SEMAOS
PricingSign inStart free trial

Privacy Policy

Last updated: 2026-06-10

This policy describes what personal data SEMAOS (operated by DevilDog Lab LLC) collects, why we collect it, and the controls you have over it. We treat the data you trust us with as a liability, not an asset — we collect only what we need to run the product.

Note: Full legal review is in progress. The substance below describes our current practices accurately; the formal language will be tightened with counsel before general availability. If anything here is unclear, write to privacy@semaos.io and we'll get back to you within five business days.

1. Who we are

SEMAOS is a product of DevilDog Lab LLC, a US-registered limited liability company. We're the data controller for account-holder data, and a data processor for the contact records our customers upload or sync through their CRMs.

2. Data we collect

From you (the account holder)

  • Name, email address, and password hash (used for login).
  • Business name + physical mailing address (required by CAN-SPAM for outgoing email footers — see our Terms of Service).
  • Billing information processed by Stripe — we never see or store your card number directly.
  • Optional: WebAuthn passkeys, custom sending domain, time zone.

About your contacts (the recipients of your campaigns)

  • Email addresses, names, and company affiliations you upload or sync.
  • Engagement events — opens, clicks, bounces, unsubscribes.
  • Suppression status — unsubscribes and hard bounces are retained indefinitely to prevent accidental re-sending.

3. How we use the data

  • To send the emails you ask us to send, and to give you the metrics about those sends.
  • To enforce plan limits (send caps, contact caps) and CAN-SPAM compliance.
  • To improve the product — aggregated, non-identifying patterns only. We do not train models on your contact data.
  • To meet legal requirements (subpoenas, retention orders, etc.) — only when required by law.

4. Sharing & subprocessors

We share data only with the subprocessors required to operate the product:

  • AWS — hosts our Lambda functions, Postgres database, SES email infrastructure, and S3 file storage.
  • Stripe — payment processing.
  • Vercel — hosts the marketing and application web layer.

We do not sell personal data, and we do not share it with third parties for their own marketing.

5. OAuth and connected accounts

SEMAOS can connect to your Gmail or Outlook account (via Google and Microsoft OAuth) so that sales emails send from your own address and replies reach your own inbox. Connecting is optional and per-user — you choose to connect on your settings page, and you can disconnect at any time.

If you connect an account, we request only these permissions:

  • Send email (Google gmail.send / Microsoft Mail.Send) — used solely to send the sequence and one-off emails you compose in SEMAOS, on your behalf, from your connected address.
  • Read message headers (Google gmail.metadata / Microsoft Mail.Read) — used solely to detect when a prospect replies to an email SEMAOS sent (via the In-Reply-To header) so your sequence can pause automatically. We do not read, store, or analyze the content of your inbox.
  • Calendar availability and events (Google calendar.readonly + calendar.events / Microsoft Calendars.ReadWrite) — used solely to show your open time slots on booking pages and create the event when a prospect books a meeting.

OAuth tokens are stored encrypted at rest, scoped to your individual user within your tenant, and never shared with any third party. Disconnecting your account in SEMAOS deletes the stored tokens immediately; you can also revoke SEMAOS's access from your Google or Microsoft account security settings, which invalidates the tokens on the provider side. Data obtained through these permissions is retained only as long as needed to provide the features above and is deleted with your account.

SEMAOS's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

6. Cookies

Our marketing site uses a small number of first-party cookies for session continuity and theme preference. We do not use third-party advertising or behavioural-tracking cookies. The cookie notice you see on first visit reflects this; click Got it to dismiss.

7. Your rights

Depending on where you live, you may have rights to access, correct, delete, or export the personal data we hold about you. To exercise any of these, write to privacy@semaos.io. We respond within 30 days and never charge a fee for routine requests.

8. Data retention

Account data: kept while your account is active and for 30 days after deletion, then purged. Suppression records (bounces + unsubscribes): retained indefinitely as required for anti-spam compliance.

9. Security

Data in transit is encrypted with TLS 1.2+; data at rest is encrypted via AWS-managed keys. Tenant data is isolated via row-level security at the database layer — see our public architecture docs for the technical detail.

10. Changes to this policy

Material changes are announced via in-product banner + email to account holders at least 14 days before they take effect. Non-material updates (typos, clarifications) are dated at the top of this page.

11. Contact

Questions, requests, or disputes about how we handle data: privacy@semaos.io. Postal mail to the DevilDog Lab LLC mailing address listed on our About page.

Email marketing automation and sales engagement, in one product.

Product

  • Pricing
  • Start free trial
  • Sign in
  • Blog

Company

  • About
  • A DevilDog Lab LLC product

Legal

  • Privacy Policy
  • Terms of Service

© 2026 DevilDog Lab LLC. All rights reserved.