EnoSend
Sign in Get started
Home Features How it works Pricing Documentation Contact Sign in Get started
Legal

Privacy Policy

Last updated: June 2026

Our promise

We only collect what's needed to run the service, we never sell your data, and we give you straightforward ways to see, export or delete it.

1. What we collect

  • Account data — name, email, password hash, optional company and address details.
  • Billing data — wallet balance, transactions, invoices. Card numbers never touch our servers — Paystack handles them and returns a token we can use for repeat charges with your consent.
  • Operational data — API calls, session connection state, message metadata (timestamps, direction, instance ID, counterparty number) and webhook delivery logs.
  • Message content — text and media you send through our API are stored temporarily so we can deliver them and so your dashboard can show your history. Retention varies by plan.
  • Diagnostic data — IP address, user agent and audit-log entries for security-relevant actions.

2. How we use it

To operate the platform, bill accurately, prevent abuse, comply with law, and respond to your support requests. We never use your message content to train AI models or for advertising.

3. Who we share it with

  • Paystack — payment processing.
  • Hosting providers — infrastructure on which EnoSend runs.
  • Email senders — transactional emails (account verification, alerts, receipts).
  • Authorities — only when required by valid legal process. We will notify you unless the law prevents it.

We never sell your data and we never share message content with advertisers or marketing partners.

4. Retention

Account data is kept while your account is active. After closure, we delete personal data within 30 days unless we are required to retain it for tax, fraud or legal reasons. Message metadata retention depends on plan — typically 90 days for free, 12 months for paid. Billing records are kept for 7 years to comply with tax law.

5. Security

Passwords are hashed with bcrypt. API keys are stored hashed — the plaintext is shown only at creation. Webhooks are HMAC-SHA256 signed. Traffic is encrypted in transit (TLS 1.2+) and at rest where supported by our database provider.

6. Your rights

You can access, correct, export and delete your data at any time. Email [email protected] and we'll respond within 30 days. EU/UK residents have rights under GDPR; Ghana residents have rights under the Data Protection Act, 2012.

7. International transfers

Our infrastructure may live outside your country. Where data leaves your region we rely on appropriate safeguards (Standard Contractual Clauses, encryption, etc.).

8. Cookies

We use a small number of strictly-necessary cookies for sign-in sessions and CSRF protection. We do not use advertising cookies or third-party analytics that track you across the web.

9. Changes

We'll notify you of material changes by email or in-app. The "Last updated" date above always reflects the current version.

10. Contact

Questions about privacy? [email protected].