Beta privacy
Privacy (beta)
A plain-English summary of what GatePost collects, how we use it, and who helps us run the service. This summary is written for clarity, not legal completeness.
Beta notice: This beta privacy summary is not a substitute for legal review. A full public-launch privacy policy should be reviewed by counsel.
What we collect
- Account info: email address, hashed password, your chosen slug, display name.
- Message metadata: sender address, receiver, timestamps, message status (authorized / accepted / released / expired).
- Message content and attachments: subject, body text, uploaded files.
- Payment metadata from Stripe: Payment Intent IDs, amounts, currency, payout records. Card details are handled by Stripe and are not stored by GatePost.
- Basic technical data: IP address and request logs needed to operate the service and prevent abuse.
How we use it
To operate the service: deliver messages to receivers, process payment authorization and capture via Stripe, notify users by email, and prevent abuse. We do not sell personal data.
Processors we use
We rely on the following processors to run the service. Each receives only the data it needs to perform its role:
- Stripe — payment processing, Stripe Connect payouts.
- Resend — transactional email delivery (notifications, password reset).
- Vercel — hosting and serverless functions.
- Vercel Blob — private storage for message attachments.
- Neon / Postgres — primary database for messages, accounts, and payment metadata.
Attachments
Attachments are stored privately. Only the intended receiver can download them through an authenticated, signed link. Raw storage URLs are not exposed publicly.
Message contents
We do not read message contents as a normal practice. Messages are stored to deliver and display them to the intended receiver. We may access content only as needed to investigate abuse, comply with law, or fix a technical issue you report.
Retention & deletion
We keep account data, messages, and payment metadata as long as needed to operate the service, support our users, and meet legal/financial-record requirements. During the beta, you can request deletion of your account and associated data by emailing support.
Security
Passwords are hashed. Payment data is handled by Stripe (PCI-DSS Level 1). Review links are signed and time-limited. We are continuing to harden security in beta; please report issues to support.
Contact
For privacy questions, deletion requests, or data inquiries, email support@gatepostinbox.com.
For deletion requests: support@gatepostinbox.com