zend.shzend.sh
Legal
This Privacy Policy explains how zend.sh collects, uses, and shares information when you use our Service. We take data minimization seriously.
Last updated: 2026-06-19
Contents
Account information: name, email address, and billing details (handled by Stripe — zend.sh does not store raw card numbers).
Connected mailbox metadata: OAuth tokens or SMTP/IMAP credentials you supply to connect mailboxes. These are stored encrypted in Supabase Vault and are used exclusively to operate the Service on your behalf.
Campaign and lead data: contact lists, email templates, and campaign configuration you upload or create. This data lives in your workspace and is subject to Postgres Row-Level Security isolation.
Usage and telemetry: product-analytics events (via PostHog) and error/performance data (via Sentry). These are workspace-level and tied to your account, not sold.
Communications: if you contact us via the contact form or email, we retain that correspondence to respond and improve the Service.
To provide, operate, and improve the Service — this is the primary use for all data collected.
To send transactional notifications (password resets, provisioning status, account alerts) via Resend.
To detect and prevent abuse, including automated suspension on high bounce/complaint rates.
To comply with legal obligations and enforce our Terms of Service and Acceptable Use Policy.
We do not use your data to train AI models, serve third-party advertising, or sell to data brokers.
zend.sh supports open- and click-tracking via a 1×1 tracking pixel and link rewriting, configurable per campaign by the sender. Tracking is on by default and can be disabled per campaign for maximum deliverability.
For honesty, opens are classified as human vs. machine: Apple Mail Privacy Protection, image-proxy prefetch, and security scanners are flagged so reported open rates are not artificially inflated.
Tracking links redirect through zend.sh and preserve the original destination. Tracking data is associated with the workspace that sent the campaign; it is never sold or shared with third parties.
Product analytics (PostHog) track in-app behavior such as API calls and feature usage at the workspace level. You may contact us to opt out of product analytics.
We do not use third-party advertising cookies or cross-site trackers.
Account and workspace data is retained for as long as your account is active plus a reasonable period for backup and legal compliance. On account deletion we purge workspace data within 30 days.
Telemetry and error data is retained in our sub-processors' systems per their own retention policies (typically 90 days for Sentry; configurable for PostHog).
Depending on your jurisdiction, you may have rights to access, correct, export, or delete the personal data we hold about you. GDPR users in the EEA/UK and CCPA users in California may exercise these rights by contacting us at the address below.
For recipient/lead data that you upload as a controller, zend.sh acts as your processor. You are responsible for honoring your own users' rights requests regarding that data.
zend.sh uses sub-processors located in the United States and other countries. Transfers from the EEA/UK to these providers rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms where applicable.
For privacy questions or to exercise your rights, contact us at legal@zend.sh.
Questions about this document? Contact legal@zend.sh.