Privacy Policy

How BM.ECOMTECHBD.COM collects, uses, protects, and shares your personal information.

Last Updated: 2026-03-16

This Privacy Policy describes how BM.ECOMTECHBD.COM ("we," "us," or "our") collects, uses, stores, and discloses information when you visit our website, use our services, or interact with us in any capacity. By accessing or using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

1. Information We Collect

1.1 Personal Information

When you create an account, purchase a plan, or contact our support team, we collect personal information that you provide directly, including:

  • Full name and company name
  • Email address
  • Billing address and postal address
  • Phone number
  • Payment information (credit card number, billing details). Payment data is processed by our PCI-compliant payment processor and is not stored on our servers.
  • Account credentials (username and hashed password)
  • Domain names and DNS records you configure for email authentication

1.2 Usage Data

We automatically collect information about how you interact with our website and services, including:

  • IP address, browser type, and operating system
  • Pages visited, time spent on each page, and navigation paths
  • Referring website URLs and search terms used to find our site
  • Device type, screen resolution, and language preferences
  • Date and time of each visit or interaction
  • API usage patterns, request frequency, and endpoint usage

1.3 Email Data

As an email infrastructure provider, we process email messages on behalf of our customers. In the course of providing our business email hosting and delivery services, we may process:

  • Sender and recipient email addresses
  • Email subject lines and message headers
  • Email content (message body) as it passes through our servers for delivery
  • Attachments transmitted through our service
  • Delivery metadata including timestamps, delivery status, bounce codes, open events, and click events

We do not read, analyze, or mine the content of emails sent through our service for advertising or profiling purposes. Email content is processed solely for the purpose of delivering the message to its intended recipient and providing delivery analytics to the sending account holder.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery: To provide, operate, and maintain our SMTP, email API, and related services, including processing and delivering email messages on your behalf.
  • Account management: To create and manage your account, process payments, and communicate with you about your account status, billing, and service updates.
  • Customer support: To respond to your inquiries, troubleshoot issues, and provide technical assistance.
  • Service improvement: To analyze usage patterns, identify performance issues, and improve the functionality, reliability, and security of our services.
  • Security and fraud prevention: To detect, prevent, and respond to security incidents, abuse, spam, and other harmful activity on our platform.
  • Legal compliance: To comply with applicable laws, regulations, legal processes, and government requests.
  • Communication: To send you service-related notices, security alerts, and administrative messages. With your consent, we may also send you marketing communications about new features, promotions, or services.

3. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. Specific retention periods include:

  • Account information: Retained for the duration of your account and for 90 days after account closure to allow for reactivation and resolve any pending issues.
  • Email delivery logs: Retained for 30 days to provide delivery analytics, troubleshooting data, and compliance records.
  • Email content: Not retained after successful delivery. Messages in queue for delivery are deleted within 72 hours of the final delivery attempt.
  • Billing records: Retained for 7 years to comply with tax and financial reporting regulations.
  • Usage analytics: Retained in aggregated, anonymized form indefinitely for service improvement purposes.

When data is no longer needed for its stated purpose, we securely delete or anonymize it using industry-standard methods.

4. Third-Party Sharing

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information with third parties only in the following circumstances:

  • Service providers: We share information with trusted service providers who assist in operating our platform, including payment processors, cloud hosting providers, customer support tools, and analytics services. These providers are contractually bound to use your information only for the purposes of providing services to us and must maintain appropriate security measures.
  • Legal requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, including in response to lawful requests by public authorities for law enforcement or national security purposes.
  • Business transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change and any choices you may have regarding your information.
  • Protection of rights: We may disclose information when we believe in good faith that disclosure is necessary to protect our rights, enforce our terms of service, investigate fraud, or protect the safety of our users or the public.

5. Data Security

We implement comprehensive technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS 1.2 or higher for all connections
  • Encryption of sensitive data at rest using AES-256 encryption
  • Regular security assessments, vulnerability scanning, and penetration testing
  • Access controls limiting employee access to personal data on a need-to-know basis
  • Multi-factor authentication for internal systems and administrative access
  • 24/7 infrastructure monitoring with automated intrusion detection and alerting
  • Regular employee security training and awareness programs

While we strive to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining the highest practical standards of data protection.

6. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience, analyze site traffic, and understand usage patterns. The types of cookies we use include:

  • Essential cookies: Required for the basic functionality of our website, such as maintaining your login session, remembering your preferences, and ensuring security. These cookies cannot be disabled.
  • Analytics cookies: Used to collect anonymized information about how visitors use our website, including pages visited, time on site, and navigation patterns. We use this data to improve our website and services.
  • Functional cookies: Enable enhanced functionality such as remembering your dashboard preferences, language selection, and display settings.

You can control cookie preferences through your browser settings. Most browsers allow you to block or delete cookies, but doing so may affect the functionality of our website. We do not use advertising or third-party tracking cookies.

7. Your Rights Under GDPR

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation and applicable local law:

  • Right of access: You have the right to request a copy of the personal data we hold about you.
  • Right to rectification: You have the right to request correction of any inaccurate or incomplete personal data.
  • Right to erasure: You have the right to request deletion of your personal data, subject to certain legal exceptions such as data required for legal compliance or the performance of a contract.
  • Right to restrict processing: You have the right to request that we limit the processing of your personal data under certain circumstances.
  • Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
  • Right to object: You have the right to object to the processing of your personal data for direct marketing purposes or on grounds relating to your particular situation.
  • Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing performed prior to withdrawal.

To exercise any of these rights, please contact us at privacy@ecomtechbd.com. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

8. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@ecomtechbd.com.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those of your jurisdiction. When we transfer data internationally, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission to ensure your data is protected in accordance with this Privacy Policy and applicable law.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws. When we make material changes, we will notify you by posting the updated policy on our website with a revised "Last Updated" date. For significant changes, we may also notify you by email. We encourage you to review this Privacy Policy periodically.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

For GDPR-related inquiries, you may also contact our Data Protection Officer at dpo@ecomtechbd.com. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.