Privacy Policy

Last updated: May 13, 2026

1. What we collect

When you create an account, we collect your email address, name, and optionally your business name and phone number. When you place an order, we collect the job site address you provide and your payment method through our payment processor, Stripe. PostDragon does not store your full credit card number.

We also collect usage data automatically — including IP address, browser type, pages visited, and referring URLs — through server logs and analytics tools. This data is used to maintain and improve the service.

2. How we use your information

We use the information we collect to:

  • Create and maintain your account
  • Process and fulfill your direct mail orders
  • Send transactional emails about your orders (confirmation, status updates)
  • Respond to support requests
  • Improve the product and diagnose technical issues
  • Comply with legal obligations

We do not sell your personal information to third parties. We do not use your customer data to build advertising audiences or share it with data brokers.

3. Address data

PostDragon uses publicly available address data to identify owner-occupied residential properties near the job site addresses you provide. This address data is sourced from third-party providers and public records. We do not share the job site addresses you enter with any party other than our fulfillment partners (print and mail vendors) as necessary to fulfill your order.

4. Third-party services

We use the following third-party services to operate PostDragon:

  • Stripe — payment processing
  • Resend — transactional email delivery
  • Google Analytics — aggregate usage analytics (anonymized)
  • Cloudflare Turnstile — bot protection on forms
  • Railway — cloud hosting infrastructure

Each service has its own privacy policy governing the data they process on our behalf.

5. Cookies

We use cookies to maintain your login session (via NextAuth) and to support analytics. By using PostDragon, you consent to this use of cookies. You can disable cookies in your browser, but doing so will prevent you from logging in or using the app.

6. Data retention

We retain your account information and order history as long as your account is active. If you request account deletion, we will delete your personal information within 30 days, except where we are required to retain it for legal or billing purposes.

7. Your rights

You can update your account information at any time from your dashboard. To request deletion of your account and associated data, email us at [email protected]. If you are located in the European Economic Area, you have additional rights under the GDPR including the right to access, correct, or port your data. Contact us to exercise these rights.

8. Security

Passwords are hashed using bcrypt before storage. Payment data is handled entirely by Stripe and never touches our servers. We use HTTPS for all data transmission. While we take reasonable precautions, no system is completely secure, and we cannot guarantee the absolute security of your information.

9. Children

PostDragon is not directed at children under 13, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

10. Changes to this policy

We may update this privacy policy from time to time. We will notify registered users of material changes by email. Continued use of PostDragon after changes take effect constitutes acceptance of the revised policy.

11. Contact

Questions about this privacy policy can be sent to [email protected].