Privacy Policy

Last updated: May 02, 2025

Introduction

Welcome to BuffSend, operated by omay grup ltd ("us", "we", or "our"). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our policy or our practices with regards to your personal information, please contact us at privacy@buffsend.example.com.

This Privacy Policy governs the privacy policies and practices of our Website, located at buffsend.com. It outlines how we collect, use, disclose, and safeguard your information when you visit our website and use our services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy.

Information We Collect

We collect personal information that you voluntarily provide to us when registering at the Service, expressing an interest in obtaining information about us or our products and services, when participating in activities on the Service, or otherwise contacting us.

The personal information that we collect depends on the context of your interactions with us and the Service, the choices you make, and the products and features you use. The personal information we collect can include the following:

  • Name and Contact Data: We collect your first and last name, email address, postal address, phone number, and other similar contact data.
  • Credentials: We collect passwords, password hints, and similar security information used for authentication and account access.
  • Payment Data: We collect data necessary to process your payment if you make purchases, such as your payment instrument number (e.g., credit card number), and the security code associated with your payment instrument. All payment data is stored and processed by our third-party payment processor (e.g., Stripe). We do not store full payment card details. You should review the payment processor's privacy policies.
  • Account and Profile Data: Information you provide when you create an account, such as username and preferences.
  • Communications: Information you provide when you contact us with questions, feedback, or otherwise correspond with us online.
  • User Content: Content you upload or submit through the Service, such as email templates, contact lists, and campaign details.
  • Marketing Data: Your preferences for receiving marketing communications and details about your engagement with them.

We also automatically collect certain information when you visit, use, or navigate the Service. This information does not reveal your specific identity but may include device and usage information:

  • Usage Data: Information about how you use our Service, such as the features you use, the pages you visit, links clicked, the time spent on those pages, and other statistics.
  • Device Data: Information about your computer or mobile device, such as your IP address, device identifiers, browser type, browser version, operating system, and language settings.
  • Location Data: We may approximate your location based on your IP address.
  • Tracking & Cookies Data: We use cookies and similar tracking technologies (like web beacons and pixels) to track the activity on our Service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Use of Google User Data

BuffSend requests access to your Google account to allow you to send campaign emails through your verified Gmail account. We only request the necessary scopes for sending emails and storing minimal profile information. This data is used solely for the purpose of facilitating secure and efficient email communications and is handled in full compliance with Google's User Data Policy, including the Limited Use requirements.

Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

The specific permissions (scopes) we request and how we use the associated data are outlined below:

  • https://www.googleapis.com/auth/gmail.send (Send email on your behalf): Allows BuffSend to send emails through your connected Gmail account for campaigns you initiate. We only send emails you explicitly configure.
  • https://www.googleapis.com/auth/gmail.metadata (View basic metadata): Used solely to retrieve the Message-ID of emails sent *by BuffSend* to enable threaded conversations (`In-Reply-To`/`References` headers) in follow-ups. We do *not* access content or metadata from emails not sent via BuffSend.
  • openid, https://www.googleapis.com/auth/userinfo.email, https://www.googleapis.com/auth/userinfo.profile (Basic account info): Used to verify identity (openid), retrieve your email address for account association (userinfo.email), and retrieve your name for display within BuffSend (userinfo.profile).

BuffSend's access is limited to the minimum necessary permissions. We do not read, modify, or delete your emails or other Google data beyond these specific uses. Access tokens are stored securely.

How We Use Your Information

We use personal information collected via our Service for a variety of business purposes described below. We process your personal information for these purposes in reliance on our legitimate business interests, in order to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations.

  • To Provide and Maintain our Service: Including monitoring usage, troubleshooting, and providing support.
  • To Manage Your Account: To facilitate account creation, authentication, and management.
  • To Perform Contracts: To develop, comply, and undertake the purchase contract for products or services you have purchased or any other contract with us through the Service.
  • To Contact You: To contact you by email, telephone calls, SMS, or other equivalent forms of electronic communication regarding updates or informative communications related to the functionalities, products, or contracted services, including security updates, when necessary or reasonable for their implementation.
  • To Send Marketing Communications: To send you marketing and promotional communications, if this is in accordance with your marketing preferences. You can opt-out at any time.
  • To Respond to Inquiries: To attend and manage your requests to us.
  • For Business Transfers: We may use your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets.
  • For Data Analysis: To identify usage trends, determine the effectiveness of our promotional campaigns, and to evaluate and improve our Service, products, services, marketing, and your experience.
  • To Comply with Legal Obligations: To comply with applicable laws, lawful requests, and legal process, such as responding to subpoenas or requests from government authorities.
  • For Security and Fraud Prevention: To monitor and prevent fraud, enforce our terms, and protect our rights and the rights of others.

Will Your Information Be Shared With Anyone?

We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfill business obligations.

Specifically, we may need to process your data or share your personal information in the following situations:

  • Vendors, Consultants, and Other Third-Party Service Providers: We may share your data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work (e.g., payment processing [Stripe], email delivery infrastructure, hosting services [Heroku, AWS], customer service tools, analytics providers [Google Analytics], marketing automation). These third parties are contractually obligated to protect your data and use it only for the services they provide to us.
  • Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
  • Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
  • With Your Consent: We may disclose your personal information for any other purpose with your consent.

International Transfer of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside Turkey and choose to provide information to us, please note that we transfer the data, including Personal Data, to Turkey and process it there. Our service providers may also process data in other countries, including the United States.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

How Long Do We Keep Your Information?

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

How Do We Keep Your Information Safe?

We aim to protect your personal information through a system of organizational and technical security measures designed to protect the security of any personal information we process. We implement appropriate technical and organizational measures such as encryption for data in transit and at rest where appropriate, access controls, and regular security assessments.

However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Service is at your own risk. You should only access the service within a secure environment.

Your Privacy Rights (GDPR & UK Residents)

If you are a resident in the European Economic Area (EEA) or the United Kingdom (UK), you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

Your rights under the GDPR include:

  • The right to access: You have the right to request copies of your personal data.
  • The right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • The right to erasure: You have the right to request that we erase your personal data, under certain conditions.
  • The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
  • The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you wish to exercise any of these rights, please contact us using the contact details provided below. We may need to verify your identity before responding to such requests.

You also have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the EEA or UK.

Children's Privacy

Our Service does not address anyone under the age of 13 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

Updates to This Policy

We may update this privacy policy from time to time. The updated version will be indicated by an updated "Last updated" date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.

Contact Us

If you have questions or comments about this policy, you may email us at privacy@buffsend.example.com