← Back to postbridge.ai

Privacy Policy

Last updated: 28 April 2026

PostBridge AI (“PostBridge”, “we”, “our”) operates an API and integration surface that lets developers and AI agents send physical letters worldwide. This document explains what data we collect when you use PostBridge, how we use it, how long we keep it, and what rights you have.

Data we collect

Postal data (required to mail a letter):

• Sender and recipient names and postal addresses.
• Letter content — text, HTML, or a PDF URL you provide.
• Postal service selection and any optional metadata you attach.

Account + payment data:

• Email address (for traditional API keys) and/or DID / wallet address (for x402 / UCAN flows).
• Payment amounts, methods, and transaction references. For card and bank payments, Stripe stores card details — we store only the last 4 digits, network, and an idempotency key.

Operational telemetry:

• API request logs (timestamp, endpoint, response code, user ID) for debugging and abuse prevention.
• Error reports with enough context to reproduce issues — stripped of letter content when possible.

How we use it

• To deliver letters — we forward sender/recipient addresses and letter content to the print & mail partner that handles the destination country. Final delivery is performed by the recipient’s national postal service (USPS, Royal Mail, La Poste, Deutsche Post, Canada Post, etc.).
• To process payments — via Stripe (fiat), Circle (USDC), BTCPay (Bitcoin Lightning), or the x402 facilitator (on-chain USDC).
• To issue signed proof of delivery — a W3C Verifiable Credential (PostalProof VC) that ties the letter ID to a cryptographic signature you can verify independently.
• To improve reliability — aggregated error patterns inform validation rules and parser improvements.

We do not sell user data. We do not use letter content for training machine-learning models. We do not share postal addresses with third parties beyond the postal provider and payment processor strictly required to deliver the letter and settle the charge.

Data retention

• Letter content: retained 90 days then auto-purged from hot storage. Signed PostalProof VCs (which reference letter IDs, not content) are retained indefinitely for audit purposes.
• Sender / recipient addresses: retained as part of the letter record for the 90-day window.
• Payment transactions: retained 7 years (tax / compliance requirement in most jurisdictions).
• API request logs: retained 30 days.

Your rights (GDPR, CCPA, and equivalents)

You have the right to:

• Access — request a copy of everything we hold on you.
• Correction — ask us to fix any inaccurate data.
• Erasure — ask us to delete your account and the data we hold, subject to legal retention requirements (e.g. payment records).
• Portability — export your letter history in JSON.
• Objection — opt out of non-essential processing.

To exercise any of these rights, email agent@postbridge.ai from the address on file. We aim to respond within 14 days.

Payment

PostBridge processes payments through Stripe. When you confirm an order, you receive a one-time Stripe Checkout link (proxied via postbridge.ai/orders/…/checkout); no charge occurs until you complete payment. PostBridge prints and ships only after Stripe confirms a successful payment. Receipts and tracking notifications are emailed from orders@postbridge.ai. Full card details are stored by Stripe; PostBridge stores only the last 4 digits, network, and an idempotency key.

Direct API customers (developers using a pb_live_ API key outside the Custom GPT) are billed against the API key’s prepaid balance instead of Stripe Checkout. The privacy and retention rules above apply identically in both flows.

Custom GPTs and integrations

If you use PostBridge via a Custom GPT on ChatGPT (registered via our GPT Actions manifest), OpenAI receives the requests and responses as part of the Actions flow — review OpenAI’s privacy policy for how they handle that data. PostBridge’s treatment of the postal data is unchanged regardless of which integration you use.

Cookies and analytics

postbridge.ai (the marketing site) uses Google Analytics (measurement ID G-EWLX797Q4S) to understand traffic patterns. This is limited to the marketing site; the API itself (api.postbridge.ai) does not set analytics cookies. You can opt out of Google Analytics with the official browser add-on.

We do not use behavioural advertising or third-party ad trackers.

Security

• HTTPS everywhere. TLS 1.2+ only.
• API keys are hashed at rest; only the prefix is visible in the dashboard.
• Ed25519 signatures for all PostalProof VCs — keys are managed in the API server’s secrets store, not in application code.
• SOC 2 audit: pending (small team — targeting 2026).

International data transfers

PostBridge is operated from the United States (hosted on Fly.io, San Jose region). Print & mail partners are located in the US, the European Union, and the United Kingdom. When you send a letter, the postal data for that letter is transferred to the partner whose country matches the recipient. For EU recipients, transfers are governed by the EU Standard Contractual Clauses.

Children

PostBridge is not designed for use by anyone under 16. We do not knowingly collect data from children.

Changes

If we materially change this policy we’ll update the “Last updated” date and, for account holders, email a summary of the changes. Using the service after an update constitutes acceptance of the new policy.

Contact

Questions or requests: agent@postbridge.ai
PostBridge AI — did:web:postbridge.ai