Postie Privacy Policy
Last updated: April 29, 2026 Effective date: April 29, 2026
This Privacy Policy describes how Ready Get LLC, a North Carolina limited liability company doing business as Postie ("Ready Get," "Postie," "we," "us," or "our"), collects, uses, shares, and protects personal information in connection with the Postie mobile application, the websites at trypostie.com and app.trypostie.com, and all related services (collectively, the "Service").
This Policy is incorporated into, and forms part of, our Terms of Service. Capitalized terms not defined here have the meanings given to them in the Terms of Service.
Quick summary. We collect what we need to send physical postcards on your behalf and run a stable, secure consumer service: your email and sender profile, the contact information for the recipients you tell us about, the photos and messages you choose to put on a postcard, payment-tokenization references (we don't store card numbers), and standard product-analytics and error-diagnostics data. We don't sell or rent personal information, we don't run advertising, and we don't share data with data brokers or ad networks. We don't track you across other companies' apps or websites. The Service is offered only in the United States.
1. Scope
This Policy applies to:
- Users. People who create a Postie Account and use the Service to send Postcards or otherwise interact with the app or websites.
- Recipients. People to whom Users direct Postcards or Address Requests. We process limited information about Recipients on behalf of Users (Section 4.2 and Section 6.2).
- Visitors. People who browse the marketing website at trypostie.com without creating an Account.
This Policy does not apply to (a) third-party apps, websites, or services that integrate with or link to the Service, which are governed by their own privacy practices, or (b) personal information that we hold in an employer / employee, contractor, investor, or commercial-counterparty capacity.
2. Geographic Scope
The Service is offered only to users and Recipients located in the United States (the fifty states and the District of Columbia). We do not knowingly direct the Service to, or accept Accounts or addresses from, persons outside the United States. The data practices described in this Policy are intended to satisfy applicable U.S. federal and state privacy laws.
3. Information We Collect
3.1 Information you give us directly
| Category | Examples |
|---|---|
| Account information | Email address; one-time passcodes used to authenticate sign-in. |
| Sender profile | Display name; full U.S. return address (street, city, state, ZIP). The return address is printed on every Postcard you send. |
| Postcard content | The photo(s) you select, the caption or message you write, your selected font and template choices, any per-Recipient personalization. |
| Recipient and contact information | For each Recipient you add — name, mailing address (where provided), email address (optional), and mobile telephone number (optional). |
| Communications with us | Messages you send to service@trypostie.com, support requests, content reports, and feedback. |
| Payment-method input | Card or bank-account details you enter at checkout. These details are sent directly to our third-party payment processor and are not stored on our systems; we receive only a tokenized reference, the last four digits, brand, and expiration date. |
3.2 Information collected automatically when you use the Service
| Category | Examples |
|---|---|
| Device and technical information | Operating system, device model, app version, device language, time zone, app session timestamps. |
| Usage / interaction data | Screens viewed, features used, in-app events (for example, postcard_started, photo_selected, postcard_sent, paywall_viewed, subscription_completed). Linked to your Postie user identifier. |
| Diagnostic and crash data | Crash reports, stack traces, error logs, generated when the app encounters an error. We configure our error-tracking provider to strip personally identifying information by default (see Section 5). |
| Push-notification token | A device-linked token used to deliver push notifications to your device. |
| Network metadata | IP address (used for security, fraud prevention, and to estimate the U.S. state for tax purposes during checkout). IP addresses are not used for advertising or for cross-site tracking. |
| Cookies and similar technologies (websites) | We use a small number of strictly-necessary cookies and local-storage entries to operate trypostie.com and app.trypostie.com (for example, to maintain a sign-in session or remember a sort/filter preference). We do not use third-party advertising cookies. |
3.3 Information collected on-device only (never sent to us)
The Service performs certain processing entirely on your device. The following data does not leave your device unless you specifically choose to send a Postcard:
- Photo aesthetic scoring. The app evaluates the aesthetic quality of the photos you browse to help surface candidate photos for a Postcard. This analysis runs locally using your device's processor; the photo data and scores are not transmitted to our servers. Scores are stored in a local database on your device.
- 3D Postcard preview. The interactive Postcard preview renders entirely on your device's GPU.
- Photo-library access. When you grant photo-library access, the app reads only the photos you actively select; we do not scan, index, or upload your photo library.
- Contacts access (when granted). When you grant access to your device's contacts, the app reads contacts locally to populate recipient suggestions. Contacts you have not added as Recipients in the app are not transmitted to our servers.
3.4 Information about Recipients
When you, as a User, add a Recipient or send a Postcard or Address Request, we receive and process information about the Recipient (name, mailing address, email address, mobile telephone number, the Postcards you direct to them, and any address-confirmation responses they provide). See Section 4.2 for how we treat this information and Section 8.5 for the rights Recipients can exercise.
3.5 Information we do not collect
For clarity, we do not collect:
- Precise or background geolocation. The Service does not request location permissions or collect GPS data.
- Biometric identifiers (such as fingerprints, face geometry, or voiceprints).
- Health, fitness, or medical information.
- Government identifiers (such as Social Security numbers or driver's-license numbers).
- Audio recordings. The Service does not record or transmit audio. (Some platform OSes may surface a generic microphone permission inherited from a software dependency; that permission is not exercised by the Service.)
- Cross-app or cross-site browsing activity. The Service does not use advertising identifiers (IDFA / GAID) and does not share data with advertising networks or data brokers.
4. How We Use Personal Information
4.1 Uses common to all Users
We use personal information to:
- Provide the Service — authenticate sign-in, process Postcard orders, calculate and apply Credits, manage your Subscription, send Address Requests on your behalf, and deliver delivery-status updates.
- Process payments and taxes — charge your payment method through our third-party payment processor, calculate applicable sales tax at checkout based on your shipping address, issue receipts, and handle refunds and disputes.
- Communicate with you — send transactional notifications by email, push, and (where applicable) text message about your Postcards, Subscription, Credits, Account, and referral activity. Send marketing email if you have not unsubscribed (you can unsubscribe at any time without affecting transactional messages).
- Operate, secure, and improve the Service — diagnose bugs, monitor system health, improve features, and detect, investigate, and prevent fraud, abuse, and security incidents.
- Comply with legal obligations — including tax, accounting, anti-fraud, and consumer-protection requirements; respond to legal process; and enforce our Terms of Service.
4.2 Uses related to Recipients
For Recipients, we use the limited information you provide solely to:
- send the specific Postcard or Address Request you have directed to that Recipient;
- if the Recipient confirms an address through the Address Request flow, store that address in your Account so you can reuse it for future Postcards to that Recipient;
- maintain records of what was sent to whom (for delivery tracking, fraud prevention, abuse investigation, and legal compliance); and
- honor any opt-out, suppression, or "do not contact" instructions we receive from the Recipient (Section 8.5).
We do not market to Recipients on our own behalf. We do not sell Recipient information.
4.3 De-identified and aggregate information
We may de-identify or aggregate personal information (so that it no longer reasonably identifies any individual) and use that information for any lawful business purpose, including measuring product performance and reporting on aggregate Service usage.
5. How We Share Personal Information
We do not sell personal information for monetary consideration, and we do not share personal information with advertisers or data brokers. We do not engage in "cross-context behavioral advertising" or otherwise share personal information with third parties for their own advertising purposes.
We share personal information only as described below.
5.1 Service providers
We share personal information with the following service providers, each of which is engaged under a written agreement that limits their use of the data to what is necessary to provide services to us:
| Category of provider | Purpose | Categories of data shared |
|---|---|---|
| Cloud infrastructure provider | Authentication, database, file storage, server-side processing, real-time messaging, application logs | Account, sender profile, contact and Recipient information, Postcard content, Subscription and Credit records, server-side logs |
| Print and mail partner | Postcard printing, addressing, physical mailing, delivery tracking, mailing-address verification | Recipient name and address, sender return address, Postcard photo and message |
| Payment processor (PCI DSS Level 1 certified) | Payment processing, subscription billing, sales-tax calculation at checkout, dispute handling | Payment-method tokens, name, billing/shipping address (used for tax calculation), email, transaction amounts |
| Transactional email service | Delivery of transactional email (sign-in passcodes, Address Requests, billing receipts, plan changes, credit-expiry warnings, referral notifications) | Sender and Recipient first names, email addresses, message content |
| Mobile messaging service | Delivery of transactional text messages (Address Requests sent on a User's behalf to a Recipient's mobile telephone number, including by SMS, MMS, RCS, or any successor protocol) | Recipient mobile telephone number, message content |
| Product-analytics processor | Product analytics under a written processor agreement (we are the data controller; no cross-app or cross-site tracking; no advertising identifiers) | Postie user identifier, device identifier, in-app event records |
| Application error / crash-reporting service | Application error and crash reporting | Stack traces, device and OS metadata; configured to strip personal identifiers by default |
| Operating-system push-notification services (provided by your device platform) | Delivery of push notifications to your device | Device-linked push tokens, notification payloads |
| Content-delivery and security infrastructure | DNS, content delivery, denial-of-service protection for our websites | IP address, request metadata |
We may, from time to time, change the specific service providers we engage within these categories. If you would like to know the specific service provider(s) we currently use in any of these categories, you may request that information by emailing service@trypostie.com.
5.2 Sharing at your direction
When you send a Postcard, we deliver the photo, message, return address, and Recipient address to our print and mail partner so that the Postcard can be physically printed and placed in the U.S. mail. The mailpiece is then handled by the United States Postal Service, which is independent of us. When you direct an Address Request, we deliver the corresponding email and/or text message to the Recipient through the providers listed in Section 5.1.
5.3 Compliance with law and protection of rights
We may disclose personal information when we reasonably believe doing so is necessary to:
- comply with applicable law, regulation, or valid legal process (such as a subpoena, court order, search warrant, or other lawful demand);
- enforce our Terms of Service or other agreements;
- detect, investigate, prevent, or respond to fraud, security incidents, abuse, or other illegal activity; or
- protect the rights, property, life, or safety of any person, including our Users, Recipients, employees, and the public.
We commit to not voluntarily disclosing personal information in response to government requests except as required by law or to address a credible threat to safety. We will, where lawfully permitted, provide notice to affected Users before disclosing data in response to legal process.
5.4 Business transfers
If Ready Get is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of its assets, personal information may be transferred to the successor or acquirer as part of that transaction. We will require the successor to honor the commitments in this Policy or provide affected individuals with notice and a meaningful opportunity to delete their data before any change applies.
5.5 With your consent
We may share personal information for purposes not described in this Policy with your specific consent.
6. The Address Request Flow
6.1 What happens
If you, as a User, want to send a Postcard to someone whose mailing address you do not have, you may direct us to send an Address Request on your behalf to the email address or mobile telephone number you provide for that Recipient. The Address Request:
- identifies you, by your sender profile name, as the requester;
- explains that the Recipient is being asked to provide a mailing address so that you can send them a Postcard;
- includes a one-time link to a confirmation page hosted at app.trypostie.com where the Recipient can voluntarily submit, edit, or decline to provide an address; and
- includes opt-out instructions for messages sent to a mobile telephone number, where required by applicable law.
6.2 Information about Recipients
We process the Recipient's name, email address, and mobile telephone number (as you provide them), the IP address from which a confirmation page is loaded (for security), and any address the Recipient submits, for the purposes described in Section 4.2. Address Requests expire if the Recipient does not respond within the request window; on expiration, the unused Credit is restored to the User and the request is cleaned up automatically.
6.3 Recipient choice
A Recipient is never required to confirm an address or create an Account. A Recipient may ignore an Address Request, decline through the confirmation page, reply STOP to opt out of further text messages, or contact us at service@trypostie.com to request that we suppress further Postie messages directed to them.
7. Cookies and Similar Technologies
7.1 Mobile app
The mobile application does not use third-party advertising SDKs or cross-app tracking. It uses local device storage (such as UserDefaults on iOS / SharedPreferences on Android) only for app-functionality purposes (session maintenance, draft state, on-device photo scores).
7.2 Websites
Our websites at trypostie.com and app.trypostie.com use the following limited categories of cookies and local-storage entries:
- Strictly necessary — sign-in session cookies, CSRF tokens, load-balancer affinity. Required for the site to function.
- Functional — remember your preferences (such as a sort order or theme).
- Analytics — measure aggregate site usage. We do not place advertising cookies, and we do not allow third parties to place tracking cookies via our websites.
You can clear or block cookies through your browser settings; doing so may affect your ability to sign in or use certain features.
We honor Global Privacy Control (GPC) signals received from supported browsers, treating them as an opt-out of "sale" or "sharing" of personal information for residents of states whose laws treat GPC as a valid opt-out signal.
8. Your Privacy Choices and Rights
8.1 Universal choices (available to all Users)
- Update your profile — update your sender profile, contacts, and notification preferences from within the app's settings.
- Email marketing opt-out — unsubscribe from marketing emails using the link in the email or by adjusting notification preferences in the app. Transactional messages are part of the Service and are sent regardless of marketing preferences (see Section 10 of the Terms of Service).
- Push notifications — disable through your device's operating-system settings or through the app's notification preferences.
- Text messages — reply STOP to opt out of further text messages from the Service. (See Section 10.3 of the Terms of Service for protocol-specific notes.)
- Permissions — revoke device-level permissions (camera, photo library, contacts, notifications) at any time through your operating-system settings. Some features will not work without certain permissions.
- Account deletion — close your Account and request deletion of your personal information at any time by emailing service@trypostie.com. We will verify the request through the email address on your Account.
8.2 Rights under U.S. state privacy laws
Depending on the U.S. state in which you reside, you may have one or more of the following rights with respect to the personal information we hold about you:
| Right | What it means | Available to residents of |
|---|---|---|
| Right to know / access | Confirm whether we process your personal information and obtain a copy or summary | All states with comprehensive privacy laws (see list below) |
| Right to correct | Correct inaccurate personal information | CA, VA, CO, CT, UT (limited), TX, OR, FL, MT, IA (limited), IN, TN, DE, NJ, NH, MN, MD, KY, RI |
| Right to delete | Request deletion of personal information we have collected from you | All listed states |
| Right to portability | Receive your personal information in a portable, machine-readable format | CA, VA, CO, CT, TX, OR, FL, MT, IN, TN, DE, NJ, NH, MN, MD, KY, RI (varies) |
| Right to opt out of "sale" or "sharing" | Direct us not to sell or share personal information for cross-context behavioral advertising | CA, VA, CO, CT, TX, OR, FL, MT, IN, TN, DE, NJ, NH, MN, MD (where applicable) — we do not sell or share personal information for cross-context behavioral advertising in any state |
| Right to opt out of profiling / automated decision-making | Opt out of profiling that produces legal or similarly significant effects | CA, CO, CT, TX, OR, MT, IN, TN, DE, NJ, NH, MN, MD (varies) — we do not engage in such profiling |
| Right to limit use of sensitive personal information | Limit our use of sensitive personal information to providing the Service | CA, FL, others (varies) — we do not collect "sensitive personal information" as defined under those statutes for purposes other than providing the Service |
| Right to non-discrimination / non-retaliation | Not be discriminated against for exercising privacy rights | All listed states |
| Right to appeal | Appeal a denial of a privacy-rights request | VA, CO, CT, TX, OR, MT, IN, TN, DE, NJ, NH, MN, MD, KY |
The states with comprehensive privacy laws as of the effective date of this Policy include California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Florida (FDBR), Montana (MCDPA), Iowa (ICDPA), Indiana (INCDPA), Tennessee (TIPA), Delaware (DPDPA), New Jersey (NJDPA), New Hampshire (NHPA), Minnesota (MCDPA), Maryland (MODPA), Kentucky (KCDPA), and Rhode Island (DTPPA). Other states may enact similar laws after the effective date of this Policy; we will honor rights granted by any new applicable law without requiring an update to this Policy.
8.3 How to exercise your rights
Send a written request to service@trypostie.com with the subject line "Privacy Rights Request" and include:
- your full name and the email address associated with your Postie Account;
- a description of the right you wish to exercise; and
- enough information to verify that you are the person whose personal information is at issue.
We will respond to verifiable requests within the time required by applicable law (generally 45 days, with the possibility of one 45-day extension for complex requests). We will not charge a fee unless the request is manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable fee or decline the request as permitted by law.
You may use an authorized agent to submit a request on your behalf. We will require proof of the agent's authority and may require you to verify your identity directly with us.
If we deny your request in whole or in part, you have a right to appeal in any state where appeal rights apply. Send your appeal to service@trypostie.com with the subject line "Privacy Rights Appeal." We will respond to appeals within the time required by applicable law (generally 60 days). If your appeal is denied, you may contact your state attorney general's office.
8.4 California-specific disclosures (CCPA / CPRA)
Categories of personal information collected, by source and purpose
In the preceding 12 months we have collected the following categories of personal information about California residents:
| CCPA category | Specific data | Source | Business or commercial purpose |
|---|---|---|---|
| Identifiers (Cal. Civ. Code § 1798.140(o)(1)(A)) | Name, email, mailing address, mobile telephone number, Postie user identifier, device identifier, IP address | Directly from you; from your device; automatically | Service provision, security, communications |
| Customer-record information | Sender profile, contact information for Recipients, Subscription and Credit records | Directly from you | Service provision, billing, fraud prevention |
| Commercial information | Postcard purchase history, Subscription history, payment-method token | Directly from you; from our payment processor | Service provision, billing, accounting |
| Internet or other electronic-network activity information | App interactions, screen views, in-app events; cookie identifiers and similar | Automatically | Product analytics, security, debugging |
| Visual information | Photos you select for Postcards; images you upload | Directly from you | Service provision (printing) |
| Inferences | Limited inferences drawn from your in-app activity to surface relevant features | Automatically | Service improvement |
"Sale" and "sharing" of personal information
We do not sell personal information for monetary consideration, and we do not share personal information for cross-context behavioral advertising, in California or any other state. We do not have actual knowledge of selling or sharing the personal information of consumers under 16 years of age.
Sensitive personal information
We do not use or disclose "sensitive personal information" (as defined in the CPRA) for purposes other than providing the Service, performing services on your behalf, or as otherwise permitted under Cal. Civ. Code § 1798.121.
Retention
See Section 9.
Notice of financial incentive
We do not offer financial incentives or price/service differences in exchange for the retention or sale of personal information.
Shine the Light
California residents may request information about our disclosures of certain personal information to third parties for direct-marketing purposes under Cal. Civ. Code § 1798.83. We do not disclose personal information to third parties for their direct-marketing purposes.
8.5 Recipient rights (non-Users)
Recipients who are not Postie Account holders have the same rights described above with respect to information about them in our systems. To exercise those rights, email service@trypostie.com and identify yourself by reference to (a) the email address or mobile telephone number to which the Postcard or Address Request was directed, and (b) where helpful, the date of the message and the sender's name as it appeared. We will verify the request and may ask for additional information before fulfilling it. You may also request that we suppress further Postie messages directed to your email address or mobile telephone number, and we will honor that request prospectively.
8.6 No retaliation
We will not deny goods or services, charge different prices, or provide a different level or quality of service in response to your exercise of any privacy right.
9. Data Retention
We retain personal information only for as long as we have a legitimate business need or legal requirement to do so. The following table sets out our default retention periods, subject to extension where required for legal, accounting, audit, fraud-prevention, or dispute-resolution reasons.
| Data | Default retention |
|---|---|
| Account information (email, sender profile) | While your Account is active; deleted (or de-identified) within 30 days after Account closure, except where retention is required by law (e.g., tax records) |
| Postcard content (photos, messages) | While your Account is active; deleted within 30 days after Account closure or upon your request, subject to brief residual retention in encrypted backups (Section 9.1) |
| Recipient and contact information | While the Recipient is in your contacts and your Account is active; deleted when you delete the contact or close your Account, or upon a Recipient's verified request under Section 8.5 |
| Address Request tokens | Until the request expires (up to the request window), then deleted automatically |
| Subscription, Credit, and transaction records | Up to 7 years after the relevant transaction, for tax, accounting, audit, and dispute-resolution purposes |
| Payment-tokenization references | While needed to support refunds, chargebacks, and recurring billing |
| Server logs | Generally 30 to 90 days, longer where retained for security investigations |
| Crash and error reports | Default vendor retention (typically 90 days); de-identified by default |
| Analytics events | While needed for product analysis; aggregated/de-identified data may be retained indefinitely |
| Suppression / "do not contact" lists | Indefinitely, so that we can honor opt-out and suppression requests on an ongoing basis |
9.1 Backups
Personal information may persist in encrypted backups for a limited period after deletion from active systems. We do not restore deleted personal information from backups except as necessary for disaster recovery, in which case we will re-apply pending deletion requests promptly.
10. Data Security
We maintain administrative, technical, and physical safeguards designed to protect personal information, including:
- Encryption in transit using TLS for all client-server communications;
- Encryption at rest for personal information stored in our databases and object storage;
- Row-level security in our database, so that User-scoped data is accessible only to that User;
- Access controls that follow the principle of least privilege for our personnel and our service providers;
- PCI-DSS-compliant payment processing through a third-party payment processor (we do not store raw card numbers);
- PII scrubbing in error reports before they leave the device;
- Logging and monitoring of access to systems containing personal information; and
- Vendor-management diligence for service providers handling personal information.
No system can be guaranteed 100% secure. If you believe your Account or personal information has been compromised, contact us immediately at service@trypostie.com.
11. Children's Privacy (COPPA)
The Service is not directed to, and is not intended for use by, children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have inadvertently collected personal information from a child under 13, we will delete that information from our systems.
If you are between 13 and the age of majority in your state of residence, you may use the Service only with the consent and supervision of a parent or legal guardian (Terms of Service, Section 3.1).
We also recognize that Postcards may sometimes be addressed to minors. As described in Section 7.1 of the Terms of Service, Users may not send Postcards to children under 13 except where the User is the child's parent or legal guardian or has the express consent of a parent or legal guardian.
If you are a parent or guardian and believe a child has provided personal information to us or has received a Postcard or Address Request through the Service in a manner that concerns you, contact us at service@trypostie.com and we will take appropriate action, which may include deletion of the information and suppression of further messages.
12. Marketing and Promotional Activity
- We send marketing communications only by email and only with appropriate consent or where permitted by applicable law. You can unsubscribe at any time via the link in the email or in the app.
- The Service does not send marketing or promotional text messages to mobile telephone numbers — including by SMS, MMS, RCS, or any successor protocol (Terms of Service, Sections 10.3 and 25).
- We do not engage in cross-context behavioral advertising. We do not sell or share personal information with advertisers or data brokers.
13. Automated Decision-Making and Profiling
We do not use personal information to make decisions that produce legal or similarly significant effects about you (such as automated denial of service or credit) without meaningful human involvement. The Service's on-device aesthetic photo-scoring feature ranks photos for in-app display only; it does not result in any decision affecting your legal or material interests, and it operates entirely on your device (Section 3.3).
14. International Users
The Service is offered only to users and Recipients located in the United States, and personal information is processed and stored in the United States. We do not knowingly accept Accounts or address Postcards from outside the United States.
15. Changes to This Policy
We may update this Policy from time to time. If we make material changes, we will notify you (for example, by email to the address associated with your Account or by an in-app notice) at least 14 days before the change takes effect, except that changes to address legal, regulatory, security, or fraud concerns may take effect immediately.
If a material change expands the categories of personal information we collect, the categories of recipients with whom we share personal information, or the purposes for which we use personal information, in a manner that the affected individual would not reasonably expect, we will obtain affirmative consent where required by applicable law.
The "Last updated" date at the top of this Policy indicates when it was most recently revised. Prior versions are available on request to service@trypostie.com.
16. How to Contact Us
The Service is operated by Ready Get LLC, a North Carolina limited liability company doing business as Postie.
- Email (all privacy matters, including rights requests, suppression requests, complaints, and questions about this Policy): service@trypostie.com
- Website: https://trypostie.com
- App: https://app.trypostie.com
Registered office (for service of process): Ready Get LLC 4030 Wake Forest Road, Suite 349 Raleigh, NC 27609
Mailing address (for general correspondence): Ready Get LLC 11552 US Hwy 15-501 N, Suite 202 #118 Chapel Hill, NC 27517
If you have a privacy concern that we have not addressed satisfactorily, you may also contact your state attorney general's office. California residents may, in addition, contact the California Privacy Protection Agency.