Legal

Privacy Policy

Last updated

1. Overview

This Privacy Policy explains what personal data SendChief, a service operated by WILB LLC ("WILB LLC", "SendChief", "we", "us"), collects, why, how we use it, who we share it with, and the rights you have under the General Data Protection Regulation (GDPR) and similar laws.

SendChief provides managed email infrastructure — dedicated VPS provisioning, mail server installation, DNS automation, and mailbox management. This policy covers both the marketing website at sendchief.com and the dashboard application where subscribers manage their infrastructure.

2. Data Controller

WILB LLC, doing business as SendChief, is the data controller for personal data collected through the website and the dashboard for account management, billing, and operating the Service.

WILB LLC — 30 N Gould St, STE R, Sheridan, WY 82801, United States

For the mail content that passes through or is stored on your SendChief mail server, you are the data controller and SendChief acts as a data processor on your behalf. A Data Processing Agreement (DPA) consistent with Article 28 GDPR is available on request at support@sendchief.com.

3. What We Collect

Account data

  • Name, email address, and authentication credentials (passwords are hashed with industry-standard algorithms).
  • Workspace name, workspace membership, and role assignments.

Billing data

  • Billing email, company name, billing address, VAT/tax ID where applicable.
  • Payment information (card data is handled directly by Stripe; SendChief does not store raw card numbers).
  • Invoice and payment history.

Infrastructure metadata

  • Domains you register or add to SendChief, servers you provision, mailboxes you create, IP addresses assigned to your servers, DNS records managed on your behalf.

Usage and diagnostic data

  • Dashboard usage events (feature usage, errors, provisioning status) captured via PostHog in anonymous mode — no identifying cookies are set by PostHog on the marketing website.
  • Server-level logs required for operating the Service (authentication, provisioning steps, error traces).

Mail content

  • Messages sent and received through your SendChief mail server are stored on your dedicated VPS. SendChief personnel do not read message content in the normal course of operating the Service. Access is only performed when strictly necessary for support (with your consent) or to comply with legal obligations.

4. Lawful Basis for Processing (GDPR)

We process personal data under the following GDPR lawful bases:

  • Contract (Art. 6(1)(b)) — Processing necessary to provide the Service: account creation, billing, provisioning, operating the mail server.
  • Legitimate interests (Art. 6(1)(f)) — Fraud prevention, security monitoring, product analytics (in anonymous form), responding to support inquiries.
  • Legal obligation (Art. 6(1)(c)) — Tax records, responding to lawful requests from authorities.
  • Consent (Art. 6(1)(a)) — Marketing communications where required (newsletter subscriptions, etc.).

5. How We Use Data

  • Provide and operate the Service
  • Bill subscriptions and handle tax compliance
  • Provision infrastructure (VPS, DNS, mailboxes) on your behalf
  • Monitor security and prevent abuse
  • Respond to support requests
  • Communicate service updates, security notices, and, with consent, product updates

6. Sub-processors

SendChief uses the following sub-processors to deliver the Service. Each is bound by contractual obligations consistent with GDPR:

Sub-processorPurposeRegion
SupabaseAuthentication, database (PostgreSQL)EU / US (configurable)
ScalewayVPS hosting and mail server infrastructureEU (France, Netherlands)
CloudflareDNS automation, CDN, web securityGlobal
NamecheapDomain registrationUS
StripePayment processing, invoicingEU / US
ResendTransactional email delivery (system notices)EU / US
PostHogProduct analytics in anonymous mode (no identifying cookies)EU / US
VercelMarketing website and blog hostingEU / US

You can request an up-to-date list any time at support@sendchief.com.

7. International Data Transfers

Where personal data is transferred outside the EEA, SendChief relies on Standard Contractual Clauses (SCCs) and, where applicable, supplementary measures consistent with Schrems II guidance. EU customers can deploy infrastructure in EU regions to keep mail content within the EEA.

8. Data Retention

  • Account data: retained for the life of the account plus a reasonable period after cancellation for tax, audit, and legal purposes (typically 6 years for billing records under EU tax law).
  • Mail content: retained on your dedicated VPS for as long as your subscription is active. On cancellation, you control export and deletion timelines.
  • Analytics events: retained in aggregated form for product improvement.
  • Logs: retained for up to 90 days for security and troubleshooting.

9. Your Rights (GDPR)

If you are in the EEA, UK, or Switzerland, you have the right to:

  • Access — Request a copy of your personal data.
  • Rectification — Correct inaccurate data.
  • Erasure ("right to be forgotten") — Request deletion, subject to legal retention obligations.
  • Restriction of processing — Limit how we process your data in certain cases.
  • Data portability — Receive your data in a portable format.
  • Object — Object to processing based on legitimate interests.
  • Withdraw consent — Where processing is based on consent.
  • Lodge a complaint — With your local data protection authority.

To exercise any of these rights, email support@sendchief.com. We will respond within 30 days.

10. Cookies

The marketing website uses strictly necessary cookies only. PostHog analytics run in anonymous mode and do not set identifying cookies. See the Cookie Policy for details.

11. Security

SendChief protects personal data with a combination of technical and organizational measures:

  • AES-256-GCM encryption at rest for mailbox credentials
  • TLS in transit for all application and mail traffic
  • Hashed password storage for dashboard authentication
  • Role-based access controls in the dashboard
  • Hardened mail server configuration
  • Regular security reviews

No system is perfectly secure. If you discover a vulnerability, please contact support@sendchief.com.

12. Children

SendChief is not directed to individuals under 16 and does not knowingly collect personal data from them.

13. Changes to This Policy

Material changes to this Privacy Policy will be announced via email or in-product notice. The "Last updated" date at the top of this page reflects the most recent revision.

14. Contact

For privacy questions or to exercise your rights:

WILB LLC (d/b/a SendChief) — 30 N Gould St, STE R, Sheridan, WY 82801, United States — support@sendchief.com

Questions? Visit the contact page, or jump to the Privacy Policy, Terms, Cookies, or Imprint.