Your privacy, by design.
Last updated: February 27, 2026. We believe in transparency and data ownership. This policy explains exactly how we handle your information.
Our commitment.
Variant Systems ("we", "us", "our") operates Postbox, a structured data collection platform. We collect and process data only to provide and improve the service. We do not sell your data.
Information We Collect
We collect account information (email, OAuth profiles), form submission data (as defined by your schemas), and usage data (server logs, telemetry) for security and service operation.
How We Use Data
Data is used to provide the service, process submissions, run AI features you enable, send notifications, and prevent abuse. We use Polar for payments and Resend for emails.
Opt-in intelligence.
AI features like spam detection, translation, and smart replies are disabled by default. They only run when you explicitly enable them for a specific form.
AI Processing
Enabled AI features send submission content to third-party providers (currently OpenAI) over encrypted connections. You can disable AI processing at any time.
Data Sharing
We share data only with essential subprocessors: AWS (hosting), Resend (email), Polar (billing), and AI providers (only if features are enabled).
Your data, your rules.
Data Retention
Account data is deleted within 30 days of closure. Submissions are kept while active. Server logs are purged after 90 days.
Your Rights
You can access, export, or delete your data at any time via the API or dashboard. Contact us for specific requests.
Cookies
We only use essential cookies for sessions and CSRF protection. No tracking or advertising cookies.
Questions about your privacy? We're here to help.
Reach out to us at support@usepostbox.com.