Effective date: May 21, 2026
Privacy Policy
This policy explains what zaSend collects, why we collect it, and how we handle data for our transactional email API, SMTP, dashboard, and related services.
Information We Collect
We collect account information such as your name, email address, login provider identity, account status, and admin approval state. If you use GitHub or Google sign-in, we receive basic profile information needed to create and secure your account.
We also collect service configuration data such as domains, DNS verification records, API keys and domain sending key metadata, webhook URLs, templates, suppression entries, and account limits. Secret keys are not shown again after creation, and stored key material is hashed or encrypted where appropriate.
When you send email, we process sender and recipient addresses, subject lines, message bodies, headers, delivery status, bounce diagnostics, timestamps, message IDs, webhooks, and operational logs needed to queue, send, debug, secure, and account for email delivery.
How We Use Information
We use information to provide the service, verify domain ownership, authenticate API and SMTP requests, DKIM-sign email, route messages through our email infrastructure, show logs, process bounces, deliver webhooks, enforce usage limits, detect abuse, improve reliability, and communicate service or account notices.
Email Recipients and Message Content
zaSend is a transactional email service. You are responsible for the recipients and content you submit. We process recipient addresses and message content only to provide, secure, troubleshoot, and maintain the service, unless we are required to act for abuse prevention, legal compliance, or platform safety.
Cookies and Sessions
We use essential cookies and session storage for login, CSRF protection, dashboard access, and security. We do not need third-party advertising cookies to operate zaSend.
Sharing and Processors
We may share data with infrastructure providers, email routing systems, DNS and hosting providers, authentication providers, monitoring tools, payment providers if paid plans are enabled, and other vendors that help us run zaSend. We may also disclose information if required by law, to enforce our terms, or to protect the service from abuse.
Retention
We keep account and configuration data while your account is active. Email logs, delivery events, bounce data, suppressions, and operational records are retained as needed for service reliability, abuse prevention, compliance, debugging, and customer support. You may request deletion of account data, subject to legal, security, and operational retention needs.
Security
We use technical and organizational safeguards including TLS where applicable, CSRF protection, access controls, hashed API keys, encrypted DKIM private keys, and monitoring. No system is perfectly secure, and you are responsible for protecting your account credentials, API keys, domain sending keys, and webhook endpoints.
Your Choices
You can update account information, rotate or revoke API keys, remove webhooks, delete suppressions you added manually, and delete domains from the dashboard where supported. To request access, correction, export, or deletion of personal information, contact us.
International Use
zaSend may process and store information in countries other than where you live. By using the service, you understand that data may be transferred and processed where our infrastructure and providers operate.
Changes
We may update this policy as the service changes. If we make material changes, we will update the effective date and, when appropriate, provide notice in the dashboard or by email.
Contact
Questions or privacy requests can be sent to admin@zasend.com.