Effective Date: May 31st, 2025
Last Updated: April 16, 2025
NotificationAPI ("we", "us", or "our") provides software and APIs that enable businesses to send notifications via email, SMS, in-app, and other channels. We respect your privacy and are committed to protecting personal information we collect and process. This Privacy Policy explains how we collect, use, share, and protect your information.
Customers & Developers: Individuals and businesses that use NotificationAPI directly.
End-Users: Individuals who receive notifications sent through NotificationAPI by our customers.
We collect the following categories of personal data:
Account Information
Full name
Email address
Company name
Job title
Phone number
Billing and payment details
Technical and Usage Information
IP address
Browser type, OS, and device info
Time zone, session time, referral URLs
Actions taken on our platform (e.g., API calls, dashboard activity)
Unique identifiers and cookies (see Cookie Policy for details)
Communications
Support requests, emails, and survey responses
Our customers may provide or generate the following data through use of our service:
Contact and Communication Data
Email address
Phone number
Message content
Delivery and Engagement Data
Message delivery status
Open and click events
IP address, device, and browser data
Timestamps of interactions
Note: Customers are responsible for obtaining appropriate consent or legal basis to collect and process this information. If sensitive personal data is transmitted, customers must ensure compliance with applicable laws (e.g., HIPAA, GDPR).
We use personal information to:
Provide, maintain, and improve our services
Authenticate users and secure accounts
Process payments and manage subscriptions
Analyze usage and performance metrics
Communicate updates, support, or marketing (where allowed)
Ensure legal and regulatory compliance
We do not sell personal information. We may share data with:
Service Providers: Infrastructure (e.g., AWS), communication (e.g., SendGrid, Twilio), analytics, billing, and customer support tools
Legal Authorities: When required by law or to protect rights and safety
Business Transfers: In connection with mergers, acquisitions, or asset sales
A list of subprocessors is available at our Security Hub.
We retain personal information as long as necessary to provide our services and meet legal obligations. Customers may request deletion or export of their data at any time.
We implement a range of technical and organizational measures to protect personal information, including:
Data encryption in transit and at rest
Access controls and role-based permissions
Audit logging and anomaly detection
Secure software development practices
Regular security assessments and vulnerability testing
We are SOC 2 Type II compliant, reflecting our commitment to industry best practices around data protection, availability, and confidentiality. For more information, please visit our Security Hub.
Depending on your jurisdiction, you may have rights including:
Access to your data
Correction of inaccurate data
Deletion (right to be forgotten)
Portability of your data
Objection or restriction to processing
To exercise these rights, email privacy@notificationapi.com or submit a request via our contact form.
We act as:
A Controller for personal data collected directly from our users
A Processor for data our customers transmit to us for sending notifications
Legal bases for processing include:
Performance of a contract
Legitimate interest
Legal obligation
Consent (where applicable)
We have appointed representatives under Article 27 of the GDPR:
EU Representative
Rickert Rechtsanwaltsgesellschaft mbH
– NotificationAPI Software Inc –
Colmantstraße 15
53115 Bonn, Germany
UK Representative
Rickert Services Ltd UK
– NotificationAPI Software Inc –
PO Box 1487
Peterborough
PE1 9XX, United Kingdom
We do not sell personal information. California residents may:
Request access to the categories of personal information collected
Request deletion of personal information
Opt out of data sharing
To exercise these rights, contact privacy@notificationapi.com or use our contact form.
NotificationAPI processes data on behalf of its customers. Customers are responsible for ensuring that any personal or sensitive data they send through our platform is collected and processed in compliance with applicable data protection laws. This includes obtaining all necessary consents and providing required notices to end-users.
By using our services, customers acknowledge that they are the data controllers with respect to their end-users' data, and NotificationAPI acts solely as a data processor under their instructions.
Our services are not directed to children under the age of 13 (or 16 where applicable under local law), and we do not knowingly collect personal information from children. If we become aware that a child has submitted personal data to us, we will take steps to delete such information promptly.
NotificationAPI is based in Canada, which is recognized by the European Commission as providing an adequate level of data protection under GDPR. Data may also be processed in the United States or other jurisdictions. Where required, we use Standard Contractual Clauses (SCCs) or similar safeguards to ensure lawful data transfers.
We may update this Privacy Policy from time to time. We'll notify users of significant changes and post the updated version on our website.
Contact Form: Click Here
Email: privacy@notificationapi.com
Mailing Address:
NotificationAPI
170 Water St., #0200
St. John's, NL A1C 1A9
Canada