Privacy Notice

TrackALetter processes information such as your name, email address, verification status, authentication records, account settings, and security events. Passwords are stored only as secure hashes, never as readable plaintext.

TrackALetter processes recipient and return addresses, mailpiece details, address-standardization results, label status, provider identifiers, tracking references, shipment history, refund status, and postage-adjustment records to operate and support the service.

Label PDFs can contain names, addresses, barcodes, and tracking information. They are stored in private object storage and served through authenticated, owner-checked routes. Restricted administrators may access a label only for legitimate support, security, or operational purposes.

Stripe processes card and eligible wallet payments. TrackALetter does not store full card numbers or CVCs. It retains limited payment identifiers, amounts, status, and audit records needed for purchases, Balance, auto-refill, refunds, fraud prevention, and reconciliation.

If you use Google OAuth, TrackALetter receives the account information Google makes available for sign-in, such as a verified email address, name, and provider account identifier. TrackALetter does not receive your Google password.

Resend or another configured email provider may process your email address and message-delivery information for verification, password reset, account notices, and operational alerts. Support messages may be retained with related account or order records so TrackALetter can investigate and respond.

Pitney Bowes and USPS-related systems receive mailing information needed for address services, rates, labels, tracking, refunds, and postage adjustments. Hosting, database, private file storage, and rate-limiting providers process data as needed to operate and secure the service.

TrackALetter uses operational logs, append-only audit records, and services such as Sentry for sanitized diagnostics and security monitoring. AuditLog records support transaction integrity, idempotency, refunds, Balance activity, auto-refill, provider reconciliation, and administrative review. These records may include a user or transaction identifier, operation name, amount, status, timing, and a sanitized error. They are designed to exclude passwords, full card data, provider credentials, raw authorization headers, private label files, and full provider payloads.

Essential cookies and similar session technology keep you signed in, protect account-only pages, maintain security, and help prevent abuse. See the Cookie Policy for more information.

TrackALetter uses information to authenticate users, provide mailing services, process payments and refunds, maintain Balance, prevent fraud and abuse, troubleshoot failures, meet legal and accounting obligations, communicate with users, and improve service reliability.

Information is retained for as long as reasonably needed for active accounts, transactions, shipment retrieval, refunds, reconciliation, accounting, security, fraud prevention, legal obligations, disputes, and support. Retention can vary by record type and provider requirement. Records are deleted or de-identified when they are no longer reasonably needed, subject to legal and operational holds.

Submit a privacy request through the Contact page using your account email and a clear description of the request. We may need to verify your identity. Some records may be retained for legal, accounting, security, fraud-prevention, or dispute purposes.

Where required by applicable law, eligible users may have the right to know or access personal information, request deletion, request correction, opt out of sale or sharing where applicable, limit certain uses of sensitive personal information where applicable, and receive equal service without unlawful discrimination for exercising a privacy right.

Based on TrackALetter's current practices, TrackALetter does not sell personal information. TrackALetter also does not share personal information for cross-context behavioral advertising. If those practices change, this notice and any required choices will be updated before the change takes effect.

TrackALetter is not directed to children under 13, and it does not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact support so the situation can be reviewed.

TrackALetter uses server-side provider credentials, password hashing, encrypted transport, private label storage, authenticated ownership checks, rate limiting, restricted administrative access, audit trails, monitoring, and backups. No online service can guarantee absolute security.

For accessibility information, see the Accessibility Statement. Privacy questions and requests may be sent through the Contact page.