Back to homepage

Privacy Policy

Last updated: May 2026

What Data We Collect

When you use the DSMTP website and plugin, we collect:

  • Account information: Email address, full name (if provided), and account creation date.
  • Subscription data: Stripe customer ID, subscription status, plan type, and billing history.
  • License data: Generated license keys, linked WordPress site URLs, site names, and plugin versions.
  • Usage data: License validation requests, site heartbeat timestamps, and feature activation status.

For the WordPress plugin itself, we do not collect:

  • Your SMTP server credentials (these are stored locally in your WordPress database, encrypted with AES-256-CBC).
  • Your email content or form submission data.
  • Your subscriber lists or their personal data.

How We Store Your Data

Your data is stored in our Supabase (PostgreSQL) database, hosted on Supabase's infrastructure. We use industry-standard encryption for data in transit (TLS) and at rest.

SMTP passwords configured within the plugin are encrypted using AES-256-CBC with your WordPress installation's salt keys and stored in your own WordPress database — we never have access to them.

How We Use Your Data

  • To validate license keys and authenticate plugin usage.
  • To manage your subscription and billing via Stripe.
  • To track registered sites for seat limit enforcement.
  • To send transactional emails related to your account (license keys, payment receipts, subscription updates).
  • To communicate product updates and important notices.

We do not sell your personal data to third parties. We do not use your data for advertising or marketing automation beyond direct product communication.

Data Retention

We retain your account data for as long as your subscription is active. After cancellation, we retain essential data for up to 90 days to facilitate reactivation. After 90 days, personal data may be anonymized or deleted, with only aggregate, non-identifying data retained.

Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your personal data (subject to legal obligations).
  • Portability: Request transfer of your data in a machine-readable format.
  • Objection: Object to our processing of your data.

To exercise these rights, contact us at the email address below.

Third-Party Services

ServicePurposeData Shared
SupabaseDatabase and authenticationAccount ID, email, license data
StripePayment processingCustomer ID, subscription details, payment method (we never store card details)
ResendTransactional emailsEmail address for account-related emails

Each service has its own privacy policy governing how they handle your data.

Cookies

This website uses essential cookies only for authentication sessions (Supabase Auth). No tracking cookies, analytics cookies, or third-party marketing cookies are used.

Changes to This Policy

We may update this privacy policy from time to time. Material changes will be notified via email or a notice on our website.

Contact

For privacy-related inquiries, contact: privacy@damiandzik.com