TruePost helps developers receive, validate, and deliver form submissions. This policy explains what we collect, why, and how you can control it.
When you operate a form on TruePost, you are the controller of the submissions that arrive at it; we process those submissions on your behalf.
To operate the service: store submissions, run spam scoring and optional AI validation, deliver accepted submissions to the integrations you configure, and keep audit logs.
To run accounts: authenticate you, send account and billing email, enforce plan quotas, and respond to support requests.
We do not sell personal data and we do not use submission contents to train third-party AI models beyond the per-request validation you choose to enable.
Submissions remain available in your account unless you delete them or close your account. Delivery logs are pruned daily after the configured delivery-log retention window.
Account and billing records are kept while your account is active and for a short period after closure to meet legal and accounting obligations.
Traffic is served over TLS. Passwords are hashed. Two-factor authentication and passkeys are available. We restrict access to production systems and follow the principle of least privilege.
Depending on your jurisdiction, you have rights to access, correct, export, restrict, or delete your personal data. You can export a copy of your data from Settings → Profile, and you can delete your account from the same page. For other requests, email us.
We may update this policy as the product evolves. When we make material changes we will update the date above and, where appropriate, notify account holders by email.