DPA & Subprocessors
Last updated: May 16, 2026
This page summarizes SendMate’s approach to data processing agreements (DPAs) and lists the service providers (subprocessors) we use to operate the Software. It is provided alongside, and is subject to, our Privacy Policy and Terms of Service.
Local-first by design
SendMate is local-first. Your message content, contacts, phone numbers, Follow Up Boss session, notes, tasks, and send queue stay on your computer. SendMate servers and our subprocessors handle only account, billing, licensing, updates, security, and privacy-preserving verification metadata. Texts are sent directly from the SendMate desktop app to Follow Up Boss using your local Follow Up Boss session — SendMate does not proxy message bodies through our servers.
Requesting a DPA
If your organization requires a written Data Processing Addendum for your use of SendMate (for example, under GDPR Article 28, the UK GDPR, or CCPA service-provider terms), email [email protected] from an authorized contact on your account with:
- The legal name of the contracting entity
- Your account email or organization identifier
- Any specific clauses or annexes your legal team needs (for example, Standard Contractual Clauses, UK Addendum, or region-specific transfer language)
We will respond with a DPA proposal or a request for additional information. We do not maintain a public, pre-signed DPA template today; each request is reviewed individually.
Subprocessors
The following service providers process limited personal data on SendMate’s behalf. Each provider receives only the data needed for its role and is bound by its own published terms (and, where applicable, a DPA with SendMate) to use that data solely to provide the service.
| Provider | Role | Data categories | Region |
|---|---|---|---|
| Supabase | Authentication, account database, edge functions, Realtime | Account, auth, session, billing, diagnostic, anomaly, send-outcome metadata | United States |
| Paddle | Payments, subscriptions, merchant of record (tax) | Billing identity, payment method tokens, subscription status | United States / Europe |
| Twilio | SMS notification delivery and phone-number verification | Account holder’s mobile number, OTP codes, delivery status | United States |
| Resend | Transactional and notification email delivery | Email address, message subject/body of transactional emails | United States |
| Sentry | Application and website error monitoring | Error type/message/stack, app version, scrubbed device/environment metadata (PII regexes scrubbed pre-transmission) | United States |
| HelpScout | In-app and website support chat and knowledge base | Account holder name, email, support conversation content | United States |
| Cloudflare | Bot/abuse prevention (Turnstile), DNS, CDN, traffic analytics | IP address, User-Agent, Turnstile challenge data | United States |
| Vercel | Website hosting, deployment, Vercel Analytics | IP address, User-Agent, aggregated/anonymous page-view counts (no tracking cookies) | United States |
| Google Fonts | Font delivery for the website | IP address, User-Agent (standard HTTP request data) | United States |
What subprocessors do not receive
Consistent with SendMate’s local-first design, the following do not flow through SendMate or any of our subprocessors in normal operation: plaintext message bodies, contact names, contact phone numbers (other than your own verification number, or numbers you submit to the optional Real Phone Validation DNC-screening feature), Follow Up Boss cookies or API keys, raw Follow Up Boss notes or tasks, or your local send queue.
International data transfers
Several subprocessors above are U.S.-based. Where personal data is transferred out of the European Economic Area, United Kingdom, or Switzerland, we rely on appropriate safeguards including, as applicable, the European Commission’s Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, the EU–US Data Privacy Framework where our processors are certified, or equivalent safeguards published by each processor.
Changes to this list
We update this page when we add, remove, or materially change a subprocessor. If you would like to be notified of changes, email [email protected] and we will add you to our subprocessor-change notice list.
Contact
For DPA requests, subprocessor questions, or data-protection inquiries, email [email protected].
Operator: Mint Strategies LLC (d/b/a SendMate)