Privacy Policy for Smailpro Users
1. Introduction
SmailPro ("we", "us", "our", "Company") is committed to protecting your privacy. This Privacy Policy explains what information we collect when you use our website at https://smailpro.com, browser extensions, mobile applications, and REST API (collectively, the "Service"), how we use it, how long we keep it, and what rights you have over it.
The short version: SmailPro is designed around privacy by default. We collect the minimum data necessary to operate the Service. We do not sell, rent, or broker your personal information to third parties for commercial purposes. Our architecture enforces privacy through data absence — we cannot disclose data we do not possess.
Any capitalized terms not defined in this Policy have the meanings given in our Terms of Service.
2. Who We Are & How to Contact Us
SmailPro
Website: https://smailpro.com
General & privacy inquiries: support@smailpro.com
Data protection matters: privacy@smailpro.com
Abuse & illegal content: abuse@smailpro.com
For GDPR-specific requests (access, erasure, portability), contact us at privacy@smailpro.com with the subject line "GDPR Request — [Request Type]".
3. How the Service Works — Privacy Implications
Understanding SmailPro's architecture is essential to understanding this Privacy Policy.
3.1 The Proxy Model (Gmail & Outlook Addresses)
When you use a temporary Gmail or Outlook address, SmailPro does not store your emails on its own servers. Instead:
- SmailPro accesses a pool of Gmail/Outlook accounts maintained on Google LLC and Microsoft Corporation infrastructure.
- When you open an inbox, SmailPro establishes a temporary IMAP connection and fetches incoming messages to display in your browser.
- Message content is not retained on SmailPro servers after your session ends.
- SmailPro does not re-encrypt email content — messages remain subject to Google's and Microsoft's own encryption and data handling practices.
- Email content lives on Google/Microsoft infrastructure and is governed by their respective Terms of Service and Privacy Policies.
What this means for you: SmailPro cannot be compelled to produce email content that it does not store. If confidential communication is your goal, note that Google and Microsoft can access messages on their own infrastructure. For sensitive communications, use an end-to-end encrypted service such as ProtonMail.
3.2 Regular Domain Addresses
For temporary addresses on SmailPro-operated domains (e.g. storegmail.net, smser.net), emails are received and temporarily cached on SmailPro servers for display purposes, then deleted according to the auto-purge schedule in Section 6.
3.3 Billing Email vs. Temporary Inbox
Your billing email address (provided during Premium subscription) is processed exclusively for payment and account management. It is:
- Never used as or linked to any temporary inbox address you use as the product.
- Never shared with advertising or marketing third parties.
- Never correlated with your inbox usage patterns or the email addresses you generate.
These two data streams are architecturally separated and kept in isolated systems.
4. Information We Collect
4.1 Information You Provide
| Data | When Collected | Purpose |
|---|---|---|
| Billing email address | Premium subscription sign-up | Payment processing, account management, support |
| Payment information | Subscription purchase | Processed by our payment processor; SmailPro does not store raw card data |
Free users: No personal information is required to use SmailPro's core features. No registration, no name, no email.
4.2 Information Collected Automatically
| Data | Retention | Purpose |
|---|---|---|
| Session identifiers (temporary) | Active session only — purged on session end | Route requests to the correct inbox assignment |
| Browser type & version | Not stored persistently | Service compatibility |
| General geographic region (country-level, derived from IP) | Not stored | Display relevant content; detect abuse patterns |
| IP address | Not logged or stored | See Zero-Log Policy, Section 5 |
| Email content (inbox messages) | Active session only — see Section 6 | Display messages to you |
4.3 Cookies & Local Storage
SmailPro uses the following:
| Type | Purpose | Duration |
|---|---|---|
| Session cookies | Maintain your active inbox session | Session duration only |
| Local storage (browser) | Free plan: store email history (up to 50 entries) locally on your device | Until you clear browser data |
| Preference cookies | Remember UI preferences (e.g. theme, language) | 12 months |
We do not use:
- Third-party advertising cookies
- Cross-site tracking pixels
- Social media tracking (Facebook Pixel, Google Analytics with User-ID, etc.)
- Fingerprinting scripts
You can disable cookies in your browser settings. Disabling session cookies will prevent core Service functionality.
4.4 API Users
If you access the Service via the REST API using an API key obtained from https://my.sonjj.com, we log API request metadata (endpoint called, response code, timestamp) for rate limiting, abuse detection, and billing purposes. API request metadata is retained for a maximum of 90 days.
5. Zero-Log Policy
SmailPro does not log or store the following:
- IP addresses — your IP is used to route your connection but is not recorded to persistent storage.
- Email content — the content of emails you receive through the Service is not logged, indexed, or retained after session end.
- Reading behaviour — which emails you open, how long you view them, or what links you click within emails are not tracked.
- User activity profiles — SmailPro cannot and does not build behavioural profiles associating your browsing activity with a persistent identity.
- Link between billing identity and inbox usage — your subscription identity (billing email) is not connected to the temporary addresses you generate or the emails you receive.
Architectural enforcement: This is not merely a policy commitment — our system is built so that the above data is never written to persistent storage in the first place. We cannot disclose data we do not hold.
6. Auto-Purge Schedule
| Plan | Email History Storage | Auto-Purge Trigger |
|---|---|---|
| Free | Browser local storage (device only) | Immediately when you create a new address; when you clear browser cache |
| Premium | SmailPro encrypted cloud storage (up to 500 emails) | When you manually delete; when account is cancelled; maximum 90 days after last access |
| All plans | Session/connection data | Immediately on session end |
| All plans | Inbox message cache (regular domains) | Immediately on session end or address change |
No backups: Purged data is not backed up. Recovery after purge is impossible, even for SmailPro staff.
7. How We Use Your Information
We use the information we collect solely for the following purposes:
| Purpose | Legal Basis (GDPR) | Data Used |
|---|---|---|
| Providing the Service | Contract performance (Art. 6(1)(b)) | Session identifiers, inbox assignment |
| Processing subscription payments | Contract performance (Art. 6(1)(b)) | Billing email, payment data |
| Fraud prevention & abuse detection | Legitimate interests (Art. 6(1)(f)) | API logs, general geographic region |
| Legal compliance | Legal obligation (Art. 6(1)(c)) | As required by applicable law |
| Service improvement (aggregate, non-personal) | Legitimate interests (Art. 6(1)(f)) | Anonymised usage statistics only |
We do not use your data for:
- Targeted advertising
- Sale or rental to data brokers or marketing companies
- Training AI or machine learning models
- Any purpose other than those listed above
8. Information Sharing & Third Parties
SmailPro does not sell, trade, or rent your personal information.
We share information only in the following limited circumstances:
8.1 Payment Processors
Your payment information is processed by authorized payment processors (e.g. Paddle, PayPal, cryptocurrency gateways). These processors receive only the data necessary to complete your transaction and are bound by their own privacy policies and PCI-DSS compliance obligations. SmailPro does not store raw payment card data.
8.2 Infrastructure Providers (Gmail/Outlook Proxy)
As described in Section 3.1, SmailPro accesses Google and Microsoft infrastructure as part of the Gmail and Outlook proxy model. Google and Microsoft receive connection requests from SmailPro's systems. Email content stored on their servers is subject to their own privacy policies:
- Google Privacy Policy: https://policies.google.com/privacy
- Microsoft Privacy Statement: https://privacy.microsoft.com
8.3 Legally Required Disclosure
We may disclose information if required by a valid legal process (subpoena, court order, government request). However:
- Given our zero-log architecture, the information available to us is extremely limited.
- We will notify you of any such request to the extent permitted by law.
- We will contest requests we believe to be overly broad or legally improper.
8.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via the Service or your billing email prior to any such transfer and inform you of any choices you may have.
9. Data Retention
| Category | Retention Period |
|---|---|
| Billing email & subscription records | Duration of subscription + 3 years (tax/accounting obligations) |
| Payment transaction records | 7 years (statutory financial record-keeping) |
| API request logs | Maximum 90 days |
| Session & inbox data | Session duration only (see Section 6) |
| Support correspondence | 2 years from last communication |
When retention periods expire, data is securely deleted from our systems.
10. Security
We implement industry-standard technical and organisational measures to protect your data:
- Encryption in transit: All connections to SmailPro use HTTPS/TLS 1.2 or higher.
- Encryption at rest: Premium cloud-stored email history is encrypted at rest using AES-256.
- Access controls: Access to production systems is restricted to authorised personnel on a need-to-know basis.
- No password storage: For Gmail/Outlook proxy access, SmailPro uses secure authentication methods. User-facing account passwords (for Premium accounts) are stored as one-way salted hashes.
No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we minimise risk through architectural design — the less data we hold, the less that can be exposed.
11. Your Privacy Rights
11.1 Rights Under GDPR (European Economic Area & UK Users)
If you are located in the EEA or United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) and UK GDPR:
| Right | Description |
|---|---|
| Right of Access | Request a copy of the personal data we hold about you. |
| Right to Rectification | Request correction of inaccurate personal data. |
| Right to Erasure ("Right to be Forgotten") | Request deletion of your personal data where we have no lawful basis to retain it. Note: our auto-purge system means most data is already deleted; the primary data remaining is your billing email and subscription record. |
| Right to Restriction of Processing | Request that we limit how we use your data in certain circumstances. |
| Right to Data Portability | Receive your personal data in a structured, machine-readable format (where processing is based on consent or contract). |
| Right to Object | Object to processing based on legitimate interests. |
| Right not to be subject to automated decision-making | We do not use solely automated decision-making with legal or similarly significant effects. |
To exercise any of these rights, contact privacy@smailpro.com with subject "GDPR Request — [Right Type]". We will respond within 30 days. We may request identity verification before processing your request.
If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.
11.2 Rights Under CCPA (California Residents)
If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:
| Right | Description |
|---|---|
| Right to Know | Know what personal information we collect, use, disclose, and sell. |
| Right to Delete | Request deletion of your personal information, subject to certain exceptions. |
| Right to Opt-Out of Sale | SmailPro does not sell personal information. No opt-out is necessary. |
| Right to Non-Discrimination | We will not discriminate against you for exercising your CCPA rights. |
To submit a CCPA request, contact privacy@smailpro.com with subject "CCPA Request". We will respond within 45 days.
11.3 Other Jurisdictions
We respect privacy rights under applicable laws in other jurisdictions. Contact privacy@smailpro.com with your request and applicable jurisdiction.
12. Children's Privacy
SmailPro is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without verifiable parental consent, we will delete it immediately. If you believe we have collected data from a child, contact us at privacy@smailpro.com.
13. International Data Transfers
SmailPro operates from Vietnam. By using the Service, users outside Vietnam consent to the transfer and processing of their data in Vietnam and on the infrastructure of third-party providers (Google, Microsoft) located in various countries worldwide.
For EEA/UK users: Where we transfer personal data outside the EEA/UK, we rely on appropriate transfer mechanisms (Standard Contractual Clauses or adequacy decisions) to ensure your data receives equivalent protection.
14. Changes to This Privacy Policy
We may update this Privacy Policy periodically. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page.
- Post a notice on the website.
- For Premium subscribers: send a notification to your billing email address.
Your continued use of the Service after the effective date of any changes constitutes acceptance of the revised Policy. If you disagree with changes, you may cancel your subscription and discontinue use.
15. Contact & Complaints
For any privacy-related questions, requests, or concerns:
Email: privacy@sonjj.com
General support: support@sonjj.com
Website: https://smailpro.com
We are committed to resolving privacy complaints promptly. If you are not satisfied with our response, you may escalate to your relevant data protection authority.
This Privacy Policy supersedes all prior versions, including the Privacy Policy dated January 13, 2020. Last updated: April 16, 2026.