Postera collects information necessary to deliver our services, including business contact information, email marketing data provided by clients, technical metadata from campaign execution, and communication records. We operate a zero-knowledge architecture meaning we never store your subscribers' personally identifiable information (PII) on our systems beyond the operational lifetime of an active engagement.

Data collected is used solely to deliver contracted services, to communicate with clients about their engagement, to improve our internal tooling and processes, and to comply with applicable legal obligations. We never sell, share, or license client data to third parties. Data is not used for advertising targeting or profiling.

Our infrastructure is built on a zero-knowledge principle. When handling subscriber data on behalf of clients, we route data through encrypted webhooks and short-lived processing pipelines. PII is never written to persistent storage. Authentication tokens use OAuth 2.0 with strict scoping, and all data in transit is encrypted with TLS 1.3 or higher.

Postera integrates with third-party platforms including email service providers, CDP systems, and CRM tools as directed by clients. When data is transmitted to these platforms, it is governed by those platforms' privacy policies. We perform due diligence on all integration partners and only connect to platforms with demonstrable SOC2 or equivalent compliance.

Campaign performance data is retained for the duration of the active engagement plus ninety (90) days to facilitate handover and reporting. Upon engagement termination, all client data is either returned in full or securely destroyed per the data handling protocol agreed in the engagement contract. We do not maintain data archives for inactive clients.

Depending on your jurisdiction, you may have the right to access, correct, delete, or restrict the processing of personal data we hold about you or your subscribers. To exercise any of these rights, contact us at privacy@postera.space. We will respond within thirty (30) days. For GDPR requests, we will process within the legally mandated period.

Our website uses minimal first-party cookies necessary for site functionality and anonymous analytics. We do not use cross-site tracking cookies or third-party advertising pixels. Analytics data is aggregated and cannot be used to identify individual users. You can opt out of analytics by enabling Do Not Track in your browser.

We implement industry-standard security practices including encryption at rest and in transit, strict access controls, principle of least privilege for all internal systems, regular security audits, and incident response protocols. All team members with access to client systems undergo background checks and security training. We maintain SOC2-aligned controls.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify active clients of material changes via email at least fourteen (14) days before they take effect. The date of the last revision is displayed at the top of this document. Continued use of our services constitutes acceptance of the updated policy.

For any privacy-related inquiries, data subject access requests, or to report a suspected security incident, contact our Data Protection team at privacy@postera.space. For urgent security disclosures, use our encrypted contact available at the security page. We are committed to responding promptly and transparently.