SendOps
Sign inGet Started

Legal

Privacy Policy

Effective March 22, 2026

This Privacy Policy describes how AltaCoda LLC (“AltaCoda,” “we,” “us,” or “our”) collects, uses, discloses, and protects information in connection with the SendOps platform and related services (collectively, the “Service”). SendOps is a management and control plane for Amazon Simple Email Service (SES).

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

1. Who We Are

AltaCoda LLC is the data controller for personal data collected through the Service in the course of operating the platform (such as your account information). Where you use the Service to manage email-sending infrastructure and we process data on your behalf, we act as a data processor. That relationship is governed by our Data Processing Agreement (DPA), available upon request at hello@altacoda.io.

Contact: AltaCoda LLC 1111 Broadway Oakland, CA 94607 Email: hello@altacoda.io

2. What the Service Does — and Does Not Do

Understanding how SendOps works is essential to understanding what data we handle.

SendOps is a control plane. It configures, manages, and monitors Amazon SES resources within your AWS account. It provides template management, analytics, reporting, and operational tools.

SendOps does not send, receive, relay, or proxy email. All email transmission occurs directly through Amazon SES in your AWS account. We do not have access to the content of emails you send, your mailing lists, or your recipients’ inboxes.

This distinction is important: the majority of email-related data (message bodies, delivery logs at the individual message level) originates in your AWS account. Recipient email addresses are stored within the Service to enable search and analytics functionality.

3. Information We Collect

3.1 Information You Provide

  • Account information: Name, email address, and password when you register for an Account.
  • Organization information: Organization name and details you provide during setup.
  • Billing information: Payment method details (credit card number, billing address) are collected and processed by our payment processor, Stripe. We do not store full payment card numbers on our servers. We receive and store only a limited token, card brand, last four digits, and expiration date for display and billing management purposes.
  • AWS credentials: IAM role ARNs or access credentials you provide to connect your AWS account. These are stored encrypted and used solely to operate the Service on your behalf.
  • Support communications: Information you provide when contacting us for support, including email address, message content, and any attachments.

3.2 Information Collected Through Use of the Service

  • Email event data: We receive email event data (sends, deliveries, bounces, complaints, opens, clicks) from Amazon SES via EventBridge within your AWS account. Recipient email addresses are stored in plaintext within our search index to enable per-message lookup, and in hashed form for analytics and aggregate reporting.
  • Template metadata: If you connect a GitHub repository, we read template files and associated metadata (file names, commit history) in accordance with the permissions you grant. Template content is processed to enable rendering and management features.
  • Usage data: Information about how you interact with the Service, including pages viewed, features used, actions taken, timestamps, and session duration.
  • Device and connection information: IP address, browser type and version, operating system, device identifiers, and referring URLs.

3.3 Information from Third-Party Sources

  • AWS: SES configuration data, account status, and email event data from your AWS account as authorized by you.
  • GitHub: Repository metadata and template files from repositories you connect.
  • Stripe: Transaction status, payment confirmation, and limited billing details.
  • Analytics providers: We use third-party analytics services (currently Mixpanel) to understand how the Service is used. These providers may collect usage and device data as described in their respective privacy policies.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: Operating, maintaining, and delivering the features and functionality of SendOps, including provisioning AWS resources, syncing templates, generating analytics and reports, and delivering notifications.
  • Account management: Creating and managing your Account, authenticating your identity, and managing Authorized User access.
  • Billing: Processing payments, managing subscriptions, issuing invoices, and communicating about billing matters.
  • Communications: Sending you service-related notices (such as account verification, security alerts, maintenance notifications, and changes to our terms or policies). These are transactional communications, not marketing.
  • Product improvement: Analyzing usage patterns and trends to improve, develop, and optimize the Service. This analysis uses aggregated or de-identified data wherever possible.
  • Security and fraud prevention: Detecting, investigating, and preventing unauthorized access, abuse, and other harmful activity.
  • Legal compliance: Complying with applicable laws, regulations, legal processes, or enforceable governmental requests.
  • Support: Responding to your inquiries, troubleshooting issues, and providing customer support.

5. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

5.1 Service Providers (Subprocessors)

We share information with third-party service providers (subprocessors) who process data on our behalf to provide the Service. A complete list of our current subprocessors, including their purposes and locations, is maintained at sendops.dev/subprocessors.

These providers are contractually obligated to use your information only as necessary to provide their services to us and in accordance with this Privacy Policy and applicable data protection laws.

5.2 Your AWS Account

The Service interacts with your AWS account to provision and manage resources. Data flows between the Service and your AWS account as necessary to operate the Service. Your use of AWS is governed by your agreement with AWS.

5.3 GitHub

If you connect a GitHub repository, the Service reads from that repository using the access permissions you grant. We do not write to or modify your repositories unless you explicitly configure the Service to do so.

5.4 Within Your Organization

Account administrators and Authorized Users within your organization may have access to shared organizational data, configurations, analytics, and templates as determined by your Account settings and any access controls you configure.

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of AltaCoda, our users, or the public.

5.6 Business Transfers

In connection with a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change in ownership or control of your personal information.

We may share your information in other circumstances with your explicit consent.

6. Data Retention

  • Account data: Retained for as long as your Account is active. Upon account closure, your data is deleted in accordance with our data deletion procedures, subject to any legal retention obligations.
  • Analytics data: Email analytics data is retained in accordance with your Subscription Plan’s data retention period (7 days for Free, 90 days for Team, 1 year for Business). After the retention period, analytics data is permanently deleted.
  • Billing records: Retained for as long as necessary to comply with tax, accounting, and legal obligations (typically up to 7 years).
  • Support communications: Retained for as long as necessary to resolve your inquiry and for a reasonable period thereafter for quality and training purposes.
  • Server logs: Automatically deleted or anonymized after 90 days.

7. Data Security

We implement commercially reasonable technical and organizational measures to protect your information, including:

  • Encryption of data in transit (TLS) and at rest.
  • Encrypted storage of AWS credentials.
  • Hashing of recipient email addresses for analytics and aggregate reporting. Plaintext addresses are retained only within the search index to support per-message lookup.
  • Access controls and authentication requirements for all Authorized Users.
  • Regular security reviews and monitoring.

No method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Your Rights and Choices

8.1 Account Information

You may access, update, or correct your account information at any time through the Service or by contacting us at hello@altacoda.io.

8.2 Account Deletion

You may request deletion of your Account and associated data by using the account closure feature in the Service or by contacting us at hello@altacoda.io. Deletion is permanent and subject to the retention periods described in Section 6.

8.3 Communications Preferences

You may manage your notification preferences through the Service. Note that you cannot opt out of transactional communications necessary for the operation of your Account (such as security alerts and billing notices).

8.4 Cookies and Tracking

The Service uses cookies and similar technologies for session management, authentication, and analytics. You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

9. Rights for EEA, UK, and Swiss Individuals

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have additional rights under applicable data protection laws, including the General Data Protection Regulation (GDPR) and the UK GDPR.

We process your personal data on the following legal bases:

  • Contract performance: Processing necessary to provide the Service and fulfill our contractual obligations to you (Article 6(1)(b) GDPR).
  • Legitimate interests: Processing necessary for our legitimate interests, such as improving the Service, ensuring security, and preventing fraud, where those interests are not overridden by your rights (Article 6(1)(f) GDPR).
  • Legal obligation: Processing necessary to comply with applicable laws (Article 6(1)(c) GDPR).
  • Consent: Where you have given explicit consent for a specific purpose, such as optional marketing communications (Article 6(1)(a) GDPR). You may withdraw consent at any time.

9.2 Your GDPR Rights

You have the right to:

  • Access your personal data and obtain a copy.
  • Rectify inaccurate or incomplete personal data.
  • Erase your personal data (subject to legal retention requirements).
  • Restrict processing of your personal data in certain circumstances.
  • Data portability — receive your personal data in a structured, commonly used, machine-readable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with your local data protection authority.

To exercise these rights, contact us at hello@altacoda.io. We will respond within 30 days (or such shorter period as required by applicable law).

9.3 International Transfers

Your personal data may be transferred to and processed in the United States. When we transfer personal data out of the EEA, UK, or Switzerland, we rely on appropriate safeguards as described in our DPA, which may include Standard Contractual Clauses approved by the European Commission.

10. Rights for California Residents

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

10.1 Categories of Personal Information

In the preceding 12 months, we may have collected the following categories of personal information: identifiers (name, email, IP address), commercial information (billing records, subscription history), internet or electronic network activity (usage data, device information), and professional information (organization name, role).

10.2 Your CCPA/CPRA Rights

You have the right to:

  • Know what personal information we collect, use, and disclose.
  • Delete your personal information (subject to exceptions).
  • Correct inaccurate personal information.
  • Opt out of the sale or sharing of personal information. We do not sell or share your personal information as defined by the CCPA/CPRA.
  • Non-discrimination for exercising your rights.

To exercise these rights, contact us at hello@altacoda.io. We will verify your identity before processing your request.

10.3 Authorized Agents

You may designate an authorized agent to make requests on your behalf. We may require you to verify your identity directly and confirm the agent’s authority.

11. Children’s Privacy

The Service is not directed to individuals under the age of 16, and we do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at hello@altacoda.io.

The Service may contain links to third-party websites or services (such as AWS documentation, GitHub, or Stripe). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least thirty (30) days before the changes take effect. The “Effective Date” at the top of this page indicates when the policy was last revised. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

AltaCoda LLC 1111 Broadway Oakland, CA 94607 Email: hello@altacoda.io

For GDPR-related inquiries, you may also contact us at the address above. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Last updated: March 22, 2026