Last updated: 19 June 2026
This Privacy Policy explains how [SunSMTP — full legal entity name] ("SunSMTP", "we", "us") collects, uses, shares, and protects information in connection with our managed SMTP and email infrastructure services and our websites at sunsmtp.com and my.sunsmtp.com (the "Service").
By creating an account or using the Service, you agree to this Policy. If you do not agree, please do not use the Service.
When you operate your email-sending application, you may upload subscriber lists and recipient information ("Customer Sending Data"). This data is controlled by you. We process it only as needed to provide and maintain the Service, as described in section 2.
For your account, billing, and setup information, SunSMTP acts as a data controller. For the Customer Sending Data you upload to and send through your infrastructure, you are the data controller and SunSMTP acts as a data processor, processing it on your instructions. You are responsible for having a lawful basis and appropriate consent to send to your recipients. Where required, a separate Data Processing Agreement governs this processor relationship.
Where the GDPR applies, we rely on: performance of a contract (to provide the Service you request); legitimate interests (to secure, improve, and protect the Service and prevent abuse); legal obligation (for example, tax and record-keeping); and consent (for certain communications or cookies, which you may withdraw at any time).
We do not sell your personal information. We share it only with:
A current list of sub-processors is available on request at privacy@sunsmtp.com.
We retain personal information for as long as your account is active and as needed to provide the Service, then for the period required to meet legal, tax, accounting, and security obligations. Setup credentials are retained only as long as necessary to operate your infrastructure and are deleted or rotated when no longer required. You may request deletion as described in section 9.
We use technical and organizational measures appropriate to the risk, including encryption in transit, encryption at rest for sensitive credentials, access controls and least-privilege staff access, audit logging, and network protections. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Your information may be processed in countries other than your own. Where we transfer personal data internationally, we use appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.
Depending on your location, you may have the right to access, correct, delete, or port your personal information; to restrict or object to certain processing; and to withdraw consent. To exercise these rights, contact privacy@sunsmtp.com. You also have the right to lodge a complaint with your local data-protection authority. If you are a California resident, you may have additional rights under the CCPA/CPRA, including the right to know and delete personal information and to opt out of "sale" or "sharing" (we do not sell personal information).
We use strictly necessary cookies to operate the Service (for example, to keep you logged in) and may use analytics or preference cookies. You can control cookies through your browser settings; disabling some cookies may affect functionality.
The Service is not directed to individuals under 18, and we do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.
We may update this Policy from time to time. We will post the updated version with a new "Last updated" date and, where appropriate, notify you. Your continued use of the Service after changes take effect constitutes acceptance.
For privacy questions or requests, contact us at privacy@sunsmtp.com, or by mail at [your registered business address]. [SunSMTP — full legal entity name] is the controller responsible for your personal information.