Effective date: [DATE] · Last updated: [DATE]
This Privacy Policy explains how [Legal Entity Name] (“SendMe”, “we”, “us”) collects, uses, discloses, and protects personal information when you use SendMe.me and related services (the “Service”). By using the Service you agree to this Policy and our Terms of Service.
SendMe is a payment-identity service: a page (your “tag”, e.g. sendme.me/you) that links to your own payment methods. The data controller is [Legal Entity Name], [registered address]. This Policy applies to the Service and not to any third-party site or app you link to or visit.
We use personal information to: create and operate your account and page; authenticate you and keep you signed in; provide analytics; send service, verification, and transactional emails; prevent, detect, and investigate fraud, impersonation, and abuse; respond to your requests and reports; and comply with legal obligations. We do not sell your personal information, and we do not use it for third-party advertising.
Where the EU/UK GDPR applies, our legal bases are: performance of a contract (to provide the Service you request), legitimate interests (to secure the Service, prevent abuse, and improve our product, balanced against your rights), consent (where we ask for it, e.g. certain communications - you may withdraw it at any time), and legal obligation (to comply with applicable law).
The money you receive from others never touches SendMe. We are not a bank, money transmitter, or escrow for those payments: anything you publish (a PayPal handle, a crypto address, etc.) is information you choose to make public, and payments occur directly between you and the sender through their own apps and providers. We never receive, hold, or have access to those funds or your banking credentials.
Paying us for Pro is separate. If you buy a Pro plan, checkout is hosted and processed by Stripe; your card details go to Stripe, not to us. We never see or store your full card number - we receive only a confirmation that a payment succeeded, its amount, and the plan term, which we use to activate your Pro time.
We use only essential cookies: an http-only session cookie to keep you signed in, and, during Google sign-in, a short-lived http-only cookie that secures that flow. If a bot-check (Cloudflare Turnstile) is enabled on signup, that provider may set its own security cookie. We do not use advertising, profiling, or cross-site tracking cookies. Because these cookies are strictly necessary to provide a service you request, they are generally exempt from prior consent; you can clear them via your browser or by signing out.
We share personal information only:
We and our service providers may process and store information in countries other than yours, including the United States. Where required, we rely on appropriate safeguards (such as the European Commission’s Standard Contractual Clauses) for transfers of personal data outside the EEA/UK.
We retain personal information for as long as your account is active or as needed to provide the Service. When you delete your account (Account → Danger zone), we delete your identities, gift keys, verification requests, trial and purchase records, and account data, and we anonymize your contact messages and any abuse reports. We retain limited records where necessary to meet legal, tax, or accounting obligations, resolve disputes, prevent or investigate abuse, or enforce our agreements - for example, security and audit logs (which may include IP addresses, actions, and timestamps) and payment/transaction records - and only for as long as needed for those purposes. Our payment processor (Stripe) independently retains its own transaction records. Our managed database host may also keep short-term encrypted backups from which residual data ages out.
We use technical and organizational measures to protect personal information, including hashed passwords (scrypt), secure http-only session cookies, encrypted transport (HTTPS/TLS), a strict Content-Security-Policy and other security headers, rate limiting and other abuse controls, and a managed, reputable database host. Card payments are handled entirely by Stripe, so we never store card data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Depending on where you live, you may have rights to access, correct, delete, export/port, restrict, or object to our processing of your personal information, and to withdraw consent. You can download all of your data and delete your account at any time from your account settings.
EU/UK (GDPR): you may exercise the rights above and lodge a complaint with your local supervisory authority. California (CCPA/CPRA): you have the right to know, delete, and correct your personal information, and to opt out of “sale” or “sharing” - we do not sell or share your personal information as those terms are defined. We will not discriminate against you for exercising your rights. To make a request, contact us; we may need to verify your identity.
The Service is not directed to children under 13 (or the minimum age required in your country), and we do not knowingly collect their personal information. If you believe a child has provided us data, contact us and we will delete it.
Your page links to third-party payment apps and services that have their own terms and privacy practices. We don’t control and aren’t responsible for those third parties. Review their policies before using them.
We may update this Policy from time to time. We will revise the “Last updated” date and, for material changes, take reasonable steps to notify you. Your continued use of the Service after changes take effect constitutes acceptance.
For privacy questions or to exercise your rights: contact us or email [privacy@sendme.me]. Postal: [Legal Entity Name, registered address]. See also our Terms of Service and Disclaimer.