LAST UPDATE: May 23, 2018


This document sets Privacy Policy (or "Policy") for the CiviSMTP service ("Service" or “Services”) provided by Target Node, LLC dba CiviSMTP ("CiviSMTP", "Company", "we", "us", “our”) as described in our Terms of Service Agreement (“Terms of Service” or “Agreement”) and for the use of our website (“Website”).

This policy explains our online information practices, the kinds of information we may collect, how we intend to use and share that information, and how you can request access, correction, portability, or deletion of such information.


1. Definitions

  • - “Personal Information” or “Personal Data”-  any information relating to an identifiable individual or his or her personal identity.
  • - “Customer” -  person or entity that is registered with us to use our Service. When we say “you” we are referring to Customers and/or to some other individual who visits and uses our Website.
  • - “Subscriber” or “Recipient” is a person you contact through our Service

2. Changes

We may change this Privacy Policy at any time and for any reason. The date of the most recent version of the Privacy Policy is reflected at the top of the page. We encourage you to review this Privacy Policy periodically to stay informed of changes that may affect you. Your continued use of the Website and our Service signifies your continuing consent to be bound by this Privacy Policy.

3. Scope

This Privacy Policy is effective with respect to any data that we have collected, or collect, about and/or from you through your use of our Website or our Service.

When we Process Personal Information of Recipients (“Recipient Personal Information”) on behalf of our Customers, we Process such Personal Information only as a data processor and in accordance with our Customers’ instructions.
This Privacy Policy does not apply to Recipients. If you are a Recipient of one of our Customers, you should review that Customer’s privacy policy, terms, or other notices to learn how that Customer collects and uses information about you. If a Customer has submitted your Personal Information to us as Recipient Personal Information and you wish to exercise any rights you may have to access, correct, port, or delete such Personal Information, please inquire with the applicable Customer directly. 

4. Your Information

 Information We Collect

  • -  Information you voluntarily provide to us: When you sign up for and use the Service, consult with our customer service team, send us an email, or communicate with us in any way, you are voluntarily giving us information that we collect. That information may include your name, physical address, email address, IP address, phone number, billing information, as well as details including occupation, location, purchase history, and other demographic information. By giving us this information, you consent to this information being collected, used, disclosed, transferred, and stored by us as described in our Terms of Use and in this Privacy Policy.
  • - Information we collect automatically: When you use the Service, we may collect information about your visit to our Website, your usage of the Service, and your web browsing. That information may include your IP address, your operating system, your browser ID, your browsing activity, and other information about how you interacted with our Websites or other websites. We may collect this information as a part of log files as well as through the use of cookies or other tracking technologies. Our use of cookies is discussed in our Cookies Policy.
  • - Information from your use of the Service: We may receive information about how and when you use the Service, store it in log files or other types of files associated with your account, and link it to other information we collect about you. This information may include, for example, your IP address, time, date, browser used, and actions you have taken within the application. This type of information helps us to provide and  improve our Services for both you and for all of our Customers.
  • - Information We Process on Behalf of Our Customers:  CiviSMTP Customers may also send certain Personal Information through the Service  which we will process as a data processor on our Customers’ behalf. For example, when our Customers use our email delivery service to send transactional or bulk emails, we will act as a data processor and only process such information on our Customer’s behalf and in accordance with our Terms of Service Agreement. We will use such personal information to: provide and deliver the Services to the Customer, prevent or address any service or technical issues, respond to a Customer’s request, instructions or support request, or for any other purpose provided for in the Customer Agreement, or in accordance with or as may be required by law. In such cases, it is the Customer who remains responsible for the handling of the personal information and for compliance with any applicable data privacy laws. If you have questions or concerns about how such personal information is handled, you should contact the relevant Customer that is using the Services, and refer to their separate privacy policies.

Use and Disclosure of Your Personal Information

We may use and disclose your Personal Information for the following purposes:

  • - To promote use of our services to you and others. For example, if we collect your Personal Information when you visit our Website and do not sign up for any of the Services, we may send you an email inviting you to sign up. You can stop receiving our promotional emails by following the unsubscribe instructions included in the promotional emails we send.
  • - To send you informational and promotional content. You can stop receiving our promotional emails by following the unsubscribe instructions included in the promotional emails we send.
  • - To bill and collect money owed to us by our Customers. This includes sending you emails, invoices, receipts, notices of delinquency. We use third parties for payment processing. Information you provide on the websites of such third parties that we engage for payment processing is subject to their respective privacy policies.
  • - To send you important messages about the Services. For example, we may inform you of temporary or permanent changes to our Services, such as scheduled maintenance, new features, version updates, releases, abuse warnings, and changes to our policies.
  • - To communicate with our Customers about their account and provide customer support.
  • - To enforce compliance with our Terms of Use and applicable law. This may include developing and using tools that help detect fraud and prevent violations.
  • - To protect the rights and safety of our Customers and third parties, as well as our own.
  • - To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms.
  • - To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements.
  • - To prosecute or defend a court, arbitration, or any other legal proceeding.
  • - To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.
  • - To provide, support, and improve the Services we offer. This includes our use of the data that our Customers provide us in order to enable our Customers to use the Services to communicate with their Recipients. This also includes, for example, aggregating information from your use of the Services and sharing this information with third parties to improve our Services. This might also include sharing your information or the information you provide us about your Recipients with third parties in order to provide and support our Services or to make certain features of the Services available to you. When we do have to share Personal Information with third parties, we take steps to protect your information by requiring these third parties to use the Personal Information we transfer to them in a manner that is consistent with this policy.
  • - To transfer your information in the case of a sale, merger, consolidation, liquidation, reorganization, or acquisition. In that event, we will endeavor to require any acquirer to be subject to our obligations under this Privacy Policy. We will notify you of the change either by sending you an email or posting a notice on our Website.

Data Collected for and by our Customer

 As a Customer, you may send through our system certain Personal Information of your Recipients. We have no direct relationship with your Recipients and for this reason, you are responsible for making sure you have the appropriate permission for us to collect and process information about those Recipients.

 If you are a Recipient and no longer want to be contacted by one of our Customers, please unsubscribe directly from that Customer’s emails or contact the Customer directly to update or delete your data.

 We will retain Personal Information we process on behalf of our Customers for as long as needed to provide our Services or to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our agreements.

 Content of Emails Sent

When a Customer sends an email to a Recipient, it bounces from server to server as it crosses the Internet. Along the way, server administrators can read what you send. Email was not built for sending confidential information and most emails end up in an unencrypted inbox. Please do not use our Service to send confidential information.

 Sometimes we review the content of our Customer’s emails to make sure they comply with our Terms of Service. To improve that process, we may employ software that helps us find email campaigns that may violate our Terms of Use. Our staff or independent contractors may review those emails. This is done in order to reduce the amount of SPAM being sent through our system and helps us maintain high deliverability.

 Anonymous and Aggregated Information

CiviSMTP may use your Personal Information and other information about you to create anonymized and aggregated information, such various analyses and reports. Anonymized or aggregated information is not Personal Information, and CiviSMTP may use such information in a number of ways, including research, internal analysis, analytics and any other legally permissible purposes. We may share this information within CiviSMTP and with third parties for our or their purposes in an anonymized or aggregated form that is designed to prevent anyone from identifying you.

 Links to third-party websites.

 Our Website includes links to other websites, whose privacy practices may be different from ours. If you submit Personal Information to any of those sites, your information is governed by their privacy policies.

 Disclosure of Personal Information to Third Parties

We may disclose Personal Information to the following types of third parties for the purposes described in this Privacy Policy:

  • - To third-party Service Providers who require access to Your personal information to assist in the provision of the Services, and other business-related functions. Examples of Service Providers include hosting services.
  • - Information Disclosed for our Protection and the Protection of Others. We may disclose information about you to third parties: (a) if we are required to do so by law, court order or legal process; (b) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; (c) under the discovery process in litigation; (d) to enforce CiviSMTP policies or contracts; (e) to collect amounts owed to CiviSMTP; (f) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (g) if we, in good faith, believe that disclosure is otherwise necessary or advisable. In addition, from time to time, server logs may be reviewed for security purposes including, for example, to detect unauthorized activity on the Services. In such cases, server log data containing Personal Information may be shared with law enforcement bodies so that they may identify users in connection with their investigation of the unauthorized activities.

5. Security

We take reasonable and appropriate measures to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the Processing and the nature of the Personal Information.

CiviSMTP accounts require a username and password to log in. You must keep your username and password secure, and never disclose them to a third party.

6. International Transfers

Our servers and offices are located in the United States, so your information may be transferred to, stored, or processed in the United States. By using our Website and Services, you understand and consent to the collection, storage, processing, and transfer of your information to our facilities in the United States and those third parties with whom we share it as described in this policy.

Customers located in the European Union (EU) or other countries whose use of the Services requires CiviSMTP to process personal data falling within the scope of the EU General Data Protection Regulation (GDPR), are free to request a Data Processing Addendum to our Agreement. Please email us with such requests to

7. Rights of Access, Rectification, Portability, Erasure and Restriction

Your Personal Information

You may seek confirmation regarding whether CiviSMTP is Processing Personal Information about you, request access to Personal Information, and ask that we correct, amend or delete your Personal Information. Where otherwise permitted by applicable law, you may contact us at to request access to, receive, port, restrict processing, seek rectification or request erasure of Personal Information held about you by CiviSMTP. Such requests will be carried out in accordance with applicable laws.

If it is not possible to completely delete your data(for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.

Recipient Personal Information

As a data processor for our Customers, CiviSMTP processes data, which may include Recipient Personal Information on behalf of our Customers. If Personal Information pertaining to you as an individual has been submitted to us by a Customer as Recipient Personal Information and you wish to exercise any rights you may have to access, receive, port, restrict processing, seek rectification, or request erasure, please inquire with the applicable Customer directly.

8. Accuracy and Retention of Data

We do our best to keep your data accurate and up to date, to the extent that you provide us with the information we need to do so. If your data changes, for example, if you have a new email address, then you are responsible for notifying us of those changes.

CiviSMTP retains the Personal Information we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, other legal or tax purposes, conduct audits, prevent abuse, pursue legitimate business purposes, enforce our agreements, comply with applicable laws or other lawful purposes.

Where we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.

9. Sensitive Data

“Sensitive Data” means (a) government-issued identification number, including social security number, driver’s license number or state-issued identification number or similar identifier or any portion thereof; (b) financial account number, credit card number, debit card number, credit report information, with or without any required security code, access code, personal identification number or password, that would permit access to an individual’s financial account; (c) genetic and biometric data or data concerning health; (d) Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation or sexual activity, criminal history; and (e) any other information that falls within the definition of "special categories of data" under EU Data Protection Laws or any other applicable law relating to privacy and data protection.

CiviSMTP does not knowingly solicit, collect or process, and you should not provide, any Sensitive Data as defined above and CiviSMTP will have no liability whatsoever for Sensitive Data, whether in connection with a security incident or otherwise.

10. Children

CiviSMTP does not knowingly solicit, collect or process Personal Information from children under the age of 16. This applies to any Personal Information directly collected by us, but does not apply to the Personal Information provided to us by third party services and organizations or from our Customers regarding their Recipients (please refer to the terms of their respective privacy policies).

11. Contact Us

For any questions related to this Privacy Policy, please contact us at