Who we are
"Senderly", "we", "us", and "our" refer to Senderly Pty. Ltd., the operator of the Senderly service (the web app at getsenderly.xyz and the Senderly apps for iOS and Android). Senderly is a link-based file and video sharing and viewing service: viewers paste a Senderly share link or an 8-digit code (or pick a local video) and watch instantly, and creators sign up to upload files and generate clean shareable links.
For the purposes of the EU General Data Protection Regulation (GDPR), the UK GDPR, and India's Digital Personal Data Protection Act, 2023 (DPDP Act), Senderly Pty. Ltd. acts as the data controller for personal data described in this policy.
Data we collect
Account information (creators)
You do not need an account to watch content. To upload files and get shareable links, you create a creator account. When you do, we collect:
- Sign-up details: your email address and a password, or the identifier returned when you choose Sign in with Apple or Google sign-in.
- Profile information: a display name and, optionally, a profile photo.
- Authentication-provider data: when you sign in with Apple or Google, we receive the basic account identifier (and the email or relay address those providers share) needed to create and secure your account. We do not receive your provider password.
Content you upload
- The files and videos you upload, together with their titles, descriptions, and any metadata you set (such as the generated share link and 8-digit code).
- Optional creator-side data such as follows, favourites, and playlists you create.
Information collected automatically
- Anonymous device install id: a randomly generated identifier stored on the device. We use it to count views and to let a viewer resume playback. It is not tied to a personal identity.
- View events: when a file is viewed we record a view event. The viewer id on a view event is anonymised and may be empty (nullable); we keep aggregate view counts.
- Basic usage and diagnostics: standard logs (such as IP address, app or browser version, and error/diagnostic information) used for security, abuse prevention, and fixing problems.
What we do not collect
- We do not use the iOS Advertising Identifier (IDFA) or any advertising identifier, and we do not perform cross-app or cross-site tracking.
- We do not serve ads in the app, and we do not share your data with advertising networks.
- We do not sell your personal data to anyone.
How we use your data
- To operate the service — store uploaded files, resolve share links and codes, and stream content to viewers.
- To create and secure creator accounts and authenticate sign-ins.
- To count views and let viewers resume playback.
- To maintain security, detect and prevent abuse, and debug problems.
- To respond to your support requests, rights requests, and legal obligations.
Processors and sub-processors
We rely on a small number of vendors that process data on our behalf to run the service:
- Supabase — Postgres database and authentication, hosted on AWS in the ap-south-1 (Mumbai) region. Authentication can use Apple and Google as identity providers.
- Cloudflare R2 — storage for uploaded files and videos.
- Vercel — hosting for the web app.
We do not share your personal data with anyone else except where required to comply with valid legal process, and we will notify you where we are permitted to do so.
International transfers
Our database and authentication data are processed on AWS in the ap-south-1 (Mumbai) region via Supabase, and other data is processed by the processors listed above. Where personal data is transferred across borders, we rely on appropriate safeguards (such as the processors' contractual commitments) as required by the GDPR, UK GDPR, and DPDP Act.
Your rights
Depending on where you live, you may have the right to access, correct, or delete your personal data, and to object to or restrict certain processing. You can exercise these rights at any time:
- In the app: delete your account and associated content via Settings → More → Delete account (a double-confirmation step). This removes your account and associated content, including your profile, uploaded files, follows, favourites, and playlists.
- By email: write to support@getsenderly.xyz with the subject "Privacy Request". We aim to respond within the timeframes required by applicable law.
Indian residents can also contact our Grievance Officer; see our grievance page.
Data retention
We keep account and content data for as long as your account is active. When you delete your account (in-app or by email), we remove your account and associated content. We may retain aggregate, anonymised view counts that are not tied to your identity, and limited records we are legally required to keep, for a reasonable period.
Children
Senderly is not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal data from them. Creator accounts are intended for users who are at least 18 years old. If you believe a child has provided us personal data, contact us and we will delete it.
Security
We use industry-standard measures to protect your data, including encrypted connections, access controls, and reputable infrastructure providers. No method of transmission or storage is completely secure, but we work to protect your information and to address issues promptly.
Future ads or paid features
Senderly does not currently use ads or offer paid features. If we introduce ads or paid features in the future, we will update this policy before those features launch.
Changes to this policy
We may update this policy from time to time. If we make material changes, we will update the effective date above and, where appropriate, notify you in-app or by email.
Contact
Senderly Pty. Ltd. — email support@getsenderly.xyz with the subject "Privacy Request".