Last updated: March 29, 2026
"Controller" means you, the customer, who determines the purposes and means of processing personal data.
"Processor" means Sendly Technologies, which processes personal data on behalf of the Controller.
"Personal Data" means any data relating to an identified or identifiable natural person.
Sendly processes personal data solely for the purpose of providing the email marketing service, including:
| Category | Examples | Purpose |
|---|---|---|
| Contact identifiers | Email addresses, names, phone numbers | Email delivery, personalization |
| Custom fields | City, order history, preferences | Segmentation, personalization |
| Engagement data | Opens, clicks, bounces | Analytics, automation triggers |
| Account data | Admin email, business name | Authentication, billing |
Sendly uses the following sub-processors:
| Sub-Processor | Purpose | Location |
|---|---|---|
| Resend Inc. | Email delivery | United States |
| Microsoft Azure | Cloud hosting, database | South Africa (Cape Town region) |
| Paystack (Stripe) | Payment processing | Nigeria |
| Termii | SMS delivery | Nigeria |
We will notify you at least 30 days before adding a new sub-processor.
In the event of a personal data breach, Sendly will notify the Controller within 72 hours of becoming aware of the breach. The notification will include the nature of the breach, data affected, likely consequences, and measures taken.
This DPA is designed to comply with:
Upon termination of the Service, Sendly will delete all personal data within 30 days unless retention is required by law. You may request immediate deletion by contacting legal@hellosendly.com.
The Controller may audit Sendly's compliance with this DPA once per year, with 30 days' written notice. Audits shall be conducted during normal business hours and shall not unreasonably interfere with Sendly's operations.
Data Protection Officer: legal@hellosendly.com
Sendly Technologies, 6 Ilupeju Road, Oluyole Sharp Corner, Ibadan, Nigeria