Trust & Security

Security & Data Privacy

Your data security is our top priority. Here's exactly what we access, what we store, and how we protect it.

What We Access

  • Google Sheets (read-only): We read your selected sheet to get recipient emails and merge fields
  • Gmail (send-only): We send emails on your behalf. We never read your inbox or existing emails
  • Email address: To identify your account and track usage

What We Store

We store only the minimum data necessary to provide our service:

Data Type Stored? Purpose
Your email address Yes Account identification
Recipient email addresses Yes Tracking & unsubscribe management
Email subjects Yes Campaign reporting
Open/click tracking Yes Campaign analytics
Google Sheets content No Processed in real-time only
Email body content No Never stored on our servers
AI prompts No Processed and discarded
Your Gmail inbox No We never access it

How We Protect Your Data

HTTPS/TLS Encryption

All data in transit is encrypted

Google OAuth 2.0

We never see or store your Google password

Secure Database

Hosted on Heroku with encryption at rest

No Refresh Tokens

We don't store long-term access to your account

Google API Compliance

SendMergeMail's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

This means we:

  • Only use your data to provide the mail merge service you requested
  • Never sell your data to third parties
  • Never use your data for advertising purposes
  • Never transfer your data except as necessary to provide the service

Revoking Access

You can revoke SendMergeMail's access to your Google account at any time:

  1. Go to your Google Account permissions
  2. Find "SendMergeMail" in the list
  3. Click "Remove Access"

To request deletion of all your data, email support@sendmergemail.com.

Questions?

If you have any questions about our security practices or data handling, please contact us at support@sendmergemail.com.