Privacy Policy

Updated: July 20, 2025

Privacy Policy

PostFlex is committed to protecting your privacy and ensuring the security of your personal information. This policy explains how we collect, use, and safeguard your data.

1. Information We Collect

Personal Information:

  • Email addresses for account creation and communication
  • Billing information for payment processing
  • Contact details for customer support
  • Usage analytics for service improvement

Technical Information:

  • Device and browser information for security verification
  • IP addresses for fraud detection and geographic compliance
  • Transaction logs for digital stamp verification
  • Performance metrics for system optimization

2. How We Use Your Information

We use collected information to:

  • Provide and maintain PostFlex digital stamp services
  • Process payments and prevent fraudulent transactions
  • Communicate important service updates and security alerts
  • Improve our technology through anonymized usage analytics
  • Comply with legal and regulatory requirements
  • Provide customer support and technical assistance

3. Data Protection & Security

PostFlex implements enterprise-grade security measures:

  • 256-bit encryption for all data transmission and storage
  • SOC 2 Type II compliance for enterprise security standards
  • Multi-factor authentication for account access
  • Regular security audits by independent cybersecurity firms
  • Data minimization - we collect only necessary information
  • Secure data centers with physical and digital access controls

4. Data Sharing & Disclosure

We do not sell personal information. We may share data only when:

  • Required by law or legal process
  • Necessary to prevent fraud or security threats
  • With service providers under strict confidentiality agreements
  • With postal services for legitimate verification purposes
  • During business transfers with appropriate data protection guarantees

5. International Data Transfers

PostFlex operates globally and may transfer data across borders. We ensure:

  • Adequate protection through approved transfer mechanisms
  • Compliance with GDPR, CCPA, and other applicable privacy laws
  • Data localization when required by local regulations
  • Transparent disclosure of data processing locations

6. Your Privacy Rights

Depending on your location, you may have rights to:

  • Access your personal information
  • Correct inaccurate data
  • Delete your account and associated data
  • Restrict certain data processing activities
  • Export your data in portable formats
  • Object to automated decision-making

7. Data Retention

We retain personal information only as long as necessary:

  • Account information: Duration of active service plus 7 years for compliance
  • Transaction records: 10 years for audit and regulatory requirements
  • Support communications: 3 years for service improvement
  • Analytics data: 2 years in anonymized form

8. Cookies & Tracking

PostFlex uses essential cookies for:

  • Authentication and session management
  • Security and fraud prevention
  • Service functionality and performance
  • Analytics for service improvement (with your consent)

You can control cookie preferences through your browser settings.

9. Third-Party Services

We work with trusted partners for:

  • Payment processing (encrypted and PCI-compliant)
  • Cloud infrastructure (enterprise-grade security)
  • Analytics services (anonymized data only)
  • Customer support tools (minimal data sharing)

10. Children’s Privacy

PostFlex services are not intended for users under 16. We do not knowingly collect personal information from children.

11. Privacy Policy Updates

We may update this policy to reflect:

  • Changes in our services or technology
  • New legal or regulatory requirements
  • Enhanced privacy protections

Significant changes will be communicated via email and prominent website notices.

12. Contact Information

For privacy-related questions or requests:

Email: privacy@postflex.com
Mail: PostFlex Privacy Officer, [Company Address]
Response Time: 30 days for most requests

13. Regional Privacy Information

For EU/UK Residents (GDPR): Legal basis for processing: Legitimate interest, contract performance, legal compliance

For California Residents (CCPA): We do not sell personal information and provide additional rights as required by law

For Canadian Residents (PIPEDA): Compliance with federal and provincial privacy legislation

Last updated: July 20, 2025