Privacy Policy
Last updated: April 17, 2026WPMailTester.com ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, why we collect it, and how it is handled.
1. Information We Collect
When you use WP Mail Tester, we may collect the following:
- Email headers and metadata from your test email — including From address, sending domain, DKIM signature, and message headers. We do not store the body content of your test email after the audit is processed.
- Email address if you create an account or request a report by email.
- Name if provided during account registration.
- Payment information for paid services — processed and stored securely by our payment provider (Paddle). We do not store full card details on our servers.
- IP address — stored only as a one-way SHA-256 hash for rate limiting purposes. Your raw IP address is never stored or logged permanently.
- Usage data — basic server logs including browser type and pages visited, used for debugging and service improvement.
2. How We Use Your Information
- To run your email deliverability audit and generate your report
- To send you transactional emails such as your audit report, email verification, and account notifications
- To process payments and manage your subscription
- To send monitoring alerts and reports if you are a monitoring subscriber
- To enforce rate limits on free audit usage
- To improve our service and diagnose technical issues
- To comply with legal obligations
We do not use your data for advertising, profiling, or marketing purposes. We will not send you unsolicited promotional emails.
3. Data Retention
We retain your data only as long as necessary to provide the service or meet legal obligations. You may request deletion of your data at any time by contacting us — see Section 6 for how.
| Data Type | Retention Period |
|---|---|
| Email body content | Deleted immediately after audit processing — never stored |
| IP address hash | 24 hours (rate limiting only) |
| Audit results — anonymous users | 14 days, then automatically deleted |
| Audit results — registered free accounts | 60 days, then automatically deleted |
| Audit results — paid monitoring subscribers | 12 months, or until account deletion |
| Account information (name, email) | Retained while account is active; deleted 30 days after account closure |
| Payment transaction records | 7 years (legal and tax compliance) |
4. Data Sharing
We do not sell your personal data to any third party. We share data only where necessary to operate the service:
- Paddle — our payment processor. Handles billing and subscription management. Subject to their own privacy policy.
- Resend — our transactional email provider. Used to send verification emails, audit reports, and account notifications. Only your email address and name are shared.
- HetrixTools — your domain name (not your personal details) is checked against their blacklist monitoring database as part of the audit.
- Law enforcement or regulatory bodies — only if required by applicable law or a valid legal process.
5. Cookies
We use only essential session cookies required for the service to function — for example, to keep you logged in to your account. We do not use advertising cookies, cross-site tracking cookies, or third-party analytics. If we introduce analytics in the future, we will update this policy and display an appropriate notice.
6. Your Rights & Data Deletion
Depending on your location, you may have the right to access, correct, or delete the personal data we hold about you, as well as the right to object to or restrict certain types of processing.
To exercise any of these rights:
- Registered account holders can delete their account and all associated audit data directly from the My Account dashboard.
- For all other requests — including data access or erasure — please contact us via our contact page. We will respond within 30 days.
7. Security
We take reasonable steps to protect your data, including HTTPS encryption for all data in transit, hashed storage of IP addresses, access controls on our servers, and restricted access to production systems. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
8. Children's Privacy
Our service is intended for website owners and developers aged 18 and over. We do not knowingly collect personal data from children under 13. If you believe a child has submitted data to us, please contact us and we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered account holders of significant changes by email. The "Last updated" date at the top of this page will always reflect the most recent version.
10. Contact
For privacy questions, data access requests, or deletion requests, please use our contact page.