postale.io is committed to privacy, security, compliance, and transparency. This approach includes supporting our customers’ compliance with EU data protection requirements, including those set out in the General Data Protection Regulation (“GDPR”), which becomes enforceable on May 25, 2018.

What is GDPR?

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

Is postale.io GDPR compliant?

Yes, postale.io is compliant with the GDPR. This document outlines the main provisions we took to make sure we are complying fully with the regulation.

Information We Hold

Registration and Contact Information. We collect information about you when you (a) register to use the Services and (b) otherwise provide contact information to us via email, mail, or through our Service. This information you provide may include your username, first and last name, and email address.

Email Messages. As an email service, we store the email messages data associated with the email addresses created on our service (also known as “mailboxes”) for as long as you wish to keep it.

Payment Information. When you purchase the Services, we will also collect transaction information, which may include your company name, company VAT (when applicable), credit card information, billing and mailing address. That information is stored and processed by Stripe, a third-party payment processing platform who is also GDPR compliant.

Technical, Usage and Location Information. We automatically collect information on how you interact with the Service, such as the IP address from which you access the Service, date and time, referrer website and campaigns information (“UTM” parameter fields). We may also collect location information, including location information automatically provided by your computer or device. We use cookies and similar technologies to collect some of this information.

Third Party Platforms. We may collect information when you interact with our service on third-party sites or platforms, such as analyticals sites. This may include information such as actions or the fact that you viewed or interacted with our content.

Data Security and Data Breaches

We take data protection and security very seriously at postale.io. We constantly monitor for security flaws and unauthorized access and we will take action immediately if something suspicious is been detected. In an unlikely case of a data breach, we willl notify all of our customers within 72 hours after the breach was detected.

Some of the preventive measures we take include:

  • Encrypted TLS communication layers for all data transfers.
  • Isolated data containers and networks.
  • Encrypted backups at database and disk level, stored for at least 30 days and replicated over 3 distinct datacenters.
  • Two-factor authentication (2FA).
  • Passwords stored as strong one-way hashes.
  • Antivirus engines for detecting trojans, viruses, and other malware.
  • Strong spam filtes for both inbound and outbound email.
  • Full support of SPF, DKIM, and DMARC.
  • 24/7 monitoring of abnormal activity.

Data Subject Rights

All individual rights regarding GDPR will be enforced by our postale.io team. If you want to exercise yur GDPR rights, you can reach out to us with your request from our contact page.

Those rights include:

  • Right To Be Informed: for the parties where we act as a controller, we inform our users what we do with their data.
  • Right To Access: we can show all the data stored.
  • Right To Object: you can use the form above for any objection you or a user has about how postale.io is processing your personal data.
  • Right To Be Forgotten: we can erase data we hold about any individual.
  • Right To Data Portability: we can export data held by an individual as an archive on request.
  • Right To Rectification: a person’s data can be updated either by API, from the user account or manually by us on request.

GDPR-ready Privacy and Cookie Policy

Please refer to our Privacy Policy.

Frequently Asked Questions

  • How will you verify to customers that you are in compliance with the new regulation?
    If you wish for formal verification, you can provide us with your Data Processing Agreement template, which we can returned filled and signed.
  • How is sensitive information stored, and do you have processes in place in the event of a data breach?
    Sensitive information is stored securely, with limited access. We react to Data breaches immediately, by notifying affected parties.
  • For how long do you store customer data?
    We store customers’ data only for the time of using our services or until they request to delete their data.
  • Where is your customer data physically stored?
    Data of our customers are stored in our US and Europe (France) datacenters hosted by Amazon AWS Europe, who is also GDPR compliant.
  • Which of your teams will have access to customer personal information
    We access customer’s personal information only based on prior request by the customer or with the customer’s approval. In most common cases, it is support team.
  • How does your organization handle instances when customers request their data be removed from your system(s)?
    When a customer requests deletion of their data, we proceed with the deletion immediately.
  • What processing operations are done by the Data Processor (postale.io)?
    All actions necessary to provide adequate customer support and reliable service.

Additional Resources