Legal · updated Sat Jul 11 2026 17:00:00 GMT-0700 (Pacific Daylight Time)
Privacy Policy
PostMTA Hosted is a self-hosted outbound MailOps appliance. Personal data processing for this website (marketing, contact form, docs) is summarized below; the operator-side handling is documented in the trust center.
What we collect
- Contact form submissions: company, work email, volume tier, use case, deployment preference, optional notes. Stored in Postgres on the appliance that receives the submission. Used to respond and never sold.
- Cookie consent: Reject / Accept only; Google Consent Mode v2 signals.
- Server logs (Nginx/Caddy, panel API): IP, user agent, status, route — kept on the appliance, retention under operator control.
Subprocessors
- Google Fonts (marketing CSS)
- Supabase (auth + storage on the appliance)
- Stripe (only when
STRIPE_*is set; otherwise air-gap grant-only)
See trust/subprocessors for the canonical list.
Data residency
Self-hosted by design — your appliance, your data.
Contact
See contact or the README SECURITY.md for a coordinated
disclosure path.