Privacy Policy

Last updated: April 2026

1. Introduction

ByteSMTP ("we", "us", "our") operates the bytesmtp.com email hosting platform. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our service.

2. Data We Collect

Account Information

• Email address used for registration
• Password (stored as a salted cryptographic hash — we never store plaintext passwords)
• Domain names you add to the platform

Service Data

• Email metadata (sender, recipient, subject, timestamps) for mail you send and receive
• Email content stored in your mailboxes on our servers
• DNS records and DKIM keys generated for your domains

Technical Data

• IP addresses used to access the service
• Browser user-agent strings
• Session cookies and authentication tokens
• Server logs including request timestamps and URLs

3. How We Use Your Data

• Provide the service: Deliver, store, and manage your email
• Security: Detect abuse, prevent spam, and protect against unauthorized access
• Analytics: Understand usage patterns to improve the platform
• Communication: Send service-related notices (downtime, security alerts)
• Billing: Process payments for Pro subscriptions via Stripe

4. Third Parties

• Google AdSense: Free-tier users see minimal ads served by Google. Google may use cookies for ad personalization. See Google's Privacy Policy.
• Stripe: Payment processing for Pro subscriptions. Stripe handles all payment card data. See Stripe's Privacy Policy.

We do not sell your personal data to any third party.

5. Cookies

• Session cookies: Essential for authentication and keeping you signed in
• AdSense cookies: Used by Google to serve relevant ads on the free tier. You can manage consent via the cookie banner.

6. Data Retention

We retain your account data and email for as long as your account is active. If you delete your account, we remove your data within 30 days. Server logs are retained for up to 90 days for security purposes.

7. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update inaccurate personal information
• Deletion: Request deletion of your account and all associated data
• Export: Download your emails and account data
• Object: Opt out of non-essential data processing

8. GDPR Compliance

For users in the European Economic Area (EEA), we process personal data under the following legal bases:

• Contract performance: Processing necessary to provide the email service you signed up for
• Legitimate interests: Security, abuse prevention, and service improvement
• Consent: Ad personalization cookies (managed via the consent banner)

You may exercise your GDPR rights by contacting us at the address below.

9. Security

We use industry-standard measures to protect your data, including TLS encryption for data in transit, DKIM/SPF/DMARC for email authentication, encrypted storage, and aggressive IP-based firewall rules.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email.

11. Contact

For privacy-related inquiries, contact us at [email protected].