Privacy & cookies
Who we are
Postio is a trading name of Onno Group Limited, registered in England & Wales (company no. 08622799). Registered office: Suite 22 Trym Lodge, 1 Henbury Road, Westbury-On-Trym, Bristol BS9 3HQ. We are the data controller for the information described here. Contact us at postio.co.uk/contact.
What we collect
Account data: name, email, Argon2id password hash, company name. Billing data: Stripe customer id, card brand, last four digits, expiry (the full card number is handled by Stripe — we never see it). Usage data: every API request — the postcode/email/phone queried, status code, latency, and key used. The queried value is obfuscated once the log passes its retention window (see below). Nothing else.
Data you send us (queries)
When you call the API to look up an address, email or phone, the query may contain personal data about your own customers. For that query data you are the data controller and we act as your processor — we use it only to return a result and to keep the request log described above. We never sell it, profile it, or use it to train anything.
What we don't collect
No third-party trackers. No advertising pixels. No session recording. No analytics SDKs. Our site logs are kept for 7 days for debugging and then discarded.
Legal basis
Contract: processing is necessary to deliver the API service you signed up for. Legal obligation: retaining account records for HMRC, and meeting the reporting and compliance terms of our Royal Mail PAF licence. Legitimate interest: fraud prevention and service improvement. Consent: the Crisp chat widget, only if you open it.
Where it lives
Your account, billing and address & email query data are hosted in the UK (AWS eu-west-2, London region). The one exception is phone validation: to run a live network (HLR) lookup, the phone number is sent to our telecoms sub-processor Telnyx in Ireland (EU). Otherwise nothing is replicated outside the UK. Royal Mail PAF data is licensed and held under our Royal Mail PAF Data Solutions Provider Licence and Data Supply Agreement.
Sub-processors
We rely on these third parties to deliver the service: Stripe Payments Europe (Ireland) for card processing; Amazon Web Services (London) for infrastructure and email delivery; Cloudflare (UK) for site hosting, caching, DDoS protection; Telnyx (Ireland) for phone number validation (live HLR lookup); Crisp IM SAS (France) for the optional live chat widget. Each holds data under their own terms and privacy policy.
Royal Mail PAF compliance
As a licensed Royal Mail PAF Solutions Provider, we report PAF usage to Royal Mail and must let it verify licensed use. Where Royal Mail reasonably requires it, we share your business identity (such as company name, number and registered office) and a summary of your usage volumes — never the addresses, emails or numbers you query — and Royal Mail may contact you about compliance. Royal Mail is a separate data controller for what we share. The detail is in our PAF End User Terms.
How long we keep it
Account data: for the life of your account plus 6 years after closure (HMRC requirement, and the record-keeping period our Royal Mail PAF licence requires). Request logs: the queried postcode/email/phone is obfuscated once the log passes its retention window — 30 days by default, and you can set any window from 1 to 999 days per API key from the dashboard. The de-identified row (timestamp, status, latency, key) is kept for usage analytics. Card tokens: held by Stripe until you delete them. Audit logs: 1 year. The usage summaries we report to Royal Mail draw on the billing records already kept for 6 years above — never the queried values, which are obfuscated on the schedule above.
Your rights
Under UK GDPR you can access, correct, port, or delete your personal data, or object to processing. Send the request via postio.co.uk/contact and we'll respond within 30 days. You can also complain to the Information Commissioner's Office (ico.org.uk).
Cookies
Three essential cookies only: session ID, CSRF token, and a theme preference. No analytics. No advertising. No third parties. That's why there's no cookie banner — we don't need your consent for strictly-necessary cookies.
Crisp chat
If you use the chat widget, Crisp (EU-hosted) processes your messages on our behalf. The widget only loads if you open it — not on page load.
Stripe
Card details are handled by Stripe under their own privacy policy. We store a customer ID, card brand, last four digits, and expiry date, nothing more.
Changes
We post updates here with a new "last updated" date. Material changes are also emailed to you.
Contact
postio.co.uk/contact — privacy enquiries get priority and route to the same inbox as everything else.