Legal

Privacy Policy

Effective date: [DATE] · Last updated: [DATE]

This Privacy Policy explains how [Legal Entity Name] (“SendMe”, “we”, “us”) collects, uses, discloses, and protects personal information when you use SendMe.me and related services (the “Service”). By using the Service you agree to this Policy and our Terms of Service.

Contents

1. Who we are & scope
2. Information we collect
3. How & why we use it (legal bases)
4. We never handle your money
5. Cookies
6. How we share information
7. International transfers
8. Data retention
9. Security
10. Your rights (GDPR / UK / CCPA)
11. Children
12. Third-party links & services
13. Changes
14. How to contact us

1. Who we are & scope

SendMe is a payment-identity service: a page (your “tag”, e.g. sendme.me/you) that links to your own payment methods. The data controller is [Legal Entity Name], [registered address]. This Policy applies to the Service and not to any third-party site or app you link to or visit.

2. Information we collect

Information you provide

Account data - your email address and a hashed password, or, if you use Google sign-in, your Google account identifier and email.
Profile data - your tag, display name, bio, theme, avatar, location, and the payment-method handles, addresses, or links you choose to publish. This profile content is public by design.
Verification data - if you request a verified badge or a protected tag, the identity, creator, or business evidence you submit (e.g. name, document references, business details).
Communications - messages you send us via contact, sales, support, or abuse-report forms.

Information collected automatically

Usage & analytics - profile views and link clicks (to power your analytics), approximate country, and device type (mobile/desktop/tablet).
Device & log data - IP address, browser/user-agent, and timestamps, processed to operate and secure the Service.
Anti-abuse - when you start a free trial we check your IP address to enforce one-trial-per-person/network limits and to detect VPN/proxy traffic.

3. How & why we use it

We use personal information to: create and operate your account and page; authenticate you and keep you signed in; provide analytics; send service, verification, and transactional emails; prevent, detect, and investigate fraud, impersonation, and abuse; respond to your requests and reports; and comply with legal obligations. We do not sell your personal information, and we do not use it for third-party advertising.

Where the EU/UK GDPR applies, our legal bases are: performance of a contract (to provide the Service you request), legitimate interests (to secure the Service, prevent abuse, and improve our product, balanced against your rights), consent (where we ask for it, e.g. certain communications - you may withdraw it at any time), and legal obligation (to comply with applicable law).

4. We never handle your money

SendMe is not a payment processor, bank, or money-services business. We never receive, hold, transmit, or have access to your funds, card numbers, or banking credentials. Anything you publish (a PayPal handle, a crypto address, etc.) is information you choose to make public. Payments occur directly between you and the sender through their own apps and providers.

5. Cookies

We use a single essential, http-only session cookie to keep you signed in. We do not use advertising, profiling, or cross-site tracking cookies. Because our cookie is strictly necessary to provide a service you request, it is generally exempt from prior consent; you can clear it via your browser or by signing out.

6. How we share information

We share personal information only:

With service providers (sub-processors) who help us run the Service under contract, including our managed database host (Neon / PostgreSQL), transactional email provider (Resend), an IP-reputation lookup for abuse prevention (ip-api.com), and our hosting provider. They may process data only on our instructions.
For legal reasons - to comply with law, regulation, legal process, or enforceable governmental request, or to protect the rights, property, or safety of users, the public, or us (including fraud and impersonation investigations).
In a business transfer - in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.
At your direction - your public profile and the links you add are shared with anyone who visits your page, because that is the purpose of the Service.

7. International data transfers

We and our service providers may process and store information in countries other than yours, including the United States. Where required, we rely on appropriate safeguards (such as the European Commission’s Standard Contractual Clauses) for transfers of personal data outside the EEA/UK.

8. Data retention

We retain personal information for as long as your account is active or as needed to provide the Service. When you delete your account (Account → Danger zone), we delete your identities, gift keys, verification requests, trial records, and personal data, and anonymize associated records. We may retain limited information where necessary to comply with legal obligations, resolve disputes, prevent abuse, or enforce our agreements.

9. Security

We use technical and organizational measures to protect personal information, including hashed passwords (scrypt), secure http-only session cookies, encrypted transport (HTTPS/TLS), least-privilege database access, and a managed database. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Your rights

Depending on where you live, you may have rights to access, correct, delete, export/port, restrict, or object to our processing of your personal information, and to withdraw consent. You can download all of your data and delete your account at any time from your account settings.

EU/UK (GDPR): you may exercise the rights above and lodge a complaint with your local supervisory authority. California (CCPA/CPRA): you have the right to know, delete, and correct your personal information, and to opt out of “sale” or “sharing” - we do not sell or share your personal information as those terms are defined. We will not discriminate against you for exercising your rights. To make a request, contact us; we may need to verify your identity.

11. Children

The Service is not directed to children under 13 (or the minimum age required in your country), and we do not knowingly collect their personal information. If you believe a child has provided us data, contact us and we will delete it.

12. Third-party links & services

Your page links to third-party payment apps and services that have their own terms and privacy practices. We don’t control and aren’t responsible for those third parties. Review their policies before using them.

13. Changes to this Policy

We may update this Policy from time to time. We will revise the “Last updated” date and, for material changes, take reasonable steps to notify you. Your continued use of the Service after changes take effect constitutes acceptance.

14. How to contact us

For privacy questions or to exercise your rights: contact us or email [privacy@sendme.me]. Postal: [Legal Entity Name, registered address]. See also our Terms of Service and Disclaimer.