Welcome to SMTPCloud.io ("we," "us," or "our"). We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our email deliverability infrastructure services.
SMTPCloud.io provides business-to-business (B2B) email infrastructure services, including dedicated SMTP relay servers with professional DKIM, SPF, and DMARC configuration. We help businesses improve their email deliverability rates by providing managed email infrastructure that works alongside existing email platforms.
Our commitment:
We are an EU-based company with servers located exclusively within the European Economic Area (EEA). We are GDPR-compliant by design and take data protection seriously.
We collect only the information necessary to provide, maintain, and improve our services. As a B2B email infrastructure provider, we process different types of data:
2.1 Account and Business Information
When you create an account or subscribe to our services, we collect:
Business name and contact details: Company name, business address, billing information
Account holder information: Full name, email address, phone number
Authentication credentials: Email address and encrypted password
Billing information: Company tax ID, billing address (payment card details are processed securely by our payment processor and not stored on our servers)
2.2 Email Metadata
As an email relay service, we process email metadata to deliver your messages and monitor service quality:
Sender information: From addresses, sender domains, authentication results
Recipient information: To addresses, recipient domains
We do NOT read, scan, or analyze the content of your emails. Our service processes only metadata required for email delivery and service monitoring. Email content remains encrypted and passes through our infrastructure without inspection.
2.3 Usage and Service Data
To maintain service quality and provide analytics, we collect:
Server performance data: Resource utilization, uptime statistics, network metrics
IP reputation data: Blacklist status, sender reputation scores (for your dedicated IPs)
Dashboard activity: Login times, features used, settings configured
2.4 Technical Information
When you access our website and dashboard, we automatically collect:
Device information: Browser type and version, operating system, device type
Connection data: IP address, timezone, network provider
Analytics data: Pages visited, time spent, navigation paths, referral sources
Cookie data: Session identifiers, preferences (see Section 7 for details)
2.5 Communications
When you contact us, we retain:
Support tickets: Your questions, our responses, troubleshooting data
Chat messages: Live chat conversations with our support team
Email correspondence: Messages sent to and from our support addresses
Feedback: Surveys, feature requests, service feedback
3. How We Use Your Information
We use your personal information only for legitimate business purposes related to providing our email infrastructure services:
3.1 Service Provision
Authenticate your access to our platform and dashboard
Route and deliver your emails through our relay infrastructure
Configure and maintain your dedicated IP addresses and domains
Monitor email delivery and troubleshoot delivery issues
Provide technical support and respond to service requests
3.2 Billing and Administration
Process subscription payments and generate invoices
Manage your account and service tier
Verify your identity and prevent fraud
Comply with legal and accounting requirements
3.3 Service Improvement and Analytics
Monitor service performance and uptime
Analyze usage patterns to optimize infrastructure
Identify and fix technical issues
Develop new features based on usage patterns
Maintain and improve deliverability rates
3.4 Communication
Send service notifications and important updates
Respond to support requests and inquiries
Provide information about service changes or outages
Share tips for improving email deliverability (if you opt in)
Send security alerts and account notifications
We do NOT:
✗ Sell your personal data to third parties
✗ Use your data for advertising purposes
✗ Share your data with data brokers
✗ Read or analyze your email content
✗ Use your email lists for our own marketing
4. Data Storage and Security
4.1 Where We Store Your Data
All personal data processed by SMTPCloud.io is stored and processed exclusively within the European Economic Area (EEA). We utilize industry-standard, ISO 27001 certified data centers located within the European Union to ensure maximum security and compliance with GDPR regulations.
We strictly adhere to data sovereignty requirements:
Data Residency: All primary and backup data remains within the EU jurisdiction.
No International Transfers: We do not transfer your personal data to jurisdictions outside the EEA that do not provide an adequate level of data protection.
4.2 How We Protect Your Data
We implement industry-standard security measures:
Technical Safeguards:
Encryption: All data in transit uses TLS/SSL encryption (Let's Encrypt certificates)
Network isolation: Multi-tenant architecture with strict client data separation
Password security: Bcrypt hashing with strong salt for all passwords
Operational Safeguards:
Access control: Limited employee access on need-to-know basis
Monitoring: 24/7 automated monitoring with Telegram alerts for security events
Backups: Regular encrypted backups stored securely in the EU
Updates: Regular security patches and system updates
Logging: Comprehensive audit logs for security analysis
Physical Security:
Our servers are hosted in certified data centers (ISO 27001, SOC 2)
Physical access controls and 24/7 surveillance
Redundant power and network connectivity
Environmental controls and disaster recovery systems
4.3 Data Breach Notification
In the unlikely event of a data breach, we will:
Notify affected users within 72 hours of becoming aware
Inform relevant supervisory authorities as required by GDPR
Provide details about the breach and steps we're taking
Offer guidance on protective measures you can take
5. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We share data only in limited circumstances:
5.1 Service Providers
We work with carefully selected third-party service providers ("Sub-processors") who help us operate our business. These categories include:
Cloud Infrastructure Providers: Secure hosting and computing services located within the EU.
Payment Processors: PCI-DSS compliant gateways for handling subscription billing.
Operational Tools: Services for monitoring, analytics, and customer support.
All service providers are contractually obligated to protect your data and use it only for specified purposes. We maintain Data Processing Agreements (DPAs) with all processors.
5.2 Legal Requirements
We may disclose your information if required by law or legal process:
To comply with court orders, subpoenas, or legal obligations
To protect our rights, property, or safety
To investigate fraud or security issues
To enforce our Terms of Service
We will notify you of legal requests unless prohibited by law.
5.3 Business Transfers
If SMTPCloud.io is involved in a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.
5.4 With Your Consent
We may share your information with third parties when you explicitly consent, such as when you authorize integration with third-party email platforms.
6. Your Rights Under GDPR
As an EU-based company serving customers globally, we provide full GDPR rights to all users:
6.1 Right to Access
You have the right to request a copy of all personal data we hold about you. We will provide this within 30 days in a structured, commonly used format.
6.2 Right to Rectification
You can update or correct your personal information at any time through your dashboard or by contacting us.
6.3 Right to Erasure ("Right to be Forgotten")
You can request deletion of your personal data. We will comply within 30 days unless we have legal obligations to retain certain information.
6.4 Right to Restrict Processing
You can request that we limit how we process your data in certain circumstances, such as while we verify data accuracy.
6.5 Right to Data Portability
You can request your data in a machine-readable format to transfer to another service provider.
6.6 Right to Object
You can object to processing of your data for certain purposes, such as marketing communications.
6.7 Rights Related to Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects.
How to Exercise Your Rights:
Email us at privacy@smtpcloud.io with your request. We will respond within 30 days and verify your identity before processing requests.
7. Cookies and Tracking Technologies
We use minimal cookies to provide essential functionality and improve user experience.
7.1 Essential Cookies
Required for the website and dashboard to function:
Session cookies: Keep you logged in and maintain your session
Authentication tokens: Secure your access to the dashboard
Security cookies: Prevent CSRF attacks and unauthorized access
These cookies are necessary and cannot be disabled without affecting service functionality.
7.2 Analytics Cookies
We use limited analytics to understand how visitors use our website:
Usage analytics: Pages visited, time spent, navigation patterns
Performance monitoring: Load times, errors, user experience issues
We do NOT use third-party advertising cookies or cross-site tracking.
7.3 Managing Cookies
You can control cookies through your browser settings. Note that disabling essential cookies will prevent you from using our dashboard. Analytics cookies can be disabled without affecting functionality.
8. Data Retention
We retain your data only as long as necessary:
8.1 Active Accounts
Account data: Retained while your account is active
Email metadata: Retained for 90 days for delivery monitoring and troubleshooting
Usage statistics: Retained for 12 months for service analysis
Support communications: Retained for 24 months for service quality
8.2 Closed Accounts
When you close your account:
Personal data is deleted within 30 days
Billing records retained for 7 years (legal requirement)
Anonymized statistics may be retained for business analytics
8.3 Legal Holds
We may retain data longer if required by legal obligations or to defend legal claims.
9. International Data Transfers
We do NOT transfer your data outside the European Union. All data processing occurs on EU-based infrastructure:
Servers: Located exclusively within the European Union
Employees: Based in the EU
Sub-processors: EU-based or with Standard Contractual Clauses (SCCs)
This ensures your data benefits from EU data protection standards at all times.
10. Children's Privacy
Our services are designed for businesses, not for use by individuals under 18. We do not knowingly collect information from minors. If you believe we have inadvertently collected data from a minor, contact us immediately at privacy@smtpcloud.io.
11. Third-Party Links
Our website may contain links to third-party websites (e.g., partner services, integrations). We are not responsible for their privacy practices. We recommend reviewing their privacy policies before providing personal information.
12. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we make significant changes:
We will update the "Last Updated" date at the top
We will notify active users via email
We will highlight changes for 30 days on our website
Continued use of our services after changes indicates acceptance of the updated policy.
13. Data Protection Officer
For privacy-related questions or to exercise your GDPR rights:
If you believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with your local data protection authority. As an EU-based company, our lead supervisory authority is determined by our primary establishment location.
15. Summary of Key Points
✓EU-based: All servers and data processing in the European Union
✓GDPR compliant: Full data subject rights for all users
✓Data minimization: We collect only what's necessary
✓No email reading: We process metadata only, not content