Skip to content
SendSquared

Privacy Policy

Last updated: May 8, 2026

1. Introduction

SendSquared ("SendSquared," "we," "our," or "us") is operated by AdBase, Inc. d/b/a SendSquared. This Privacy Policy explains how we collect, use, share, and protect personal information when you visit sendsquared.com or use our services. It also explains the rights you have over your personal information under the EU/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), and other applicable privacy laws.

If you do not agree with this Privacy Policy, please do not use our website or services.

2. Data Controller

For the purposes of GDPR and similar laws, the data controller is:

For data processed on behalf of our customers (where SendSquared acts as a processor), the customer is the data controller and SendSquared is the data processor under a Data Processing Agreement.

3. Information We Collect

3.1 Information You Provide

  • Name, business email, phone number, and mailing address
  • Company name, job title, and property portfolio details
  • Account credentials (username, hashed password)
  • Billing and payment information (processed by our payment processor; we do not store full card numbers)
  • Content you submit through forms (demo requests, contact, partner applications, advocacy applications, careers, newsletter)
  • Communications you send us (email, phone, chat)

3.2 Information Collected Automatically

  • IP address, browser type and version, operating system, device identifiers
  • Pages visited, referring URL, time spent, click and scroll behavior
  • Cookies and similar tracking technologies (see Section 7 below)

3.3 Information from Third Parties

  • Property management system (PMS) data when our customers connect their PMS
  • OAuth profile data from connected platforms (Airbnb, Google, etc.)
  • Enrichment data from business contact services (limited use, with opt-out available)

4. Legal Bases for Processing (GDPR)

We rely on the following legal bases under Article 6 GDPR:

  • Contract (Art. 6(1)(b)): to deliver the SendSquared services you or your employer subscribe to.
  • Legitimate interests (Art. 6(1)(f)): to operate, secure, and improve our website and services; to prevent fraud and abuse; to send service-related communications. We balance these interests against your privacy rights.
  • Consent (Art. 6(1)(a)): for marketing communications, non-essential cookies, and certain analytics. You can withdraw consent at any time without affecting the lawfulness of prior processing.
  • Legal obligation (Art. 6(1)(c)): to comply with tax, accounting, FCC/Telecom, anti-spam (CAN-SPAM, TCPA), and law-enforcement requirements.

5. How We Use Information

  • Provide, maintain, secure, and improve the SendSquared platform and website
  • Authenticate you and process transactions
  • Respond to inquiries and provide customer support
  • Send transactional communications (account, security, billing)
  • Send marketing communications where you have consented or where permitted by law
  • Detect, investigate, and prevent security incidents and abuse
  • Comply with legal obligations and enforce our terms
  • Analyze website usage in aggregate to improve experience and content

We do not use personal information to make solely automated decisions that produce legal or similarly significant effects.

6. How We Share Information

We do not sell personal information. We share information only as described below:

  • Service providers (sub-processors): cloud hosting (Amazon Web Services), email delivery (Amazon SES), SMS delivery (Twilio), analytics (Google Analytics), payment processing (Stripe), customer support tooling, and similar vendors. Each is bound by a Data Processing Agreement and processes data only on our instructions.
  • Customers: if you submit a form or interact with a SendSquared customer's property, your data may flow to that customer in their CRM.
  • Legal and safety: to comply with subpoenas, court orders, or other legal processes; to protect our rights, your safety, or the safety of others.
  • Business transfers: in connection with a merger, acquisition, or asset sale, with notice to affected users.
  • With your consent: for any other purpose disclosed at the time of collection.

7. Cookies and Tracking

We use cookies and similar technologies, organized into four categories that match our cookie consent banner:

  • Strictly Necessary (always on): required for the site to function — security, session management, load balancing, the cookie consent record itself.
  • Functional (optional): remember preferences such as theme, language, and dismissed banners.
  • Analytics (optional): aggregated usage measurement via Google Analytics 4 and SendSquared internal analytics. Data is pseudonymized where possible.
  • Marketing (optional): third-party advertising and retargeting. Currently unused; the category exists in case we add such tools.

You can change your cookie preferences any time by clicking "Cookie Preferences" in the site footer. We honor Google Consent Mode v2 signals, so analytics and advertising tags receive your choice in real time. Browser-level Do Not Track and Global Privacy Control signals are also recognized as a preference to deny non-essential cookies.

8. International Data Transfers

SendSquared is based in the United States. If you access our services from outside the U.S., your information will be transferred to, stored in, and processed in the U.S. and other jurisdictions where our service providers operate.

For transfers of personal data from the EU/EEA, UK, or Switzerland to the United States, we rely on the EU Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and supplementary measures where appropriate. Copies of the SCCs are available on request.

9. Data Retention

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, tax, or reporting requirements. Typical retention periods:

  • Account data: for the life of the account plus 90 days after closure (then deleted or anonymized).
  • Form submissions: up to 24 months after the last interaction, unless converted into an account or customer record.
  • Marketing contacts: until you unsubscribe or 24 months of inactivity, whichever is sooner.
  • Billing and transaction records: seven years. This retention period satisfies every applicable Minnesota and federal requirement: Minnesota's 3.5-year sales and income tax record requirement (Minn. Stat. § 289A.38), the federal IRS standard three-year audit window for income tax returns, the four-year retention requirement for employment tax records, the six-year window for cases involving substantial omission of income (more than 25% of gross income), and the seven-year window applicable to bad debt deductions and losses on worthless securities (IRS Publication 583 / Topic 305).
  • Server logs: 90 days for security and debugging.
  • Backups: rolling 30-day window; deletion requests are honored on the active database immediately and on backups within 30 days.

10. Your Rights

10.1 GDPR Rights (EU/EEA, UK, Switzerland)

You have the right to:

  • Access (Art. 15): request a copy of personal data we hold about you.
  • Rectification (Art. 16): correct inaccurate or incomplete data.
  • Erasure / Right to be Forgotten (Art. 17): request deletion of your data, subject to legal exceptions.
  • Restriction (Art. 18): pause processing while a dispute is resolved.
  • Data portability (Art. 20): receive your data in a structured, machine-readable format.
  • Object (Art. 21): object to processing based on legitimate interests, including direct marketing.
  • Withdraw consent: withdraw any consent you have given, at any time.
  • Lodge a complaint: file a complaint with your local data protection authority (e.g., ICO in the UK, CNIL in France, the Datatilsynet in Norway).

10.2 CCPA / CPRA Rights (California)

California residents have the right to:

  • Know what personal information we collect, use, disclose, and sell.
  • Request deletion of personal information.
  • Correct inaccurate personal information.
  • Opt out of the sale or sharing of personal information. (We do not sell personal information.)
  • Limit the use of sensitive personal information.
  • Non-discrimination for exercising these rights.

10.3 How to Exercise Your Rights

Email privacy@sendsquared.com with your request. We will verify your identity and respond within 30 days (GDPR) or 45 days (CCPA), with one extension where permitted. You can also use an authorized agent.

11. Data Security

We implement technical and organizational measures appropriate to the risk, including encryption in transit (TLS 1.2+) and at rest (AES-256), access controls, principle of least privilege, regular security testing, and an incident response process. Our practices are ISO-aligned. No system is perfectly secure, however, and we cannot guarantee absolute security. We will notify you and applicable regulators of personal data breaches within 72 hours where required by law.

12. Children's Privacy

SendSquared services are intended for business users aged 18 and over. We do not knowingly collect personal information from children under 16. If we learn we have collected such information, we will delete it. Parents or guardians who believe a child has provided us personal information may contact privacy@sendsquared.com.

13. Third-Party Sites and Services

Our website and services may link to third-party sites and services. We are not responsible for the privacy practices of those parties. Review their privacy policies before providing personal information.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page with a new "Last updated" date. Material changes will be communicated via email (where we have your address) or a prominent banner on the site. Your continued use of our services after a change constitutes acceptance.

15. Relationship to Other Agreements

This Privacy Policy works together with our Terms of Use and, where applicable, your signed SendSquared Service Agreement. Where a signed Service Agreement contains data-protection terms (such as a Data Processing Addendum or specific data-handling commitments), those terms govern the processing of Customer Data and control in the event of any conflict with this Policy.

16. Contact Us

For privacy questions, requests, or concerns: