ScaleItForMe

Privacy Policy

Effective date: April 5, 2026

ScaleItForMe (“we,” “us,” or “our”) operates the SIFM Mail Merge Sender platform (the “Service”). This Privacy Policy describes how we collect, use, store, and protect information when you use our Service, including data obtained through Google APIs.

1. Information We Collect

We collect the following categories of information:

  • Account information: Your name and email address, collected when you sign in with Google.
  • Gmail sender account data: When you connect a Gmail account as a sender, we request access to send emails on your behalf via the Gmail API (gmail.send scope). We also collect your email address via the userinfo.email scope to identify the connected account.
  • Campaign data: Email templates, recipient lists, campaign schedules, and sending configuration that you create within the Service.
  • Engagement data: Email open and click events collected through tracking pixels and link redirects embedded in campaign emails, including anonymized IP hashes, user agent strings, and timestamps.

2. How We Use Your Information

  • Sending campaign emails: We use Gmail API access solely to send email messages from your connected Gmail account on your behalf, at the times you schedule.
  • Campaign analytics: We use engagement data to provide you with open rates, click rates, bounce rates, and sender health metrics.
  • Service operation: We use account information to authenticate you and manage your access to the Service.

3. Google API Services — Limited Use Disclosure

SIFM Mail Merge Sender's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google API data to provide and improve the Service as described in this policy.
  • We do not transfer Google API data to third parties, except as necessary to provide or improve the Service, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with prior notice to users.
  • We do not use Google API data for serving advertisements.
  • We do not allow humans to read Google API data unless: (a) we have your affirmative consent for specific messages, (b) it is necessary for security purposes (e.g., investigating abuse), (c) it is necessary to comply with applicable law, or (d) the data is aggregated and anonymized for internal operations.

4. Data Storage and Security

  • Token encryption: Gmail OAuth tokens (access and refresh tokens) are encrypted at rest using AES-256-GCM before storage. Encryption keys are managed through Google Cloud Secret Manager.
  • Infrastructure: All data is stored in Google Cloud SQL (PostgreSQL) within the United States. The Service runs on Google Cloud Run with HTTPS enforced for all connections.
  • Access controls: Access to the Service is restricted to authorized users. Administrative actions (including connecting Gmail accounts) require the ADMIN role.

5. Data Retention and Deletion

  • Campaign data: Retained for the duration of your account or the applicable client retention period, whichever is shorter. Plain-text personally identifiable information is deleted after the retention period; hashed identifiers are retained for suppression matching.
  • Gmail tokens: Encrypted tokens are retained only while the sender account is active. When you disconnect a Gmail account, we delete the stored tokens and revoke the OAuth grant with Google.
  • Engagement data: Anonymized engagement metrics (open/click rates) may be retained indefinitely. IP hashes and user agents are deleted in accordance with the client retention period.

6. Data Sharing

We do not sell your data. We do not share Google API data with third parties except as described in Section 3. We may share aggregated, de-identified analytics with the clients whose campaigns you manage, as this is a core function of the Service.

7. Your Rights

  • Disconnect Gmail accounts: You can disconnect any connected Gmail sender account at any time through the Sender Accounts page. This revokes our access and deletes stored tokens.
  • Revoke access via Google: You can also revoke access at any time through your Google Account permissions page.
  • Data deletion: Contact us at privacy@scaleitforme.com to request deletion of your account and associated data.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised effective date.

9. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at privacy@scaleitforme.com.