data transfers occur, we rely on safeguards such as Standard Contractual Clauses (SCCs) or similar mechanisms to ensure an adequate level of protection for your personal data.

6. Data Retention

Account & Usage Data

We retain your account information for as long as your account is active or as needed to provide you with the Service. If you delete your account, we will remove your personal data promptly, unless legally required to retain certain records.

Access Logs & Analytics Data

We may store logs and usage analytics for as long as permitted by law or necessary for our legitimate business operations (e.g., security audits, troubleshooting). A typical retention period might be 12 months, though we may keep them longer where legally required.

Uploaded Files

As noted in our Terms of Service, file retention depends on your subscription tier. Once your subscription ends or you request deletion, files are deleted unless we must retain them for legal reasons.

Legal Exceptions

In certain cases (e.g., outstanding legal disputes or compliance obligations), we may retain data for longer than stated above, strictly as required by law.

7. Your Rights

Depending on your location and applicable law (including UK GDPR, EU GDPR, and certain US state privacy laws), you may have the following rights regarding your personal data:

• Access: You can request a copy of the personal data we hold about you.
• Rectification: You can request that we correct any inaccurate or incomplete personal data.
• Erasure ("Right to Be Forgotten"): You can request that we delete your personal data, subject to certain exceptions.
• Restriction: You can ask us to restrict processing of your data under specific circumstances.
• Portability: You can request to receive your personal data in a structured, commonly used, machine-readable format.
• Objection: You can object to our processing based on legitimate interests or direct marketing.
• Withdraw Consent: If we rely on consent (e.g., for marketing), you can withdraw it at any time.

To exercise any of these rights, please email support@sendfast.app. We will respond within the timeframe required by applicable law (generally one month).

8. Marketing Communications

We may send you promotional emails about new features or special offers. You can opt out at any time by:

• Clicking the "Unsubscribe" link in the email, or
• Contacting us directly at support@sendfast.app.

Please note that even if you opt out of marketing messages, we may still send you transactional or administrative communications (e.g., service updates, payment confirmations).

9. Children's Privacy

We do not knowingly offer the Service to individuals under the age of 18. We do not knowingly collect personal data from minors. If you become aware that a minor has provided us with personal data, please contact us immediately so we can delete that information.

10. Security Measures

We employ reasonable and appropriate security measures to protect your personal data against loss, misuse, unauthorized access, disclosure, alteration, or destruction. These measures may include:

• Encryption in transit (HTTPS)
• Secure hosting environments (e.g., AWS)
• Access controls for administrative accounts
• Routine software updates and patches

No method of transmission or storage is entirely secure; therefore, we cannot guarantee absolute security.

11. Your California & Other US State Privacy Rights (If Applicable)

Certain US state laws (such as the California Consumer Privacy Act) may grant you additional rights regarding your personal data. If you reside in a state with applicable privacy legislation, you may have the right to:

• Know what personal information we collect about you
• Request deletion of your personal information
• Opt out of the "sale" of personal information (note: we do not sell personal information)

For specific inquiries, please contact us at support@sendfast.app.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify users as required by law, generally via email or a prominent notice on our website. Your continued use of the Service after such updates constitutes acceptance of the revised Policy.

13. How to Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please reach out to:

Tekodot Ltd
Unit 1 Weavers Court, Linfield Road, Belfast, Northern Ireland, BT12 5GH
Data Protection Lead: Luke Lucas, support@sendfast.app

You also have the right to complain to your local data protection authority. For the UK, that is the Information Commissioner's Office (ICO) (https://ico.org.uk/). If you're in the EU, you can contact your national Data Protection Authority.