Skip to content
Postcept
Legal

Privacy Policy

This policy explains what information Postcept collects, how we use and share it, and the choices and rights you have. It reflects how the product is designed: scoped, read-only access to verify agent actions, not to move money or store more than we need.

Last updated: June 1, 2026

This page is provided for transparency and is written in plain language. It is not legal advice and is not a substitute for a policy reviewed by qualified counsel. The definitive, binding terms for customers are set out in a signed agreement and Data Processing Addendum (DPA).

Overview

Postcept provides Proof-of-Completion for AI agents: we verify high-risk actions against your systems of record and issue signed receipts. We act as a data controller for the information we collect about visitors and account holders, and as a data processor for the customer data we process on your behalf when delivering the service.

Who we are

The data controller is Postcept, Inc. If you are a customer in the EEA or UK, the relevant controller/processor roles and our processing of your end users’ data are governed by our DPA. You can reach us about privacy at privacy@postcept.com.

Information we collect

  • Account & contact data, work email, name, company, role, password (stored only as a salted hash), and the contents of messages or forms you submit.
  • Verification data, to verify an action, Postcept reads the minimum necessary records from the systems of record you connect (for example, a Stripe refund object or a Zendesk ticket status), plus the operation IDs, postcondition results, and signed receipts that verification produces. Access is scoped and read-only by default.
  • Usage & device data, log data such as IP address, browser type, pages visited, and timestamps, collected to operate and secure the service.
  • Cookies, strictly-necessary cookies (for example, your theme preference and, once available, your session). See Cookies.

How we use information

  • Provide, maintain, and improve verification, receipts, and reporting.
  • Authenticate you and secure your account and the service.
  • Respond to your requests and send service and, where permitted, product communications.
  • Detect, prevent, and investigate fraud, abuse, and security incidents.
  • Comply with legal obligations and enforce our terms.

We do not sell personal information, and we do not use your verification data to train shared or third-party AI models.

Legal bases (EEA/UK)

Where the GDPR or UK GDPR applies, we rely on these legal bases:

  • Contract, to provide the service you requested.
  • Legitimate interests, to secure, improve, and market the service, balanced against your rights.
  • Legal obligation, to comply with applicable law.
  • Consent, for optional communications or non-essential cookies, where required; you may withdraw it at any time.

How we share information

We share information only as needed and never for unrelated purposes:

  • With subprocessors that help us run the service, under contract (see below).
  • With the systems of record you explicitly connect, to perform verification.
  • In a business transfer (merger, acquisition, or financing), subject to this policy.
  • To comply with law or protect rights, safety, and the integrity of the service.

Subprocessors

We use a small set of vetted subprocessors for cloud hosting, database, email, and analytics. Each is bound by data-protection terms consistent with this policy and our DPA. A current list is available to customers on request, and we provide notice of material changes so you can object where your agreement allows.

International transfers

We may process information in countries other than your own, including the United States. Where we transfer personal data out of the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and equivalent UK and Swiss mechanisms.

Data retention

We retain personal data only as long as needed to provide the service, meet legal, accounting, or reporting obligations, and resolve disputes, then we delete or anonymize it. Signed receipts and the verification ledger may be retained for the period you configure for audit purposes.

Security

We encrypt data in transit (TLS 1.2+) and at rest, apply least-privilege access controls, keep system-of-record credentials scoped and revocable, and sign receipts so tampering is detectable. See Security for more. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

Your rights

Depending on where you live, you may have the right to:

  • access, correct, or delete your personal data;
  • port your data to another provider;
  • object to or restrict certain processing;
  • withdraw consent; and
  • lodge a complaint with your supervisory authority.

To exercise any of these, email privacy@postcept.com. We will verify your request and respond within the time required by applicable law.

U.S. state privacy rights

If you are a California resident (or in a state with comparable law), you may have the right to know, access, correct, and delete personal information, and to opt out of its “sale” or “sharing.” We do not sell or share personal information as those terms are defined. You may exercise your rights using the contact above, and you will not be discriminated against for doing so.

Cookies

We use strictly-necessary cookies to remember your preferences (such as light/dark theme) and to keep you signed in. We keep non-essential tracking to a minimum and will request consent where the law requires it. You can control cookies through your browser settings.

Children

Postcept is a business product not directed to children, and we do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.

Changes to this policy

We may update this policy as the product and our practices evolve. We will revise the “last updated” date and, for material changes, provide a more prominent notice.

Contact

Questions or requests? Email privacy@postcept.com or reach us via contact.