SMTPlySMTPly

Privacy Policy

1. Privacy at a glance

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. Detailed information on data protection can be found in the privacy policy listed below this text.

Data controller

IT Beratung – Andreas Hähnel
Andreas Hähnel
Neukircher Str. 3
74357 Bönnigheim
Germany
Phone: +49 7141 1338333
Email: mail@hpn.io

Special note: the SMTPly software itself transmits no data

This privacy policy applies to the website smtply.hpn.io. The SMTPly software itself, which you install on your Windows server, operates exclusively locally and transmits no email contents or telemetry to the manufacturer. The only external connection made by the software is between your server and Microsoft Graph — within your existing Microsoft 365 contractual relationship.

2. General information and mandatory notices

Your rights

You have the right, at any time and free of charge, to obtain information about the origin, recipient and purpose of your stored personal data. You also have the right to have this data corrected or deleted. You can contact us at any time at the address provided in the imprint for this purpose and for further questions on data protection. Additionally, you have the right to lodge a complaint with the responsible supervisory authority.

Right to object (Art. 21 GDPR)

Where processing is based on legitimate interest (Art. 6 para. 1 lit. f GDPR), you have the right to object at any time for reasons arising from your particular situation.

SSL/TLS encryption

For security reasons and to protect the transmission of confidential content, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the browser's address bar switching from "http://" to "https://".

3. Data collection on this website

Server log files and hosting (Cloudflare Pages)

This website is hosted as Cloudflare Pages with Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA). The provider automatically collects and stores information in so-called server log files that your browser automatically transmits:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources. The collection of this data is based on Art. 6 para. 1 lit. f GDPR — legitimate interest in the technically error-free presentation and security of our systems.

A data processing agreement has been concluded with Cloudflare. Cloudflare is certified under the EU standard contractual clauses and has joined the EU-US Data Privacy Framework.

Contact by email or phone

If you contact us by email or phone, your information including all personal data resulting therefrom (name, email address, phone number, request) will be stored and processed by us for the purpose of handling your request.

The legal basis is Art. 6 para. 1 lit. b GDPR (fulfillment of pre-contractual measures or performance of a contract) or Art. 6 para. 1 lit. f GDPR (legitimate interest in processing your request).

We store your request including all personal data derived from it until you request deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory statutory retention periods — in particular commercial and tax laws — remain unaffected.

4. Payment processing and license sales

We use Polar (Polar Software AB, Stockholm, Sweden) as Merchant of Record for payment and license issuance. When you click "Buy license", you will be redirected to the Polar checkout page. There you enter your payment details directly with Polar — we never have access to full credit card numbers or bank details.

From Polar we receive only the data necessary for license issuance (name, email address, billing address, VAT ID where applicable, license key). Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance) and Art. 6 para. 1 lit. c GDPR in conjunction with statutory retention obligations under commercial and tax law.

Polar is an EU-based provider headquartered in Sweden; data processing takes place primarily within the EU. Polar privacy policy: polar.sh/legal/privacy.

5. License activation within the SMTPly software

When you activate a license key in the SMTPly software, the software validates the key against Polar's public customer-portal endpoint. The following is transmitted:

  • The license key you entered
  • A hardware ID (SHA-256 hash) derived from CPU and motherboard identifiers, used as the activation label
  • Our hardcoded Polar organisation ID (public)

This data is used solely for license validation. After successful activation, the software periodically checks (up to 30 days offline grace) whether the key is still valid. No email contents, logs or configuration data are transmitted to Polar or the manufacturer.

6. Contact form (Formspree)

The contact form on this website uses Formspree (Formspree, Inc., San Francisco, CA, USA). When you submit the form, the data you enter (name, email address, topic, message) is transmitted via HTTPS to Formspree and forwarded to our email address.

Formspree stores your data temporarily for delivery purposes. No Formspree account is created for you. The legal basis is Art. 6 para. 1 lit. b GDPR (processing your request) or Art. 6 para. 1 lit. f GDPR (legitimate interest in a structured contact channel). Formspree privacy policy: formspree.io/legal/privacy-policy.

7. Software download (GitHub)

The SMTPly installer is hosted on GitHub (GitHub, Inc., 88 Colin P Kelly Jr Street, San Francisco, CA 94107, USA; a Microsoft company). When you download the installer, your browser connects directly to GitHub's servers. GitHub processes technically necessary data such as IP address, timestamp and browser user agent in accordance with the GitHub Privacy Statement. The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in reliable software delivery).

8. No cookies, no tracking, no ad networks

This website sets no cookies, uses no analytics tool, and embeds no advertising networks or social media plugins. No profiling takes place.

9. External links

The website contains links to external pages (e.g. Microsoft documentation, Polar checkout, GitHub releases, imprint reference). When you follow these links, you leave the scope of this privacy policy. The respective privacy policies of the operators apply to data processing on the target pages.

10. Changes to this privacy policy

We reserve the right to adapt this privacy policy occasionally so that it always meets current legal requirements or to reflect changes in our services. On your next visit, the new privacy policy will apply.

Last updated: April 2026