Privacy Policy
Last updated: May 2026
What Data We Collect
When you use the DSMTP website and plugin, we collect:
- Account information: Email address, full name (if provided), and account creation date.
- Subscription data: Stripe customer ID, subscription status, plan type, and billing history.
- License data: Generated license keys, linked WordPress site URLs, site names, and plugin versions.
- Usage data: License validation requests, site heartbeat timestamps, and feature activation status.
For the WordPress plugin itself, we do not collect:
- Your SMTP server credentials (these are stored locally in your WordPress database, encrypted with AES-256-CBC).
- Your email content or form submission data.
- Your subscriber lists or their personal data.
How We Store Your Data
Your data is stored in our Supabase (PostgreSQL) database, hosted on Supabase's infrastructure. We use industry-standard encryption for data in transit (TLS) and at rest.
SMTP passwords configured within the plugin are encrypted using AES-256-CBC with your WordPress installation's salt keys and stored in your own WordPress database — we never have access to them.
How We Use Your Data
- To validate license keys and authenticate plugin usage.
- To manage your subscription and billing via Stripe.
- To track registered sites for seat limit enforcement.
- To send transactional emails related to your account (license keys, payment receipts, subscription updates).
- To communicate product updates and important notices.
We do not sell your personal data to third parties. We do not use your data for advertising or marketing automation beyond direct product communication.
Data Retention
We retain your account data for as long as your subscription is active. After cancellation, we retain essential data for up to 90 days to facilitate reactivation. After 90 days, personal data may be anonymized or deleted, with only aggregate, non-identifying data retained.
Your Rights (GDPR)
If you are located in the European Economic Area, you have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your personal data (subject to legal obligations).
- Portability: Request transfer of your data in a machine-readable format.
- Objection: Object to our processing of your data.
To exercise these rights, contact us at the email address below.
Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Database and authentication | Account ID, email, license data |
| Stripe | Payment processing | Customer ID, subscription details, payment method (we never store card details) |
| Resend | Transactional emails | Email address for account-related emails |
Each service has its own privacy policy governing how they handle your data.
Cookies
This website uses essential cookies only for authentication sessions (Supabase Auth). No tracking cookies, analytics cookies, or third-party marketing cookies are used.
Changes to This Policy
We may update this privacy policy from time to time. Material changes will be notified via email or a notice on our website.
Contact
For privacy-related inquiries, contact: privacy@damiandzik.com