Last updated: March 21, 2026
XSendFlow ("we", "our", "us") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.
We collect information you provide directly: your email address, password (stored encrypted), and payment information processed securely via Razorpay. We also collect usage data including campaigns created, emails sent, and feature usage. We do not collect or store the email addresses of your recipients beyond what is necessary to operate campaigns you create.
We use your information to provide and operate the Service, process payments, send transactional emails (account confirmations, password resets), improve the Service, and comply with legal obligations. We do not sell your personal data to third parties.
Your data is stored securely using Supabase, a cloud database provider. Data is stored on servers located in the United States. By using the Service, you consent to the transfer of your data to these servers.
You may upload contact lists containing email addresses and personal information of third parties. You are responsible for ensuring you have appropriate legal basis to process this data. XSendFlow processes recipient data solely on your behalf as a data processor.
We use session cookies to maintain your login state. We do not use tracking cookies or third-party advertising cookies. You can disable cookies in your browser settings, but this may affect Service functionality.
We use Razorpay for payment processing, Supabase for data storage, and Google SMTP for email delivery. These providers have their own privacy policies and we encourage you to review them.
We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.
You have the right to access, correct, or delete your personal data. You may request a copy of your data or ask us to delete it by contacting support@xsendflow.com. Users in the EU/EEA have additional rights under GDPR.
We implement industry-standard security measures including encrypted connections (HTTPS), encrypted passwords, and access controls. However, no method of transmission over the internet is 100% secure.
The Service is not directed at children under 18. We do not knowingly collect personal information from anyone under 18.
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notice. Continued use of the Service constitutes acceptance of the updated policy.
For privacy-related inquiries, contact us at support@xsendflow.com or at our offices in Mississauga, Canada or Lucknow, India.