Sendline operates a hosted iMessage support agent for businesses. To deliver that, we process two distinct kinds of data: information about you (the operator who signs up and uses our dashboard) and conversation data (the inbound and outbound iMessages your agent handles on behalf of your customers). We treat conversation data as the property of the business operating the agent and process it strictly to deliver the service.

We never sell personal data. We never train any AI model on your conversation data, your knowledge base, or anything you upload to your workspace. Inputs and outputs are not retained by our model providers beyond the time required to return a response.

Account data. Your name, work email, password hash, business name, and the timezone we infer from your browser. Required to operate your account.

Knowledge base. Files you upload and text you paste. Stored encrypted at rest in your workspace.

Conversation data. The inbound iMessages your customers send to your business number, your agent's outbound replies, message timestamps, and customer phone numbers.

Operational telemetry. Per-request latency, error logs, and aggregate usage counters. We strip personal data before this hits any monitoring tool.

Billing data. If you pay for a subscription, Stripe collects your payment method and billing address. Card details never touch our servers.

We use the data above to deliver and operate the product: route inbound messages to your agent, retrieve relevant chunks from your knowledge base, generate replies, send them back to your customers, render your dashboard, send transactional email, and bill you. We use aggregate, de-identified telemetry to keep the service reliable and to debug failures.

We do not use your data for advertising, profiling, or anything else.

We use a small number of vetted vendors to deliver the product. Each one is bound by a written DPA and processes only the data necessary for its role:

Conversation data and knowledge base content are retained for as long as your workspace is active. When you delete a workspace, all associated conversation data and KB content are purged within 30 days. Account data is retained for 90 days after account closure to support reactivation, then deleted. Billing records are retained for 7 years to satisfy tax obligations.

Encrypted backups are rotated out within 35 days.

If you live in the EU, UK, California, or any other jurisdiction with comparable privacy law, you have the right to access, correct, port, or delete your personal data, and to object to certain processing. Email privacy@sendline.app from the address on file and we'll fulfill your request within 30 days.

For conversation data routed through your business — that is, your customers' messages — your business is the data controller. We are the processor. Direct any rights requests from those individuals to you.

Sendline is a B2B product not intended for use by anyone under 16. We don't knowingly collect personal data from children. If you believe a child has interacted with an agent on our platform, contact us and we'll delete the relevant data.

We may update this policy as the product changes. Material changes will be announced by email at least 14 days before they take effect. The "Last updated" date at the top of this page always reflects the current version.

Sendline, Inc. · 1140 Folsom St, San Francisco, CA 94103 · privacy@sendline.app

For EU/UK individuals, you may also lodge a complaint with your local supervisory authority.