Legal

Privacy Policy

Last updated: 14 June 2026Effective: 14 June 2026

This policy applies to Resent by Agentraa, a product of Lyca Technologies (Private) Limited.

Summary

  • We do not sell your data to anyone, ever.
  • We do not read or store your email bodies — only a 500-character preview for your own logs.
  • All infrastructure is in the EU. Your data doesn't leave Europe unless you choose a US region.
  • You can request deletion of your account and data at any time.

1. Introduction

This Privacy Policy explains how Agentraa ("we", "us", "our"), the company behind Resent by Agentraa ("Resent", "the Service"), collects, uses, stores, and shares information about you when you access or use our website (agentraa.com) and our email infrastructure platform.

We take your privacy seriously. This policy is written in plain language so you understand exactly what we do with your data — and what we don't do.

By using Resent by Agentraa, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Who We Are

Resent by Agentraa is a product of Agentraa, a private limited company. We operate the Resent by Agentraa platform, which provides transactional email infrastructure to developers and businesses.

For the purposes of applicable data protection laws, Agentraa is the data controller for personal data collected through the Service.

You can contact us regarding privacy matters at: privacy@agentraa.com

Registered address: Agentraa

3. Information We Collect

3.1 Account Information

  • ·Full name and email address when you register
  • ·Company name (optional)
  • ·Billing information (processed securely via our payment provider — we do not store full card numbers)
  • ·Password (stored as a one-way bcrypt hash — we cannot recover it)

3.2 Usage Data

  • ·API requests made to the Service (endpoint, timestamp, response code)
  • ·IP addresses used to access the API and dashboard
  • ·Browser type, operating system, and referrer URL when you visit our website
  • ·Email sending statistics (volume, delivery rates, bounce rates)
  • ·Error logs for debugging purposes

3.3 Email Metadata

  • ·Sender address, recipient addresses, subject line, and tags for emails sent through the Service
  • ·Delivery status, bounce codes, and complaint flags per recipient
  • ·A short body preview (up to 500 characters) stored for log display purposes — we do not store full email bodies
  • ·Timestamps for queue entry, processing, and delivery

3.4 Domain and DNS Data

  • ·Domain names you register with the Service
  • ·DNS verification tokens and verification attempt timestamps
  • ·DKIM public keys and Cloudflare record identifiers

3.5 Support Communications

  • ·Messages you send to us via the contact form or by email
  • ·Any attachments or screenshots you include in support requests

4. How We Use Your Information

We use the information we collect strictly to operate and improve the Service. Specifically:

  • ·To create and manage your account and authenticate your identity
  • ·To process and deliver emails you send through the Service
  • ·To enforce plan limits, rate limits, and quota controls
  • ·To detect and prevent abuse, spam, and policy violations
  • ·To maintain the suppression list and protect recipient addresses from unwanted mail
  • ·To send you transactional communications about your account (password resets, plan changes, suspension notices)
  • ·To respond to your support requests and inquiries
  • ·To analyse aggregate usage patterns and improve the Service
  • ·To comply with legal obligations

We do not sell your data. We do not use your email content for advertising. We do not share your data with third parties for their marketing purposes.

6. Data Sharing and Disclosure

We share your data only in the following limited circumstances:

6.1 Service Providers

  • ·Amazon Web Services (SES) — email delivery infrastructure, subject to AWS's privacy policy
  • ·Mailgun (Sinch) — fallback email delivery provider
  • ·Brevo — secondary fallback email delivery provider
  • ·Cloudflare — DNS management and DDoS protection
  • ·Hetzner Online GmbH — server hosting in the EU (Frankfurt and Helsinki)
  • ·MongoDB Atlas — database hosting (EU region)

6.2 Legal Requirements

  • ·We may disclose your information if required to do so by law or in response to a valid court order, subpoena, or government request
  • ·We may disclose information to protect the rights, property, or safety of Lyca Technologies, our users, or the public

6.3 Business Transfers

  • ·If Lyca Technologies is involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy

We do not sell, rent, or trade your personal data to any third party.

7. Data Retention

We retain your data for as long as your account is active and for a reasonable period thereafter. Specific retention periods:

  • ·Account data — retained for the life of your account plus 90 days after deletion
  • ·Email logs — 7 days (Free plan), 30 days (Pro plan), 90 days (Enterprise plan) — automatically deleted via TTL index
  • ·Daily usage counters — 35 days
  • ·Suppression list entries — indefinitely (to protect recipients from repeated unwanted mail)
  • ·API keys — stored as SHA-256 hashes; raw keys are never stored and cannot be recovered
  • ·Support communications — 2 years
  • ·Billing records — 7 years (legal requirement)

You may request deletion of your account and associated data at any time by contacting us at privacy@agentraa.com. We will action deletion requests within 30 days.

8. Security

We implement industry-standard security practices to protect your data. These include:

  • ·All data in transit is encrypted using TLS 1.2 or higher
  • ·Passwords are hashed using bcrypt with a cost factor of 12 — we cannot retrieve your plain-text password
  • ·API keys are stored as SHA-256 hashes — the raw key is shown only once and cannot be recovered
  • ·JWT tokens are blocklisted in Redis immediately upon logout
  • ·All infrastructure is hosted within the EU with strict access controls
  • ·Database access is restricted to application servers via private networking
  • ·We monitor for anomalous access patterns and abuse

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. Please notify us immediately at security@agentraa.com if you suspect a breach.

9. Your Rights

Depending on your location, you may have the following rights with respect to your personal data:

  • ·Right of access — request a copy of the personal data we hold about you
  • ·Right to rectification — request correction of inaccurate or incomplete data
  • ·Right to erasure — request deletion of your personal data (subject to legal retention requirements)
  • ·Right to restriction — request that we limit how we process your data
  • ·Right to data portability — receive your data in a structured, machine-readable format
  • ·Right to object — object to processing based on legitimate interests
  • ·Right to withdraw consent — where processing is based on consent, withdraw it at any time
  • ·Right to lodge a complaint — with the relevant data protection supervisory authority in your jurisdiction

To exercise any of these rights, contact us at privacy@agentraa.com. We will respond within 30 days. We may need to verify your identity before actioning a request.

10. Cookies and Tracking

Our website uses a minimal set of cookies necessary to operate the Service. We do not use advertising cookies, tracking pixels, or third-party analytics that share your data with advertisers.

  • ·Session cookies — to keep you logged in during a browser session
  • ·Authentication tokens — stored in secure, httpOnly cookies to maintain your login state
  • ·Preference cookies — to remember your display preferences (if any)

We do not use Google Analytics, Meta Pixel, or similar third-party tracking scripts on our platform dashboard. Our marketing website may use privacy-respecting analytics that do not identify you individually.

11. Children's Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us at privacy@agentraa.com and we will delete it promptly.

12. International Data Transfers

Our infrastructure is hosted in the EU (Frankfurt and Helsinki). If you access the Service from outside the EU, your data may be transferred to and processed in countries with different data protection laws than your own.

When we use sub-processors located outside the EU/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable laws. When we make material changes, we will:

  • ·Update the 'Last Updated' date at the top of this page
  • ·Notify registered users via email at least 14 days before the changes take effect
  • ·Display a prominent notice on the dashboard for 30 days after the change

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

Agentraa

Product: Resent by Agentraa

Email: privacy@agentraa.com

Agentraa

© 2026 Lyca Technologies (Private) Limited. All rights reserved.