Lunar Send ("Lunar Send," "we," "our," or "us"), operated by
Brandtogo LLC, respects your privacy.
This Privacy Policy explains how we collect, use, store, and protect
your information when you use our website and CRM platform (the "Service").
By using Lunar Send, you agree to the collection and use of information
in accordance with this policy.
1. Who We Are
Lunar Send is a CRM and email automation platform operated by
Brandtogo LLC and based in Boston, Massachusetts. We allow users to
send, track, and manage email-based outreach campaigns through
integrations such as Gmail.
Contact: support@lunarsend.com
2. Information We Collect
We collect the following categories of information:
a. Account Information When you register, we collect:
Name, email address, and password
Team or business information (if provided)
Payment information processed securely through Stripe (we do
not store full credit card numbers)
b. Google User Data When you connect your Google account, we access specific Gmail data only
within the scopes you grant:
gmail.send — to send emails on your behalf.
gmail.readonly — to retrieve basic message metadata
for tracking open and delivery status, and to retrieve email
content upon user request.
We do not access or store the full content of your Gmail messages.
We do not read, scan, or analyze the body content of emails beyond
what is necessary to provide the tracking features you've enabled.
c. Usage & Technical Data We automatically collect non-personal data, such as:
IP address and browser type
Device and user-agent information
API call type (e.g., "email send" or "read")
Timestamps, logs, and system performance metrics
Pages visited and features used within the Service
This data helps us monitor service health, detect abuse, ensure
security, and improve the Service.
d. Cookies and Tracking Technologies We use cookies and similar tracking technologies to:
Maintain your logged-in session
Remember your preferences
Analyze usage patterns and improve the Service
Ensure security and prevent fraud
You can control cookies through your browser settings, but disabling
cookies may limit some functionality of the Service.
e. Communications Data When you contact us for support or communicate with us, we collect the
content of those communications and any information you provide.
3. How We Use Information
We use collected data to:
Operate, maintain, and improve the Service
Send and track emails on your behalf
Provide analytics on engagement (opens, clicks, replies)
Maintain account security and prevent abuse
Provide customer support and billing services
Send important updates about the Service, security alerts,
or changes to our policies
Comply with legal obligations
We do not:
Sell, rent, or trade user data to third parties
Use Gmail data for advertising, marketing, or AI training
Share Gmail content with third parties except as described
in Section 11
Use your data for purposes unrelated to providing and
improving the Service
Data obtained via Gmail scopes is used only to provide
user-facing features (email sending, tracking, analytics)
Lunar Send does not sell or transfer Gmail data to any third
party
Lunar Send does not sell or transfer Gmail data to any third
party
Human access to gmail data is prohibited except:
With explicit user consent,
For security or abuse investigations
To comply with legal obligations
To maintain or repair the Service.
Gmail data is not used for advertising, marketing,
profiling, or training machine learning models
OAuth tokens and refresh tokens are securely stored with
encryption and are immediately deleted when you delete your
Lunar Send account
5. Data Retention and Deletion
Account Data
When you delete your account or revoke Google access:
All personal and account data are deleted from active
systems immediately.
OAuth tokens and refresh tokens are immediately revoked and
permanently deleted
Contact lists, campaign data, and analytics are permanently
removed
Log Data
System logs that contain only non-personal metadata (e.g., IP addresses,
timestamps, API call types) are retained for up to 90 days for security,
auditing, and abuse prevention. These logs do not contain names, email
addresses, or message content. When you delete your account or revoke
Google access:
Backup Data
Backup copies are retained for up to 30 days and age out automatically.
Backup data is not manually accessed except for disaster recovery purposes.
Legal Holds
We may retain certain data if required by law, legal process, or to resolve
disputes, but only for as long as necessary.
Encryption in transit (TLS 1.2+) and at rest (AES-256),
Multi-factor authentication for administrative access,
Continuous monitoring and logging, and
Regular vulnerability scanning and patch management
Secure OAuth token storage with encryption
Annual third-party security assessments
For Gmail restricted scopes, Lunar Send undergoes an annual Cloud Application
Security Assessment (CASA) by a Google-approved third-party assessor.
Data Breach Notification In the event of a data breach that compromises your personal information,
we will notify you within 72 hours of discovering the breach via email
to the address associated with your account. The notification will include:
The nature of the breach
The types of information that were compromised
Steps we are taking to address the breach
Recommendations for protecting yourself
We will also report breaches to appropriate authorities as required by
law.
7. Payment Processing
All payments are handled through Stripe, a certified PCI-DSS Level 1
compliant payment processor. Lunar Send does not store full credit
card numbers or sensitive payment data on our servers.
We may store:
Last four digits of your card
Card brand and expiration date
Billing address
Transaction history
8. Third-Party Services and Sub-Processors
We may use limited sub-processors to provide infrastructure,
analytics, hosting, or payment services, including but not limited
to:
Cloud hosting providers (e.g., AWS, Google Cloud)
Payment processing (Stripe)
Email delivery infrastructure
Analytics and monitoring tools
All third-party providers are vetted and bound by equivalent
security and confidentiality obligations. We never share Gmail
message content with these providers except as necessary to provide
the Service (e.g., sending emails through Gmail API).
We do not use third-party advertising networks or sell data to data brokers.
9. User Control and Choices
You can:
View and edit your account data within the Service
Export your data including contact lists and campaign
analytics
Request deletion of your account and associated data by
contacting support@lunarsend.com
Opt out of non-essential emails by using the unsubscribe
link in our emails (note: we may still send transactional or
security-related messages)
Control cookies through your browser settings
Upon deletion, we permanently remove all personal data except for
non-identifiable log records retained for security purposes as
described in Section 5.
California Privacy Rights
If you are a California resident, you have additional rights under the
California Consumer Privacy Act (CCPA):
Right to know what personal information we collect, use, and
disclose
Right to request deletion of your personal information
Right to opt-out of the sale of personal information (note:
we do not sell personal information)
Right to non-discrimination for exercising your privacy
rights
To exercise these rights, contact support@lunarsend.com.
10. Children's Privacy
Lunar Send is intended for users 18 years and older. We do not
knowingly collect or store data from anyone under 18 years of age.
If you believe a minor has provided information to us, please contact
us immediately at support@lunarsend.com and we will promptly delete such
information and terminate the account.
11. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information.
We may disclose information only in the following limited circumstances:
With your consent — when you explicitly authorize us to
share information
Legal compliance — to comply with applicable laws,
regulations, legal processes, or enforceable governmental
requests
Protection of rights — to protect our rights, property, or
safety, or that of our users or the public, including
detecting and preventing fraud, abuse, or security issues
Business transfers — in connection with a merger,
acquisition, bankruptcy, or sale of assets, where the
successor entity is bound by the same privacy obligations.
You will be notified via email of any such transfer
Service providers — with third-party sub-processors as
described in Section 8, under strict confidentiality and
security obligations
We never share any email content for advertising, marketing, or data
brokerage purposes.
12. International Use and Data Transfers
The Lunar Send platform is operated from and intended for users
located in the United States. All data is stored on servers located
in the United States.
If you access the Service from outside the U.S., you do so at your own
discretion and risk. By using the Service, you consent to the transfer
of your information to the United States.
13. Do Not Track Signals
Some browsers include a "Do Not Track" (DNT) feature. Our Service
does not currently respond to DNT signals. We will update this
policy if we implement DNT support in the future.
14. Data Accuracy and Retention
You are responsible for ensuring that the information you provide is
accurate and up to date. You can update your account information at
any time through your account settings.
We retain personal information only for as long as necessary to
provide the Service, comply with legal obligations, resolve
disputes, and enforce our agreements.
15. Changes to This Policy
We may update this Privacy Policy occasionally to reflect changes in
our practices, legal requirements, or Service features.
If we make material changes, we'll notify you by:
Sending an email to the address associated with your
account, at least 30 days before the changes take effect
Displaying a prominent notice within the Service
The "Last Updated" date at the top reflects the current version.
Your continued use of the Service after the effective date
constitutes acceptance of the updated Privacy Policy.
We encourage you to review this Privacy Policy periodically.
16. Contact Information
If you have questions or concerns about these Terms, please contact
us:
Lunar Send Operated by Brandtogo LLC Boston, Massachusetts support@lunarsend.com
17. Compliance Statement
Lunar Send complies with:
Google API Services User Data Policy (Limited Use)
Gmail API Services Terms of Use
California Consumer Privacy Act (CCPA)
U.S. federal and state data protection and privacy laws
Annual CASA security assessment requirements for Gmail
restricted scopes
Payment Card Industry Data Security Standard (PCI-DSS)
through Stripe