Skip to content
Postbox Postbox

Privacy Policy

Last updated: February 27, 2026

1. Introduction

Variant Systems ("we", "us", "our") operates Postbox, a structured data collection platform. This Privacy Policy explains how we collect, use, and protect information when you use our Service at usepostbox.com.

2. Information We Collect

Account Information

When you register, we collect your email address. If you use Google or GitHub OAuth, we receive your name, email, and profile information from those providers. We also store hashed passwords and TOTP secrets for two-factor authentication.

Form Submission Data

We store data submitted to your forms by end users. This data is defined by the schema you configure and may include names, emails, messages, and other fields you specify. We process this data according to your form settings.

Usage Data

We collect standard server logs (IP addresses, request timestamps, user agent strings) for security, rate limiting, and service operation. We use telemetry to track feature usage patterns in aggregate.

3. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To process submissions and deliver them to your dashboard
  • To run AI features you enable (spam detection, translation, smart replies)
  • To send email notifications about submissions and account activity
  • To enforce rate limits and prevent abuse
  • To process payments through our billing provider (Polar)
  • To respond to support requests

4. AI Processing

When you enable AI features on a form, submission content is sent to third-party AI providers (currently OpenAI) for processing. This includes:

  • Spam detection: Submission content is analyzed for spam classification
  • Translation: Submission text is sent for language detection and translation
  • Smart replies: Submission content and your knowledge base are used to generate responses

AI processing only occurs when you explicitly enable these features per form. You can disable AI features at any time.

5. Data Sharing

We share your data only with:

  • AI providers - When AI features are enabled (submission content only)
  • Email provider (Resend) - To deliver notification emails
  • Payment provider (Polar) - To process subscriptions and billing
  • Infrastructure (AWS) - To host and serve the application

We do not sell your data. We do not share submission data with advertisers or data brokers.

6. Data Retention

Account data: Retained while your account is active. Deleted within 30 days of account closure.

Submissions (Free tier): Retained while your account is active. Queued submissions (over limit) are deleted after 30 days without upgrade.

Submissions (Pro tier): Retained as long as your subscription is active.

Server logs: Retained for up to 90 days for security and operational purposes.

7. Data Security

We use industry-standard measures to protect your data: encrypted connections (TLS), hashed passwords (bcrypt), secure API key storage, PKCE for OAuth flows, and token rotation for sessions. Submission data is stored in PostgreSQL with tenant isolation - each user can only access their own data.

8. Your Rights

You can:

  • Access and export your submission data via the API or dashboard
  • Delete individual submissions or entire forms
  • Update your account information in settings
  • Delete your account and all associated data
  • Disable AI processing on any form at any time

For data access or deletion requests, contact us at support@usepostbox.com.

9. Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies, analytics cookies, or third-party advertising cookies. The only cookies set are the session cookie and CSRF protection token, both required for the Service to function.

10. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal information, contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email. The "Last updated" date at the top indicates when this policy was last revised.

12. Contact

For privacy-related questions or requests, contact us at support@usepostbox.com.