PostflareAlpha

Privacy Policy

Last updated: March 31, 2026 | Version: 1.0

Introduction

Postflare ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our transactional email platform and related services.

By using Postflare, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Organization name
  • Authentication credentials (managed via our self-hosted authentication system)
  • API key metadata (creation date, last used, permissions)

Usage Data

We automatically collect information about how you use the service:

  • API call logs (endpoint, timestamp, response status)
  • Email sending metadata (sender address, recipient address, timestamp, delivery status)
  • Dashboard activity (pages viewed, features used)

Technical Data

We collect technical data to operate and secure the service:

  • IP addresses
  • Browser type and version
  • Device information
  • Cloudflare-provided request metadata

What We Do Not Collect

  • Email body content: Emails are processed through Cloudflare Email Routing and are not stored persistently by Postflare. We do not read, analyze, or retain the body content of emails you send.
  • Payment card details: Payment processing is handled entirely by Polar; we never see or store your full payment card information.

How We Use Your Information

We use the information we collect to:

  • Provide the service: Process and deliver transactional emails on your behalf
  • Improve the platform: Analyze usage patterns to enhance features and performance
  • Communicate with you: Send service notifications, security alerts, and product updates
  • Prevent abuse: Detect and prevent spam, fraud, and violations of our Acceptable Use Policy
  • Comply with legal obligations: Respond to legal requests and enforce our terms

Data Storage and Security

Your data is stored and processed using the following infrastructure:

  • Database: Neon PostgreSQL, hosted on AWS infrastructure. Email metadata, account information, and API logs are stored here.
  • Attachment storage: Cloudflare R2, a globally distributed object storage service for email attachments.
  • Compute: Cloudflare Workers, an edge computing platform. Request data is processed in memory and is not persistently stored by the compute layer.
  • Encryption: All data in transit is encrypted via TLS. Data at rest is encrypted using provider-managed encryption.

We implement industry-standard security measures including access controls, regular security reviews, and monitoring for unauthorized access.

Third-Party Services

We use the following third-party services to operate Postflare:

ServicePurposeData Shared
CloudflareCDN, Workers compute, Email Routing, R2 storageAPI requests, email content (in transit), attachments
NeonPostgreSQL database hostingAccount data, email metadata, API logs
PolarSubscription and payment processingBilling email, subscription tier, payment status

Each third-party service has its own privacy policy governing its use of your data. Our authentication system (Better Auth) is self-hosted and does not share data with external parties.

Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to erasure: Request deletion of your account and all associated personal data.
  • Right to data portability: Request an export of your data in a machine-readable format (JSON).
  • Right to rectification: Request correction of inaccurate personal information.
  • Right to object: Object to specific data processing activities.
  • Right to restrict processing: Request that we limit how we use your data.

To exercise any of these rights, contact us at legal@postflare.com. We will respond to your request within 30 days.

Cookies

Postflare uses only strictly necessary cookies:

  • Session token: Used to authenticate your dashboard session. This cookie is essential for the service to function and cannot be disabled.

We do not use:

  • Third-party tracking cookies
  • Analytics cookies
  • Advertising cookies

Data Retention

  • Account data: Retained for the duration of your account. Upon account deletion request, all personal data is permanently removed within 30 days.
  • API and sending logs: Retained for 90 days for debugging and analytics purposes, then automatically purged.
  • Email content: Not retained. Email content is processed transiently and is not stored by Postflare.

International Data Transfers

Postflare uses Cloudflare's global edge network, which means your API requests may be processed in multiple jurisdictions. For transfers outside the EEA, we rely on Standard Contractual Clauses (SCCs) and Cloudflare's data processing agreements to ensure adequate protection.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify you via email if the changes significantly affect how we handle your data
  • Increment the version number

Contact

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: legal@postflare.com

This document is an AI-generated draft and may require review by qualified legal counsel.

Questions? Contact us at legal@postflare.com