Privacy Policy for Sendr

Last Updated: 14/06/2025

Welcome to Sendr! This Privacy Policy explains how SD IT Support Ltd ("we," "us," or "our") collects, uses, shares, and protects information in relation to our mobile application Sendr (the "Service"), and your choices about the collection and use of your information.

This Privacy Policy applies to all visitors, users, and others who access the Service ("Users").

1. Information We Collect

We collect the following types of information:

• Information you provide us directly:
  • Username: We collect the username you choose or are assigned when you use the Service.
  • Profile Information: During onboarding and profile updates, we collect:
    • Gender (Male, Female, Other)
    • Age group (15-17, 18-24, 25-44, 45+)
    • Content preferences (NSFW settings for eligible users)
  • Content: We collect the photos you capture, upload, or receive through the Service, including any text overlays you add ("User Content").
  • Interaction Data: We track message interactions including views, replies, and content that you choose to ignore or hide.
  • Blocking and Safety Data: We collect and maintain records of user blocking relationships, including who has blocked whom, timestamps of blocking actions, and reasons for blocking when provided. This data is used for safety enforcement and preventing unwanted interactions.
  • Communications: We may collect information when you communicate with us (e.g., for support).
• Information collected automatically:
  • Device Information: We collect comprehensive device data including:
    • Device type, model, and manufacturer
    • Operating system and version
    • Unique device identifiers (UUID)
    • Device capabilities and screen dimensions
    • App version and build information
  • Network and Location Data: We collect:
    • IP addresses and network information
    • Connection timestamps and session data
    • Geographic location data (when permitted)
    • Network security information for fraud prevention
  • Session Tracking: We maintain session logs including:
    • Login and logout timestamps
    • Session duration and activity patterns
    • Feature usage and interaction frequency
    • Error logs and crash reports
  • Log file information: We may log information such as your IP address, device type, operating system, app crashes, unique device identifiers, and usage patterns when you use the Service. This information is collected via our infrastructure providers (like AWS) and potentially through Firebase.
  • Advertising Identifiers: We use Google AdMob to serve advertisements. AdMob may collect and use advertising identifiers (like IDFA for iOS and Advertising ID for Android) and other data as described in Google's Privacy Policy to provide personalized advertising.
  • Usage Data: We collect information about how you use the Service, such as the features you use, the frequency and duration of your activities.
• Information from third-party services:
  • Firebase: We use Firebase (a Google service) for functionalities like push notifications and potentially authentication or analytics in the future. Firebase may collect certain data as described in Google's Privacy & Terms.
  • AWS (Amazon Web Services): Our backend infrastructure, including image storage (S3) and APIs (API Gateway, Lambda), is hosted on AWS. AWS processes data on our behalf as described in the AWS Privacy Notice.
  • IP Geolocation Services: We use third-party services to determine approximate geographic location from IP addresses for security and compliance purposes.

2. How We Use Your Information

We use the information we collect for various purposes, including to:

• Provide, operate, and maintain the Service.
• Process and deliver User Content between users.
• Age-Based Content Filtering: Use age group information to ensure appropriate content delivery and restrict interactions between incompatible age groups (specifically, users aged 15-17 can only interact with other users in the same age group).
• Safety and Security: Monitor and prevent inappropriate interactions, enforce age-based restrictions, and maintain platform safety.
• User Blocking and Safety Enforcement: Process and enforce user blocking relationships to prevent unwanted interactions, filter blocked users from message delivery and content sharing, and maintain comprehensive blocking logs for safety and compliance purposes.
• Profile Management: Enforce profile update restrictions including mandatory cooldown periods (14 days) and age progression validation.
• Improve, personalize, and expand the Service.
• Understand and analyze how you use the Service.
• Communicate with you, including for customer service.
• Send you push notifications (if enabled) related to Service activity (e.g., new messages, replies). You can control this in your device settings and app settings.
• Show advertisements through Google AdMob (age-appropriate content only).
• Find and prevent fraud and abuse.
• Ensure compliance with our Terms and Conditions and applicable laws.
• Law Enforcement Compliance: Maintain records and provide information to law enforcement authorities when legally required, including user identification, interaction histories, and behavioral patterns.
• Comply with legal obligations and respond to lawful requests from public authorities.
• Content Moderation: Use profile information to enhance content moderation capabilities and ensure platform safety.

3. How We Share Your Information

We may share the information we collect in the following ways:

• With Other Users (Limited): Your username and the User Content you send are shared with age-compatible recipients you designate. For users aged 15-17, content is only shared with other users in the same age group. Profile information (gender and age group) may be displayed to recipients for content moderation purposes.
• With Service Providers: We share information with third-party vendors and service providers that perform services on our behalf, such as:
  • Cloud hosting and storage (AWS).
  • Push notification delivery (Firebase Cloud Messaging).
  • Advertising networks (Google AdMob).
  • IP geolocation and security services.
  • Analytics and monitoring providers.
  These providers will only have access to the information necessary to perform these limited functions on our behalf and are required to protect and secure your information.
• For Legal Reasons and Law Enforcement: We may disclose your information, including but not limited to profile data, interaction histories, device information, IP addresses, and behavioral patterns, if required to do so by law or in the good faith belief that such action is necessary to:
  • Comply with legal obligations and court orders
  • Respond to lawful requests from law enforcement agencies
  • Protect and defend our rights or property
  • Prevent fraud and abuse
  • Investigate potential violations of our Terms
  • Protect the personal safety of users, especially minors
  • Cooperate with government investigations
• Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction as permitted by law and/or contract.
• Safety and Protection: We may share information when we believe it's necessary to protect users, especially minors, from harm or illegal activity.

We do not sell your personal information to third parties for commercial purposes.

4. Data Storage and Security

• Storage Location: User Content (images), profile data, interaction logs, and device information are stored using Amazon Web Services (AWS) infrastructure, primarily in the eu-west-2 (London) region, but potentially involving other regions for processing or redundancy.
• Security Measures: We implement comprehensive security measures including:
  • Encryption of data in transit and at rest
  • Secure API authentication and authorization
  • Regular security audits and monitoring
  • Access controls and user authentication
  • Device fingerprinting for fraud prevention
  • Session management and timeout controls
  However, please be aware that no security measures are perfect or impenetrable, and we cannot guarantee the security of your information.
• Age-Based Security: Users aged 15-17 receive enhanced privacy protections including restricted data sharing and isolated interaction environments.

5. Data Retention

• User Content (Images): We retain images you send and receive for a limited duration necessary to provide the Service features (e.g., until viewed/replied or expired based on Service rules). Specific retention periods depend on the implementation of features like view-once or expiration timers. User Content may be deleted automatically after these periods. Deleted content may persist in backups for a limited time.
• Profile Information: Gender, age group, and preference data are retained as long as your account is active. Profile update history is maintained for compliance and security purposes.
• Interaction Data: Message interaction logs, including ignored content and user preferences, are retained for service improvement and safety purposes.
• Blocking and Safety Records: User blocking relationships, blocking timestamps, and related safety data are retained for extended periods to ensure effective enforcement of blocking restrictions and to support safety investigations. Blocking data may be retained even after account deletion for safety and compliance purposes.
• Device and Session Data: Device information and session logs are retained for security, fraud prevention, and compliance purposes. This data may be retained longer than other data types for legal and safety reasons.
• Account Information: We retain your username and associated settings as long as your account is active. If you delete your account (if such functionality is offered) or it becomes inactive for an extended period, we may delete your information, subject to legal retention requirements.
• Compliance Records: Information required for law enforcement compliance may be retained for extended periods as required by applicable laws and regulations.
• Log Data: Log data is typically retained for analysis, security monitoring, and compliance purposes for periods ranging from 30 days to 7 years depending on the type of data and legal requirements.

6. Age-Based Restrictions and Protections

7. Your Rights and Choices

Depending on your location (e.g., EU/EEA, California, UK), you may have certain rights regarding your personal information:

• Access: You may have the right to request access to the personal information we hold about you, including profile data, interaction history, and device information.
• Correction: You may have the right to request correction of inaccurate personal information, subject to our profile update restrictions.
• Deletion: You may have the right to request deletion of your personal information, subject to certain exceptions including legal retention requirements and safety considerations.
• Objection/Opt-out: You may have the right to object to certain processing or opt-out of the "sale" or "sharing" of your data for targeted advertising (as defined by applicable law).
  • Advertising: You can typically limit ad tracking using the settings in your iOS or Android device. Please refer to your device settings and Google's Ad Settings.
  • Push Notifications: You can disable push notifications through your device settings or within the app's settings.
  • Profile Data: You can update your profile information subject to our restrictions (14-day cooldown, age progression only).
• Data Portability: You may have the right to receive your data in a portable format.
• Special Rights for Minors: Users aged 15-17 and their parents/guardians may have additional rights under applicable laws regarding the collection and use of minor's personal information.

To exercise these rights, please contact us using the details below. We will respond to your request in accordance with applicable law. We may need to verify your identity before processing your request. For users aged 15-17, we may require parental consent for certain requests.

8. Children's Privacy

Our Service is not intended for use by children under the age of 15. We do not knowingly collect personal information from children under 15. Users aged 15-17 receive special protections as outlined throughout this policy.

If we learn that we have collected personal information from a child under 15 without verification of parental consent, we will take immediate steps to delete that information. If you believe we might have any information from or about a child under 15, please contact us immediately.

9. Third-Party Services

Our Service uses third-party services like AWS, Firebase, Google AdMob, and IP geolocation providers. These services have their own privacy policies, which we encourage you to review:

• AWS Privacy Notice: https://aws.amazon.com/privacy/
• Google Privacy & Terms (covers Firebase & AdMob): https://policies.google.com/privacy
• Google AdMob & Adsense Program Policies: https://support.google.com/admob/answer/6128543

We are not responsible for the practices of these third-party services, but we require them to maintain appropriate privacy standards when processing data on our behalf.

10. International Data Transfers

Your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. If you are located outside the UK/EU and choose to provide information to us, please note that we transfer the data, including personal information, to regions where our service providers (like AWS) operate and process it there.

For users in the EU/EEA, we ensure appropriate safeguards are in place for international transfers in accordance with GDPR requirements. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

11. Law Enforcement and Legal Compliance

We maintain comprehensive records to support law enforcement investigations and comply with legal requirements. This includes:

• User identification and verification data
• Communication logs and interaction patterns
• Device fingerprints and IP address histories
• Content sharing and viewing records
• Platform activity and behavioral analytics

We cooperate fully with law enforcement agencies and may proactively report suspicious activities, especially those involving minors or potential harm.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy within the app and updating the "Last Updated" date. For significant changes affecting users aged 15-17, we may require additional consent.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted, except where additional consent is required by law.

13. Contact Us

If you have any questions about this Privacy Policy, data protection concerns, or wish to exercise your privacy rights, please contact us at:

Email: support@thesendrapp.com
Subject Line: Privacy Policy Inquiry

For urgent safety concerns involving minors, please include "URGENT - MINOR SAFETY" in your subject line.