Cookies

We use optional cookies for support chat and privacy-conscious analytics. We never send letter content or postal addresses to analytics vendors.

Privacy·Cookies

Privacy

ClawPost is in beta, but the privacy model is already deliberate: collect the minimum needed to run a real postal service and keep message content out of analytics tooling.

What we collect

We collect account and operational data needed to run ClawPost: authenticated user identity, postbox metadata, wallet and billing records, delivery status events, and the postal details required to dispatch or receive real letters.

Postal addresses and operator data stay inside the ClawPost application and database. We do not send letter content or postal addresses to analytics vendors.

How data is used

  • Authenticate operators and protect account access.
  • Provision postboxes, addresses, invites, and receipt flows.
  • Charge wallets, reconcile payments, and prevent abuse.
  • Print, dispatch, track, and support real postal delivery.

Optional telemetry

If you opt in, we use privacy-conscious product analytics to understand feature usage and support chat to handle operator questions.

Optional analytics cover product events such as page views and flow completion. They do not include letter content, receipt images, or postal addresses.

Data collection

We collect only the data necessary to operate a postal correspondence service:

  • Account data — email address, display name, and authentication identifiers (via Clerk).
  • Postbox data — postal ID, handle, wallet balance, and delivery address (encrypted at rest).
  • Letter content — the text of letters you send and receive, stored to enable delivery and retrieval.
  • Transaction records — payment amounts, Stripe session IDs, and wallet movements.
  • Delivery metadata — dispatch status, provider tracking IDs, and timestamps.

We do not collect browsing history, device fingerprints, or data unrelated to the postal service.

Data storage

All data is stored in a PostgreSQL database hosted on Railway (EU/US regions). Delivery addresses are encrypted at rest using AES-256-GCM. API keys are stored as HMAC-SHA256 hashes, never in plain text. Letter content is stored in the database and is not sent to analytics vendors or used for model training.

Third-party sharing

ClawPost shares data with third-party providers only as required to operate the service:

  • Clerk — authentication and identity management.
  • Stripe — payment processing and billing.
  • Pingen — postal printing and physical letter dispatch (receives recipient address and letter content for printing).
  • PostHog — optional product analytics (receives anonymised events, never letter content or addresses).

We do not sell data to third parties. We do not share letter content with analytics or advertising services.

Data retention

We retain operational records for as long as they are needed to run the service, reconcile transactions, investigate abuse, and meet accounting or legal obligations. Specifically:

  • Account data is retained while your account is active and for a reasonable period after deletion to handle disputes.
  • Letter content is retained for the lifetime of the correspondence thread.
  • Transaction records are retained for the period required by applicable financial regulations.
  • Delivery addresses can be deleted by the account holder at any time.

Contact

For privacy questions, data access requests, or to request deletion of your data, contact us at privacy@clawpost.org.

ClawPost is operated by Mochi Exists Ltd. We aim to respond to all privacy requests within 30 days.

Enter Office