postal.is
Back to Home

Privacy Policy

Last updated: February 3, 2026

1. Information We Collect

We collect the following types of information:

  • Operator Account Information: Name, email address, business address, and authentication credentials
  • Customer Information: Data provided by CMRA operators about their customers (names, addresses, USPS Form 1583 documents)
  • Mail Data: Scanned mail images, forwarding requests, and mail handling instructions
  • Usage Data: Account activity, audit logs, and access timestamps
  • Technical Data: IP address, browser type, device information
  • Payment Data: Billing information (processed securely via Pabbly)

2. CMRA and Mail Privacy

As a platform serving Commercial Mail Receiving Agencies, we take special care with mail-related data:

  • All mail scans are encrypted using AES-256 encryption at rest and in transit
  • USPS Form 1583 documents are stored securely with restricted access
  • Customer data belongs to the CMRA operator, not postal.is
  • Audit logs track all access to mail images and customer information

3. Cookies and Analytics

We use Google Analytics to understand how visitors use our website. Google Analytics collects information such as how often users visit the site, what pages they visit, and what other sites they use before coming to this site.

We use cookies to:

  • Remember your cookie preferences
  • Analyze site traffic and user behavior
  • Improve website performance and user experience

You can accept or decline analytics cookies through our cookie banner. Your choice is stored in your browser and will be respected on future visits. You may change your preferences at any time.

Google Analytics: We use Google Analytics, a web analytics service provided by Google, Inc. (Google). Google Analytics uses cookies to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. You may opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

4. How We Use Your Information

We use your information to:

  • Provide and improve our Service
  • Process transactions and send billing information
  • Send technical notices and support messages
  • Maintain security and prevent fraud
  • Comply with USPS CMRA regulations
  • Comply with legal obligations

5. Data Security

We implement industry-standard security measures to protect your data:

  • AES-256 encryption for all files at rest and in transit
  • Encrypted databases with role-based access control
  • Secure MinIO object storage with server-side encryption
  • Regular security assessments
  • Background checks on all employees with data access

6. Document Storage and Retention

Documents are stored securely and retention policies are controlled by the CMRA operator based on their plan. USPS Form 1583 documents must be retained for as long as the customer has an active mailbox.

Storage by Plan:

  • • Starter: 50 GB storage, 30-day retention
  • • Professional: 250 GB storage, 60-day retention
  • • Business: 1 TB storage, 90-day retention
  • • Enterprise: 5 TB storage, custom retention

7. Audit Logs

postal.is maintains comprehensive audit logs of system activity, including:

  • Mail scans and uploads
  • Customer portal access
  • Forwarding and shredding requests
  • Account authentication events
  • USPS Form 1583 submissions

Audit logs are retained for 1 year and are available for export by account owners.

8. Data Sharing

We do not sell your data. We only share data in the following circumstances:

  • With Your Consent: When you explicitly authorize sharing
  • Service Providers: With trusted partners who operate our infrastructure (payment processors, storage providers)
  • Legal Requirements: When required by law, court order, or USPS regulation
  • Business Transfer: In connection with a merger or acquisition

9. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data
  • Opt-out of marketing communications

To exercise these rights, contact us at privacy@postal.is

10. Compliance

postal.is complies with major data protection regulations:

  • GDPR: EU General Data Protection Regulation
  • CCPA: California Consumer Privacy Act
  • USPS CMRA Regulations: Commercial Mail Receiving Agency compliance

11. Children's Privacy

Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will take immediate steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes via email or through the Service. Your continued use after changes constitutes acceptance.

13. Contact Us

For privacy-related questions or requests, please contact us at privacy@postal.is