iSendora

    Privacy Policy

    Last updated: May 18, 2026

    ISENDORA INC. ("iSendora", "we", "us", or "our") operates the website https://isendora.com and provides AI-powered automation services (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use and share it, and the choices and rights you have. It applies to visitors of our website and users of our Service worldwide, with additional disclosures for residents of certain U.S. states and the European Economic Area, the United Kingdom, and Switzerland.

    By using the Service, you agree to the collection and use of information in accordance with this Policy.

    1. Who we are

    ISENDORA INC. is a Florida corporation with its registered office at 19707 Turnberry Way, Office 17A, Aventura, FL 33180, United States. iSendora is the controller (or, where applicable, the "business") responsible for personal information collected through the Service.

    Privacy questions, requests, or complaints: admin@isendora.com.

    2. Scope of this Policy

    This Policy covers personal information we process about (a) visitors to our marketing website, (b) account holders and authorized users of the Service, and (c) individuals whose data is processed through accounts our customers connect to the Service (for example, end users contacting a business on Instagram or Facebook). For category (c), we typically act as a service provider or processor on behalf of our customer, and the customer's own privacy notice governs their handling of that data.

    3. Categories of personal information we collect

    In the past twelve (12) months we have collected the following categories of personal information, as defined under the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"):

    • Identifiers — name, email address, phone number, account ID, IP address.
    • Customer records — billing details and contact information you provide.
    • Commercial information — subscriptions, usage of the Service, features enabled.
    • Internet or other electronic network activity — pages viewed, referring URL, device and browser type, language, time zone, interaction logs.
    • Geolocation data — approximate location derived from IP address (city / country level only). We do not collect precise geolocation.
    • Professional information — company name and role you provide when you contact sales.
    • Inferences — aggregated insights drawn from the categories above to improve and personalize the Service.
    • Content from connected platforms — messages, comments, mentions, and metrics from accounts our customers connect (Instagram, Facebook, etc.) within the permissions you grant via the platform's OAuth flow.

    We do not knowingly collect "sensitive personal information" (as defined by CPRA, FDBR, or GDPR) such as government IDs, precise geolocation, racial or ethnic origin, religious beliefs, health/genetic/biometric data, sexual orientation, or contents of private communications other than those you direct us to process on your behalf via a connected platform.

    4. Sources of information

    • Directly from you (forms, account creation, support emails, onboarding calls).
    • From your devices and browsers (cookies, log files, server-side telemetry).
    • From third-party platforms you connect to the Service (Meta Graph API, Google APIs, etc.) under the permissions you grant.
    • From service providers that help us operate the Service (hosting, payments, anti-spam, error monitoring).

    5. How we use information

    We use personal information for the following business and commercial purposes:

    • Provide, operate, secure, and maintain the Service.
    • Process and respond to messages on connected social media accounts on behalf of the account owner.
    • Authenticate users, prevent fraud, and enforce our Terms.
    • Communicate with you about your account, updates, security, and support.
    • Send marketing communications about features and offerings, where permitted (you can opt out at any time).
    • Conduct analytics to understand usage and improve the Service.
    • Comply with legal obligations and respond to lawful requests.

    We do not use your personal information, your customers' personal information, or content from connected platforms to train artificial intelligence or machine learning models.

    6. Legal bases for processing (EEA / UK / Switzerland)

    If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the General Data Protection Regulation ("GDPR") and the UK GDPR:

    • Performance of a contract (Art. 6(1)(b)) — to provide the Service you request.
    • Legitimate interests (Art. 6(1)(f)) — to secure the Service, prevent abuse, run analytics, and develop new features. We balance these against your rights.
    • Consent (Art. 6(1)(a)) — for non-essential cookies, marketing communications, and any other processing that requires your opt-in. You can withdraw consent at any time.
    • Legal obligation (Art. 6(1)(c)) — to comply with applicable law and lawful requests.

    7. How we share information

    We disclose personal information in the following limited circumstances:

    • Service providers bound by contract to use data only to provide their service to us. Current categories include: cloud hosting and edge delivery (Vercel Inc., Cloudflare Inc.), database and authentication (Supabase Inc.), AI inference (OpenAI, Anthropic, Google, where applicable), payment processing, email delivery, error monitoring (Sentry), and bot/anti-abuse (Cloudflare Turnstile).
    • Affiliates within the iSendora corporate group, subject to this Policy.
    • Legal compliance when required by law, regulation, court order, or to protect our rights, safety, or property, or that of others.
    • Business transfers in connection with a merger, acquisition, financing, or sale of assets, with notice to you.
    • With your consent for any other disclosure described at the time of collection.

    8. Data from Google APIs

    iSendora integrates with Google APIs (for example, the Google Ads API) when a user explicitly connects a Google account through our OAuth consent flow. The connecting user chooses which accounts to share with the Service and can revoke access at any time from within iSendora or from their Google Account security settings at myaccount.google.com/permissions.

    iSendora's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

    Specifically, for data obtained through Google OAuth:

    • We use the data only to provide and improve the user-facing features the connecting user authorized when they connected the account (for example, a campaign performance dashboard built from the connected Google Ads account).
    • We do not transfer the data to third parties except (a) to provide or improve those user-facing features as authorized, (b) for security purposes (such as investigating abuse), (c) to comply with applicable law, or (d) as part of a merger, acquisition, or sale of assets with notice to the user.
    • We do not use the data for advertising, including retargeting, personalized, or interest-based advertising.
    • We do not allow humans to read the data, except (a) with the user's affirmative consent for specific pieces of data, (b) as necessary for security purposes (such as investigating abuse), (c) to comply with applicable law, or (d) for internal operations after the data has been aggregated and de-identified.
    • We do not use Google user data to train artificial intelligence or machine learning models.
    • Access tokens and refresh tokens issued by Google are stored encrypted at rest using AES-256-GCM. They are decrypted in memory only at the moment a Google API call is made on behalf of the user.
    • When the user disconnects a Google integration in iSendora, we delete the stored tokens and the data fetched through them in accordance with the retention rules in Section 11.

    9. We do not "sell" or "share" personal information

    We do not sell personal information for monetary consideration. We do not "share" personal information for cross-context behavioral advertising as those terms are defined under the CPRA. Because we do not engage in such sale or sharing, you do not need to submit a "Do Not Sell or Share My Personal Information" request, and we honor recognized opt-out preference signals (such as the Global Privacy Control) where required by law.

    10. Cookies and tracking technologies

    We use a small number of first-party cookies and similar technologies. They fall into three categories:

    • Strictly necessary — required for core site functionality (security, session management, language, your cookie choice). These are set without consent because the site cannot operate without them.
    • Analytics — help us understand how the site is used so we can improve features. Set only with your consent.
    • Marketing — measure performance of advertising campaigns. Set only with your consent. Off by default.

    You can manage your choice at any time using the "Cookie Preferences" link in the footer of every page.

    11. Data retention

    We retain personal information only as long as needed for the purposes described in this Policy or as required by law. As a general rule:

    • Account data — for the life of your account, plus up to 30 days after deletion.
    • Connected-platform content (messages, comments, metrics) — deleted within 30 days of you disconnecting the integration or requesting deletion.
    • Billing and tax records — up to 7 years (or longer if required by U.S. federal or Florida state law).
    • Security and audit logs — up to 12 months.
    • Aggregated or de-identified data that cannot reasonably be used to re-identify you may be retained indefinitely.

    12. Security

    We implement reasonable technical and organizational measures to protect your information, including encryption in transit (HTTPS / TLS), encryption at rest, role-based access controls, secret management, and regular security reviews. No system is perfectly secure, and we cannot guarantee absolute security. If we ever experience a personal data breach affecting you, we will notify you and applicable authorities as required by Florida's Information Protection Act (FIPA) and other applicable laws.

    13. International data transfers

    We are based in the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S., where data-protection laws may differ from those of your jurisdiction. For users in the EEA, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (and the UK Addendum / Swiss equivalent where applicable) as the lawful safeguard for international transfers.

    14. Your rights

    14.1 All users

    Regardless of where you live, you can email admin@isendora.com to:

    • Access the personal information we hold about you.
    • Request correction of inaccurate information.
    • Request deletion of your information (see also our Data Deletion Instructions).
    • Request export of your information in a portable format.
    • Withdraw any consent you previously gave.
    • Opt out of marketing emails using the unsubscribe link in any message.

    We respond within 30 days (extendable by up to 60 days for complex requests, with notice).

    14.2 California residents (CCPA / CPRA)

    If you are a California resident, you have the right to: (a) know the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes, and the categories of third parties to whom we disclose it; (b) request deletion; (c) request correction; (d) opt out of the sale or sharing of personal information (we do not sell or share, see Section 9); (e) limit our use of sensitive personal information (we do not process sensitive personal information for purposes that would trigger this right); and (f) be free from retaliation for exercising your rights.

    We do not use or disclose sensitive personal information beyond the purposes permitted by Cal. Civ. Code § 1798.121(a). California's "Shine the Light" law (Cal. Civ. Code § 1798.83) permits California residents to request information about disclosures of personal information to third parties for direct-marketing purposes; we do not disclose personal information to third parties for their own direct-marketing purposes.

    Authorized agents may submit requests on your behalf with written permission and verification of your identity.

    14.3 Florida residents (Florida Digital Bill of Rights)

    Florida residents may request to: (a) confirm whether we are processing their personal information and access that information; (b) correct inaccurate personal information; (c) delete personal information; (d) obtain a portable copy of personal information; and (e) opt out of the sale of personal information, targeted advertising, and certain profiling. As stated in Section 9, we do not sell personal information or engage in cross-context behavioral advertising.

    We voluntarily honor these rights for all Florida residents who use the Service, even where the Florida Digital Bill of Rights does not by its terms apply to a business of our size.

    14.4 Other U.S. state residents

    Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Oregon (OCPA), Texas (TDPSA), Montana, Tennessee, Indiana, Iowa, Delaware, New Jersey, New Hampshire, Minnesota, Maryland, Rhode Island, and other states with comprehensive privacy laws have rights similar to those described above, including access, correction, deletion, portability, and opt-out of targeted advertising and sale. Email admin@isendora.com to exercise any such right.

    14.5 EEA, UK, and Switzerland (GDPR)

    In addition to the rights above, you have the right to (a) restrict our processing of your data, (b) object to processing based on legitimate interests, (c) lodge a complaint with your local data protection authority, and (d) not be subject to a decision based solely on automated processing that produces legal or similarly significant effects (we do not engage in such decision-making through the Service).

    Contact information for data protection authorities is available at edpb.europa.eu (EEA), the UK Information Commissioner's Office, or the Swiss Federal Data Protection and Information Commissioner.

    14.6 How we verify requests

    To protect your information, we verify the identity of the person making a rights request by matching at least two pieces of information (for example, the email associated with your account plus a recent invoice number or a piece of information only you would know). We will not respond to unverified requests.

    15. Automated decision-making

    We do not engage in automated decision-making, including profiling, that produces legal or similarly significant effects on you. Generative AI features within the Service operate as tools for the human user; outputs are not used to make automated decisions about individuals.

    16. Children's privacy

    The Service is not directed to, and we do not knowingly collect personal information from, individuals under the age of 13 in the United States or under 16 in the European Economic Area, the United Kingdom, or Switzerland. If we learn that we have collected such information without appropriate consent, we will delete it. If you believe a child has provided personal information, contact admin@isendora.com.

    17. Do Not Track and Global Privacy Control

    Our website does not respond to browser "Do Not Track" signals because no consistent industry standard exists for them. We do recognize the Global Privacy Control (GPC) opt-out preference signal where required by law, and treat it as a request to opt out of any sale or sharing.

    18. Third-party links

    The Service may contain links to third-party websites or services that we do not control. This Policy does not apply to those third parties; we encourage you to read their privacy notices.

    19. Notice of Financial Incentive

    We do not offer financial incentives, price differences, or service-quality differences in exchange for the collection, sale, or sharing of personal information.

    20. Changes to this Policy

    We may update this Privacy Policy from time to time. Material changes will be communicated by posting the updated Policy on this page and updating the "Last updated" date. For significant changes, we will provide at least 30 days' notice via email or in-Service notification before they take effect.

    21. Contact

    For privacy questions, requests, or complaints, contact:

    ISENDORA INC.
    19707 Turnberry Way, Office 17A
    Aventura, FL 33180, United States

    We have not appointed a Data Protection Officer or an EU/UK Article 27 representative because the scale and nature of our processing does not require one. We will appoint one if and when applicable thresholds are met.