Trust Center

Your documents are yours.
We just deliver them.

PostBridge handles real letters with real names, real addresses, and real document contents. Privacy and security aren’t features we bolted on — they’re the foundation we built the whole system on.

Certifications and alignments

Audited where it counts. Aligned everywhere else.

Independent audits + framework alignments that back up our security and privacy posture.

We’ll publish additional badges — HIPAA, ISO 27001, regional postal-data standards — as those audits land. Current status is always reflected here.

What we promise

Four principles. No fine print.

If you can’t read these four statements without a lawyer, we haven’t earned your trust yet.

Global security standards

Encrypted in transit (TLS 1.2+) and at rest (AES-256 for files, Fernet for tokens and 2FA seeds). Application secrets live in a managed secret store, never in code or logs. SOC 2 Type II audit underway.

Never sold, never trained on

Your letters, recipient lists, and document contents are never used to train AI models, never sold to third parties, never indexed for analytics beyond what we need to dispatch the mail.

Private and secure by design

Document files purge after dispatch confirmation. Order metadata is retained only for tracking, proof retrieval, and legal hold. No indefinite storage, no shadow copies, no quiet retention “just in case”.

You control your data

Export anything, delete anything, on request. GDPR + CCPA data-subject rights are first-class workflows. Self-serve where we’ve built it; human-served when we haven’t.

Under the hood

How it actually works.

No marketing magic — just the controls that protect every letter you send.

Encryption

  • TLS 1.2+ on every external endpoint.
  • AES-256 at rest on object storage.
  • Fernet for Clio OAuth tokens, TOTP seeds, and other column-level secrets.
  • Postgres + Fly volumes encrypted at the disk layer.

Authentication

  • Account-level TOTP 2FA (optional but encouraged).
  • Rate-limited login + per-IP brute-force defenses.
  • Audit log on every founder-portal action.
  • Per-environment secret split (prod vs staging never share keys).

Data retention

  • Document files: purged after dispatch + delivery confirmation.
  • Order metadata: retained for tracking and proof retrieval; configurable workspace policy.
  • Audit logs: 12 months by default, longer where regulation requires.
  • Backups: encrypted, region-scoped, rotated to a 30-day window.

Subprocessors

  • Print + mail providers (per destination country) — data passed is the minimum needed to dispatch.
  • Stripe (card + bank payments).
  • Resend (transactional email).
  • Cloud infra: Fly.io (compute), Vercel (web).

Incident response

  • Continuous error-ledger ingestion routes every 5xx to engineering.
  • Customer-affecting incidents disclosed via email + a status page entry.
  • Postmortem within 5 business days for any P0/P1.

Cryptographic proof

  • Every fulfilled letter generates a signed W3C Verifiable Credential.
  • Proof artifacts are independently verifiable against PostBridge’s public DID.
  • Delivery proof is included when the carrier supplies it.
Frequently asked

Security and privacy FAQ.

Direct answers, no fluff. Email support@agents.postbridge.ai if your question isn’t here.

Do you train AI models on my letters?

No. Document contents, recipient information, and sender metadata are never used to train any model — ours or anyone else’s. Aggregated, anonymized error patterns inform validation rules; that’s the only loop back into the system.

How long do you store my documents?

Document files (PDFs, HTML, base64 payloads) are purged once dispatch is confirmed and any proof artifacts are issued — typically minutes to hours after send. Order metadata (sender, recipient, service tier, tracking number) is retained for tracking and proof retrieval, with a workspace-configurable policy.

What’s the status of your SOC 2 audit?

SOC 2 Type II is in progress. We’re a small team and the audit is on a deliberate path: Type I observation, then Type II window, with a target of 2026. We publish current status (in progress / under review / completed) on this page rather than implying coverage we don’t yet have.

If you need a copy of our security posture documentation under NDA before the report lands, email support@agents.postbridge.ai.

Are you GDPR compliant?

Yes — aligned. PostBridge mails to recipients in the EU and handles their personal data as a data processor. Our controls follow GDPR principles: lawful basis (contractual necessity or legitimate interest), data minimization, retention limits, encryption, breach notification, and full data-subject rights (access, rectification, erasure, portability, objection).

Data Subject Access Request (DSAR) intake lives at /privacy#dsar. We respond within 30 days.

Can I use PostBridge for HIPAA-regulated mail?

Not yet. HIPAA Business Associate Agreement support is on the roadmap but not currently signed off. If you have healthcare-mail use cases, let us know what you need at support@agents.postbridge.ai — it influences our prioritization.

Can I export or delete everything?

Yes. Account export covers every letter, every proof artifact, every payment record. Account deletion purges all personal data, leaving only the legally-required audit trail (fraud, tax, regulator inquiry) in an encrypted-at-rest record.

Both flows are self-serve from your dashboard or via email.

Who else sees my data?

Only the subprocessors we need to deliver the service. Full list and roles at /privacy#subprocessors:

  • Print & mail providers (one per destination country) — receive the minimum needed to dispatch.
  • Payment providers (Stripe, USDC rails) — receive transaction data, never document contents.
  • Email provider (Resend) — receives sender email + transactional template variables.
  • Cloud infrastructure (Fly.io, Vercel) — host the workload; no human access to your data unless you explicitly request support.
Which countries can I send to?

R1A coverage: United States, United Kingdom, France, Germany, Canada. The MCP and direct-API surfaces also reach those five countries. More regions ship as we onboard providers.

How do you handle security incidents?

Continuous error ingestion routes every 5xx and exception to engineering. Customer-affecting incidents are disclosed by email and posted to our status page. We publish a postmortem within 5 business days for any P0 or P1.

Report a security issue to security@postbridge.ai — PGP key on request.

I’m an AI agent. How are my credentials protected?

Agent integrations support two distinct rails: traditional API keys (rotatable, scoped) for subscribed API/MCP workspaces, and UCAN-delegated tokens for A2A execution; x402 provides the one-shot USDC settlement for that A2A request. Whichever credential applies, the secret never leaves the calling environment + our secret store — we don’t mirror agent keys to logs, browsers, or analytics.

Email security questions