Privacy Policy

Sendmsg.io is a multi-channel messaging platform operated by Authyra Technologies LLP. The platform enables businesses to send Email, SMS, and WhatsApp messages at scale through a unified console with built-in deliverability intelligence.

Core capabilities of the platform include:

• Email sending via SMTP infrastructure with automated domain health monitoring
• Reputation Shield system that monitors bounce, block, and complaint signals in real time to protect sender reputation
• API integrations for transactional and marketing email delivery
• Contact management, email template creation, and campaign orchestration
• Analytics and delivery reporting powered by time-series analytics
• Subscription billing and payment processing via Razorpay
• Secure authentication via single sign-on (SSO)

This Privacy Policy applies to all users of the sendmsg.io platform, including the web console, APIs, and any related services provided by Authyra Technologies LLP. For the purposes of data protection regulations, Authyra Technologies LLP acts as a data controller for account and billing information, and as a data processor for recipient contact data and email content that clients upload and send through the platform.

We collect information you provide directly when you create an account, configure your sending infrastructure, upload contacts, or use our APIs. We also collect operational data generated through your use of the platform.

• Contact lists: Email addresses, phone numbers, names, and any custom fields you upload for your recipients
• Email content and templates: Message bodies, subject lines, and saved templates you create within the platform
• Sending domain information: Domain names, DNS records (SPF, DKIM, DMARC), and sender identity configurations
• Account credentials: Authentication data managed securely via our SSO provider (we do not store raw passwords)
• Payment and billing information: Subscription details, invoices, and payment transactions processed through Razorpay (card details are handled entirely by Razorpay and never stored on our servers)

• Delivery metrics: Bounce events, block events, open tracking, click tracking, complaint/feedback loop signals, and unsubscribe events
• Reputation data: Domain and sender health scores, daily sending limits, freeze/recovery states, and reputation system decisions
• API usage logs: Request timestamps, endpoints accessed, response codes, and rate limiting data for API integrations
• Campaign analytics: Send volumes, delivery rates, engagement metrics, and activity-level performance data
• Device and browser information: IP address, browser type, and device identifiers collected via session cookies

We use the information we collect to operate and improve the sendmsg.io platform:

• Deliver your email, SMS, and WhatsApp messages to intended recipients via our sending infrastructure
• Monitor domain and IP reputation through Reputation Shield, which analyzes bounce, block, and complaint signals to dynamically adjust sending speed, daily limits, and warmup schedules
• Generate delivery analytics and reporting dashboards so you can track campaign performance
• Process subscription payments and generate invoices through our Razorpay integration
• Authenticate your identity and manage account access via our SSO provider
• Provide customer support and respond to technical inquiries
• Detect and prevent abuse, including spam, phishing, and unauthorized access
• Comply with applicable laws, regulations, and legal obligations, including the Digital Personal Data Protection Act, 2023 (India) and other relevant data protection frameworks

Authyra Technologies LLP does not sell, trade, or rent your personal information or your recipients' data to third parties. We may share information only in the following circumstances:

• Payment Processing: Billing and subscription data is shared with Razorpay solely for the purpose of processing payments. Razorpay operates under its own privacy policy and PCI-DSS compliance.
• Authentication Provider: Account authentication data is managed by our SSO provider to securely verify your identity.
• SMTP Delivery: When you send email through sendmsg.io, recipient email addresses and message content are transmitted via SMTP to destination mail servers as required for delivery.
• Legal Requirements: When required by law, court order, or government regulation, or to protect the rights, property, or safety of Authyra Technologies LLP, our users, or others.
• Business Transfers: In connection with a merger, acquisition, or sale of assets of Authyra Technologies LLP, in which case affected users will be notified.

We implement technical and organizational measures to protect your data:

• All API and console traffic is encrypted via TLS in transit
• Authentication is handled via our SSO provider with token-based validation; we never store raw passwords
• Payment card data is handled entirely by Razorpay's PCI-DSS compliant infrastructure and never touches our servers
• Role-based access controls on all API endpoints with per-request token validation
• Infrastructure hosted on dedicated servers with private network isolation between application, database, and sending tiers
• Regular monitoring of sending infrastructure health through the Reputation Shield system

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

We retain different categories of data for different periods based on operational necessity and legal requirements:

• Email delivery events (bounces, opens, clicks, complaints, blocks): Stored in our analytics database with an automatic 365-day retention period, after which data is automatically purged.
• Real-time reputation data (domain health scores, sending limits, freeze states): Held in an in-memory data store with a 25-hour time-to-live for daily operational keys and 1-hour TTL for transient recovery data. This data is ephemeral and not permanently stored.
• Contact data (recipient lists, email addresses, phone numbers): Retained for as long as your account is active, and deleted upon account deletion or explicit request.
• Email templates and campaign data: Retained for the duration of your account and deleted upon account closure.
• Payment and billing records: Retained as required by Indian tax and financial regulations (currently a minimum of 8 years under the Income Tax Act and GST regulations).
• API usage logs: Retained for 90 days for debugging and abuse prevention, then automatically purged.
• Account credentials: Managed by our SSO provider; removed when your account is deleted from the platform.

You have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you and your account
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your account and associated data (subject to legal retention requirements for billing records)
• Data Export: Export your contact lists, templates, and campaign data from the platform
• Opt-out: Unsubscribe from marketing communications from Authyra Technologies LLP at any time

To exercise these rights, please contact our Grievance Officer at [email protected]. We will acknowledge your request within 48 hours and provide a substantive response within 30 days, as required under applicable data protection regulations.

We use cookies and similar technologies for the following purposes:

• Authentication: Session cookies to maintain your logged-in state, managed through secure cookie storage
• Email open tracking: A small tracking pixel embedded in sent emails to record open events, which feeds into your campaign analytics and the Reputation Shield engine
• Click tracking: Redirect links in sent emails to record click events for engagement analytics
• Console preferences: Remembering your dashboard layout and settings

You can control cookies through your browser settings. Disabling cookies may affect your ability to log in and use the console. Recipients of your emails can disable image loading in their email client to prevent open tracking.

All sendmsg.io infrastructure, including application servers, databases, and sending infrastructure, is hosted on dedicated servers located in India. Your data is processed and stored within Indian data centers.

When you send email through our platform, message content is transmitted via SMTP to recipient mail servers which may be located outside India. This transfer is inherent to email delivery and governed by standard internet mail protocols.

Authyra Technologies LLP may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on sendmsg.io with a revised "Last updated" date
• Sending an email notification to registered account holders for significant changes
• Displaying a notice within the sendmsg.io console

Your continued use of the sendmsg.io platform after changes are posted constitutes acceptance of the updated policy.