Enterprise
DPA / BAA
We-operate deployments of PostMTA Hosted enter into a Data Processing Agreement covering GDPR Art. 28 obligations and, where requested, a HIPAA Business Associate Agreement under §164.504(e). Submit compliance requirements via the contact form and we will return a countersigned DPA within five business days.
DPA scope (we-operate)
- Subject matter — outbound mail delivery + contact intake via appliance.
- Roles — PostMTA = Processor; Customer = Controller.
- Sub-processors — listed at /trust/subprocessors; 30-day change notice for any addition.
- Data categories — From/To headers, message bodies, contact form submissions, audit logs (no special categories unless the customer sends them).
- Retention — contact intake 90 days; credit ledger append-only until workspace deletion.
- Security controls — PMH-SEC matrix (CC6-equivalent).
- Breach notification — within 72 hours of confirmed unauthorized access; we-operate customers receive PagerDuty push.
- Audit rights — on-site customers get full PMH-SEC table; we-operate customers receive quarterly attestation reports.
BAA scope (HIPAA)
- Permitted uses include transmission of PHI through the appliance; receipt-side delivery only.
- Subcontractors — see /trust/subprocessors; same 30-day change notice.
- Safeguards — TLS in transit; scrypt-hashed credentials; RLS-locked DKIM secrets (PMH-SEC-023).
- Breach notification — within 60 days of discovery to the customer contact of record, with the §164.410 carve-out.
- Termination — on customer request, return or destroy PHI within 30 days (excluding legal hold windows).
Customer-VPC mode
PostMTA Hosted running in customer-VPC mode does not require a DPA with PostMTA — the customer's appliance processes only their own data inside their trust boundary. PMH-SEC controls and the operator runbook at Production runbookremain their primary controls.
- ComplianceSOC 2-aligned
- DeploymentManaged appliance · On your VPC
- Statushosted.postmta.com/status
- IncidentsNo open incidents