Privacy Policy

Transactional Pro ("we," "us," or "our") operates a transactional email API service that allows developers to send application email such as receipts, password resets, OTPs, and notifications through a simple REST API powered by Amazon SES. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.

01 Information We Collect

Account Information

When you register for an account, we collect your name, email address, and password. If you sign in using Google OAuth, we receive your name, email address, and profile picture from Google. We also collect billing information when you purchase email credits through our payment processor, Paddle.

Email Data You Send

When you send messages through our API, we process the recipient email addresses, subject lines, message content, and any metadata you attach to each request. This data is submitted by you through the API and is processed on your behalf solely to deliver your email and provide sending logs.

API Keys & Domain Configuration

We store the API keys you generate and the configuration of your verified sending domains, including the SPF, DKIM, and DMARC DNS verification records associated with each domain.

Tracking and Delivery Data

When you send email through our platform, we collect delivery events including accepted sends, deliveries, bounces, and complaints reported by Amazon SES, as well as optional open events (via tracking pixels) and click events (via link tracking). This data is tied to individual messages to provide you with logs and analytics.

Usage and Technical Data

We automatically collect information about how you use our platform, including pages visited, API endpoints called, browser type, IP address, and device information. We also record domain verification records when you configure verified sending domains.

02 How We Use Your Information

• check_circle Provide our services: deliver your transactional email, authenticate API requests, verify sending domains, and provide delivery logs and analytics.
• check_circle Process payments: handle credit purchases through Paddle, our payment processor.
• check_circle Maintain deliverability: process bounces and complaints, deliver webhooks, and protect the sending reputation of the platform.
• check_circle Secure your account: authenticate logins, enable two-factor authentication, verify email addresses, and prevent fraud and API abuse.
• check_circle Improve our platform: analyze usage patterns to improve performance, fix issues, and develop new features.
• check_circle Communicate with you: send service-related notices, respond to support requests, and notify you of important changes.

03 Third-Party Services

We use the following third-party services to operate our platform:

We do not sell, rent, or trade your personal information or the email data you send through the API to any third party. We only share data with the service providers listed above as necessary to deliver our services.

04 Data You Control

You are the data controller for any recipient data you send through our API. You are responsible for ensuring that you have the necessary permissions and legal basis to email the recipients you specify in your API requests. You can:

• check_circle Create, rotate, or revoke API keys at any time.
• check_circle Add, verify, or remove sending domains and webhook endpoints.
• check_circle Delete message logs and sending history within your account.
• check_circle Export your data or request account deletion by contacting us.

05 Email Recipient Rights

We process recipient email addresses solely to deliver the transactional messages you send through the API on your behalf. Recipients who wish to access or remove their data should contact the sender (our user) directly, as the sender is the data controller for their recipient information. We maintain suppression of addresses that have hard-bounced or filed complaints to protect deliverability.

06 Data Security

We implement industry-standard security measures to protect your data, including encrypted connections (HTTPS/TLS), hashed passwords, hashed API keys, two-factor authentication support, and secure session management. Payment data is handled entirely by Paddle and never stored on our servers. While no system is completely secure, we take reasonable precautions to protect your information from unauthorized access, alteration, or destruction.

07 Cookies

We use essential cookies to maintain your session, remember your authentication state, and store your interface preferences (such as appearance settings and sidebar state). These cookies are necessary for the platform to function and cannot be disabled. We do not use advertising or third-party tracking cookies.

08 Data Retention

We retain different categories of data for different periods:

• check_circle Account data and configuration: retained for as long as your account is active.
• check_circle Message logs and tracking data (IP addresses, user agents): anonymized after 90 days. Aggregate delivery statistics are retained for the lifetime of the account.
• check_circle Billing records: retained for 7 years as required by tax regulations.
• check_circle Deleted accounts: all personal data and message logs are permanently removed within 30 days of account deletion.

09 Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

• check_circle Right of access: request a copy of the personal data we hold about you.
• check_circle Right to rectification: request correction of inaccurate personal data.
• check_circle Right to erasure: request deletion of your personal data ("right to be forgotten").
• check_circle Right to data portability: export your data in a machine-readable format via your account settings.
• check_circle Right to restrict processing: request that we limit how we use your data.
• check_circle Right to object: object to processing of your personal data for certain purposes.
• check_circle Right to withdraw consent: withdraw your consent at any time where processing is based on consent.
• check_circle Right to lodge a complaint: file a complaint with your local data protection supervisory authority.

To exercise any of these rights, visit the Data & Privacy section in your account settings or contact us at privacy@transactional.pro. We will respond within 30 days of receiving your request.

10 Legal Basis for Processing

We process your personal data under the following legal bases:

11 International Data Transfers

Your data may be processed and stored in the United States through our infrastructure provider, Amazon Web Services (AWS). For transfers of personal data from the EEA or UK, we rely on appropriate safeguards including the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs) as approved by the European Commission. Our payment processor, Paddle, may also process billing data internationally in accordance with their own privacy commitments and applicable data transfer mechanisms.

12 Children's Privacy

Our service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete that information promptly.

13 Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or by placing a prominent notice on our platform. Your continued use of the service after changes take effect constitutes acceptance of the updated policy.

14 Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us at support@transactional.pro. For privacy-specific inquiries or to exercise your GDPR rights, contact our privacy team at privacy@transactional.pro.