SendFAXMail

Privacy Policy

Last updated: June 13, 2026

This document is provided for general information and is not legal advice.

1. Introduction

This Privacy Policy explains how Send FAX Mail ("Send FAX Mail," "we," "us," or "our") collects, uses, and protects information when you use our fax-to-email service at www.sendfaxmail.com (the "Service"). By using the Service, you agree to the practices described here.

We keep this policy plain and specific to how the Service actually works. If anything here is unclear, contact us at privacy@sendfaxmail.com.

2. Information We Collect

We collect only what we need to run the Service:

  • Account information: your name and email address. Passwords are hashed with argon2 and never stored in plain text.
  • Google sign-in data: if you sign in with Google, we receive your email address, name, and basic profile from Google to create or access your account.
  • Fax content: documents you upload to send, faxes you receive, recipient and sender fax numbers, and delivery metadata (status, timestamps, page counts).
  • Payment information: billing is handled by Stripe. We never see or store your full card number — Stripe processes payment details directly.
  • Usage and log data: IP address and request timestamps, used for security, abuse prevention, and rate limiting.

3. How We Use Information

  • To provide, operate, and maintain the Service.
  • To transmit your outbound faxes and deliver inbound faxes.
  • To process subscriptions and payments.
  • To send transactional email (account, billing, fax status, and security notifications).
  • To secure the Service — preventing fraud and abuse, and enforcing rate limits.
  • To comply with legal obligations.

We do not sell your personal information, and we do not use it for third-party advertising.

4. Service Providers & Subprocessors

We rely on a small number of trusted providers, each receiving only the data needed for its function:

ProviderPurpose
StripePayment processing and subscriptions
TelnyxFax transmission and phone numbers
Amazon Web Services (S3)Encrypted storage of fax documents
MongoDB AtlasPrimary application database

Transactional email is sent through our own internal email infrastructure; it is not a third-party subprocessor.

5. Data Retention

  • Fax documents are retained for the life of your account so you can access your fax history, and are deleted when you delete them or close your account.
  • Email send logs (template name and delivery status, no message content) are automatically purged after 90 days.
  • Email verification tokens expire after 24 hours; password reset tokens expire after 60 minutes.
  • Account data is retained until you delete your account, except where we must keep records to meet legal or accounting obligations.

6. HIPAA & Protected Health Information

Our Professional, Business, and Enterprise plans are designed for handling protected health information (PHI). On these plans, inbound fax documents are never attached to email. Instead, you receive a notification with a link, and you download the document inside your authenticated dashboard session.

If you are a HIPAA covered entity or business associate, contact us at privacy@sendfaxmail.com about a Business Associate Agreement (BAA). You remain responsible for your own compliance obligations when using the Service.

7. Cookies & Tracking

We use only essential cookies: a session cookie that keeps you signed in, and a short-lived cookie that protects the Google sign-in flow from cross-site request forgery.

We do not use third-party analytics, advertising, or tracking cookies. There are no marketing pixels on the Service.

8. Your Privacy Rights

You may access, correct, export, or delete your personal information. To make a request, email privacy@sendfaxmail.com.

California residents (CCPA/CPRA)

You have the right to know what personal information we collect, to request its deletion, and to opt out of the sale of personal information. We do not sell personal information.

EEA / UK residents (GDPR)

We process personal data to perform our contract with you, to comply with legal obligations, and based on our legitimate interest in operating and securing the Service. You have rights of access, rectification, erasure, restriction, portability, and objection. Where data is transferred internationally, we rely on appropriate safeguards.

9. Security

We protect your information with industry-standard measures: argon2 password hashing, encrypted transport (TLS), cryptographically signed and idempotent payment and fax webhooks, and IP-based rate limiting. No method of transmission or storage is perfectly secure, but we work to protect your data and respond quickly to issues.

10. Children's Privacy

The Service is not directed to children under 18, and we do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

Questions about this Privacy Policy? Email privacy@sendfaxmail.com. See also our Terms of Service.