Global security standards
Encrypted in transit (TLS 1.2+) and at rest (AES-256 for files, Fernet for tokens and 2FA seeds). Application secrets live in a managed secret store, never in code or logs. SOC 2 Type II audit underway.
PostBridge handles real letters with real names, real addresses, and real document contents. Privacy and security aren’t features we bolted on — they’re the foundation we built the whole system on.
Independent audits + framework alignments that back up our security and privacy posture.
We’ll publish additional badges — HIPAA, ISO 27001, regional postal-data standards — as those audits land. Current status is always reflected here.
If you can’t read these four statements without a lawyer, we haven’t earned your trust yet.
Encrypted in transit (TLS 1.2+) and at rest (AES-256 for files, Fernet for tokens and 2FA seeds). Application secrets live in a managed secret store, never in code or logs. SOC 2 Type II audit underway.
Your letters, recipient lists, and document contents are never used to train AI models, never sold to third parties, never indexed for analytics beyond what we need to dispatch the mail.
Document files purge after dispatch confirmation. Order metadata is retained only for tracking, proof retrieval, and legal hold. No indefinite storage, no shadow copies, no quiet retention “just in case”.
Export anything, delete anything, on request. GDPR + CCPA data-subject rights are first-class workflows. Self-serve where we’ve built it; human-served when we haven’t.
No marketing magic — just the controls that protect every letter you send.
Direct answers, no fluff. Email support@agents.postbridge.ai if your question isn’t here.
No. Document contents, recipient information, and sender metadata are never used to train any model — ours or anyone else’s. Aggregated, anonymized error patterns inform validation rules; that’s the only loop back into the system.
Document files (PDFs, HTML, base64 payloads) are purged once dispatch is confirmed and any proof artifacts are issued — typically minutes to hours after send. Order metadata (sender, recipient, service tier, tracking number) is retained for tracking and proof retrieval, with a workspace-configurable policy.
SOC 2 Type II is in progress. We’re a small team and the audit is on a deliberate path: Type I observation, then Type II window, with a target of 2026. We publish current status (in progress / under review / completed) on this page rather than implying coverage we don’t yet have.
If you need a copy of our security posture documentation under NDA before the report lands, email support@agents.postbridge.ai.
Yes — aligned. PostBridge mails to recipients in the EU and handles their personal data as a data processor. Our controls follow GDPR principles: lawful basis (contractual necessity or legitimate interest), data minimization, retention limits, encryption, breach notification, and full data-subject rights (access, rectification, erasure, portability, objection).
Data Subject Access Request (DSAR) intake lives at /privacy#dsar. We respond within 30 days.
Not yet. HIPAA Business Associate Agreement support is on the roadmap but not currently signed off. If you have healthcare-mail use cases, let us know what you need at support@agents.postbridge.ai — it influences our prioritization.
Yes. Account export covers every letter, every proof artifact, every payment record. Account deletion purges all personal data, leaving only the legally-required audit trail (fraud, tax, regulator inquiry) in an encrypted-at-rest record.
Both flows are self-serve from your dashboard or via email.
Only the subprocessors we need to deliver the service. Full list and roles at /privacy#subprocessors:
R1A coverage: United States, United Kingdom, France, Germany, Canada. The MCP and direct-API surfaces also reach those five countries. More regions ship as we onboard providers.
Continuous error ingestion routes every 5xx and exception to engineering. Customer-affecting incidents are disclosed by email and posted to our status page. We publish a postmortem within 5 business days for any P0 or P1.
Report a security issue to security@postbridge.ai — PGP key on request.
Agent integrations support two distinct rails: traditional API keys (rotatable, scoped) for subscribed API/MCP workspaces, and UCAN-delegated tokens for A2A execution; x402 provides the one-shot USDC settlement for that A2A request. Whichever credential applies, the secret never leaves the calling environment + our secret store — we don’t mirror agent keys to logs, browsers, or analytics.