GDPR & Data Protection Policies
GDPR & Data Protection Policies β How Our Service Handles Customer Data
At mySMTP, we prioritize customer data security and GDPR compliance to ensure your information is handled responsibly. This guide outlines how we process, store, and protect data in line with EU General Data Protection Regulation (GDPR) requirements.
1. What is GDPR and Why Does It Matter?
The General Data Protection Regulation (GDPR) is an EU law that governs how personal data is collected, processed, and stored. It ensures that users have control over their data and mandates strict security measures for companies handling customer information.
πΉ Key GDPR Principles:
β Transparency β Users must know how their data is used.
β Data Minimization β Only necessary data should be collected.
β Security & Confidentiality β Strong protection against unauthorized access.
β Right to Access & Deletion β Users can request access to or deletion of their data.
2. How We Handle Customer Data at mySMTP
β Data Collection & Processing
- We only collect essential information required for email delivery (e.g., email addresses, SMTP credentials, and usage logs).
- Data is never shared with third parties for marketing or advertising.
- All processing aligns with legitimate interest and user consent principles.
β Data Storage & Security Measures
- Customer data is stored on secure, GDPR-compliant servers in the EU.
- Strong encryption (TLS/SSL) is used for data in transit.
- Strict access controls ensure only authorized personnel can view sensitive data.
β Data Retention & Deletion
- We follow minimal data retention policies and automatically delete unnecessary data.
- Customers can request data deletion at any time in compliance with Article 17 (Right to Erasure).
β User Rights & Data Access
Under GDPR, users have full control over their data:
β Right to access β Request details on stored data.
β Right to rectification β Update incorrect information.
β Right to erasure β Request permanent deletion of data.
3. Security Compliance & Best Practices
To maintain GDPR compliance and enhance security, mySMTP implements:
β
Two-factor authentication (2FA) for account security.
β
Regular security audits to prevent vulnerabilities.
β
Logging & monitoring to detect unauthorized access.
4. Contact & Further Information
For GDPR-related inquiries or data requests, contact our
We are committed to privacy, security, and GDPR compliance to ensure your data remains protected at all times.
No questions yet.
CAN-SPAM & Email Compliance
π© CAN-SPAM & Email Compliance β Legal Email Sending Guidelines
When sending marketing or transactional emails, itβs crucial to follow legal frameworks that protect recipients from unwanted or deceptive messages. In the U.S., the CAN-SPAM Act sets the baseline for email compliance. Understanding and following these rules helps you avoid penalties, maintain good sender reputation, and build trust with your audience.
π§Ύ What is the CAN-SPAM Act?
The CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography And Marketing) is a U.S. law passed in 2003 that sets rules for commercial email, establishes requirements for senders, and gives recipients the right to stop receiving emails.
It applies to any commercial emailβnot just bulk emails. That includes promotions, newsletters, offers, and any email with a marketing component.
β Key CAN-SPAM Requirements
To stay compliant, make sure your emails meet the following standards:
1. Donβt Use False or Misleading Header Information
- The "From," "To," and "Reply-To" fields must accurately identify the sender and domain.
- Don't impersonate another individual or business.
2. Donβt Use Deceptive Subject Lines
- Subject lines must reflect the actual content of the message.
- Avoid bait-and-switch tactics.
3. Identify the Message as an Advertisement
- Clearly and conspicuously disclose that the message is an ad or promotional.
- Exceptions: If the recipient has opted in or if the message is transactional.
4. Include a Valid Physical Postal Address
- Every message must contain a real, physical address (e.g., office or PO box).
5. Provide a Clear Way to Opt-Out
- Include an unsubscribe link or mechanism that's easy to find and use.
- Honor opt-out requests within 10 business days.
- You cannot charge a fee or require unnecessary steps to unsubscribe.
6. Monitor What Others Do on Your Behalf
- If you hire a third-party service to send emails, youβre still responsible for compliance.
- Vet your email providers and partners.
π‘ Best Practices Beyond CAN-SPAM
While CAN-SPAM sets the legal minimum, inbox providers like Gmail and Outlook also use reputation-based filtering. To improve deliverability and respect your audience:
- Use confirmed opt-in (double opt-in) when collecting emails.
- Keep a clean and up-to-date list (remove hard bounces and disengaged users).
- Respect local laws (e.g., GDPR, CASL) if sending internationally.
- Avoid spammy formatting (ALL CAPS, too many links, misleading offers).
π What About Other Countries?
CAN-SPAM only covers the U.S. Other countries have their own email laws:
| Country | Law | Key Feature |
|---|---|---|
| Canada | CASL | Requires express opt-in (consent) |
| EU | GDPR + ePrivacy | Strict rules around data collection and consent |
| Australia | Spam Act | Requires consent and opt-out option |
β Quick Compliance Checklist
- Accurate sender info
- Honest subject line
- Clear ad disclosure (if needed)
- Physical address included
- Easy unsubscribe link
- Opt-outs processed promptly
- You're monitoring third-party senders
How to Report Abuse & Spam Complaints
For any abuse or spam complaints origining from the mySMTP sending infrastructure, please use this form