SMTP Tester ("we", "us", or "the service") provides a free online tool to test and verify SMTP servers. This Privacy Policy explains what information the service does and does not handle when you use it at smtptester.org. By using the service you agree to the practices described here.
What we do not collect
We do not require an account, and we do not ask for your name, address, or any personal profile to use the tool. Most importantly:
- SMTP credentials are never stored on our servers. The username and password you enter are used only to connect to the SMTP server you specify, for the duration of a single test, and are then discarded.
- We do not sell, rent, or share the contents of your tests with third parties.
- We do not write your credentials to a database, because the service has no database.
Information processed when you run a test
When you submit a test, your browser sends the connection details (host, port, security mode, optional credentials, and the From/To addresses) to our server over an encrypted HTTPS connection. The server uses them to perform a live SMTP handshake with the server you chose and streams the protocol transcript back to your browser.
- Credentials and authentication payloads are redacted from the transcript before it is shown or exported.
- This data is processed in memory for the duration of the test only. It is not persisted after the connection closes.
- If you close the browser tab during a test, the connection is aborted on the server.
Information stored in your browser
To make the tool convenient, some non-sensitive settings are saved in your browser's local storage on your device. This data never leaves your browser unless you trigger a test:
- Saved profiles — connection settings you choose to save. A password is only included if you explicitly check "remember password".
- Last run — non-secret fields (host, port, security, From/To) so the form is pre-filled next time. Passwords are never stored here.
- Theme preference — whether you prefer light or dark mode.
- Hint dismissal — whether you have dismissed the first-visit tip.
You can clear this at any time by clearing your browser's site data for smtptester.org.
Server logs
Our hosting infrastructure may record standard technical logs (such as IP address, request time, and user agent) for security, abuse prevention, and reliability. These logs are configured to exclude request bodies so they cannot capture SMTP credentials. Our site is served through a content delivery network (Cloudflare), which may process connection metadata to provide security and performance; see Cloudflare's own privacy policy for details.
Cookies and advertising
The core SMTP testing tool does not require cookies to function.
We may display advertising provided by third parties, including Google, to keep the service free. When advertising or analytics are enabled:
- We use Google Analytics and Google Consent Mode v2. By default, analytics and advertising storage are denied — no analytics or advertising cookies are set until you accept them in the cookie consent banner shown on your first visit. You can decline, and the service works exactly the same.
- Your choice is remembered in your browser's local storage so you are not asked again. To change it, clear this site's data and reload.
- Third-party vendors, including Google, may use cookies to serve ads based on a user's prior visits to this website or other websites.
- Google's use of advertising cookies enables it and its partners to serve ads to you based on your visit to this and other sites on the Internet.
- You can opt out of personalized advertising by visiting Google Ads Settings. You can also opt out of some third-party vendors' use of cookies for personalized advertising at www.aboutads.info/choices.
If you are in a region that requires consent for advertising cookies (such as the EEA, UK, or Switzerland), ad partners may present a consent prompt in accordance with applicable law.
Analytics
We use Google Analytics 4 to understand aggregate traffic and improve the service. Analytics only runs after you accept cookies in the consent banner; until then, Consent Mode keeps analytics storage disabled. IP addresses are anonymized, and we do not use analytics to identify individual users.
Third-party links
Our guides and pages may link to third-party websites (for example, provider documentation). We are not responsible for the privacy practices of those sites; review their policies separately.
Data security
Connections to the service use HTTPS. We apply security headers, rate limiting, and request size limits, and we restrict the server from connecting to private or internal network addresses. No method of transmission over the Internet is completely secure, but we treat your credentials as ephemeral and never persist them.
Your privacy rights
Depending on where you live, you may have rights under laws such as the GDPR (EEA/UK) or CCPA/CPRA (California), including the right to access, correct, or delete personal data we hold about you. Because we do not maintain accounts or a database of user data, most personal data lives only in your own browser, which you control directly. For any request regarding data we may process, contact us using the details below.
Children's privacy
The service is intended for developers and IT professionals and is not directed at children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children.
Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date at the top of this page. Continued use of the service after changes take effect constitutes acceptance of the revised policy.
Contact
For privacy questions or requests, contact us at [email protected].