Posthawk
Legal

Privacy Policy

Last updated — March 2, 2026

Introduction

This Privacy Policy describes how Posthawk ("we", "us", or "our") handles information when you use our open source email infrastructure platform. Posthawk is a self-hosted platform — meaning you deploy it on your own infrastructure and maintain full control over your data.

Information We Collect

When you create an account on a Posthawk instance, we collect the information you provide during registration, such as your name, email address, and password. When you use the platform to send or receive emails, the content and metadata of those emails are processed through your self-hosted instance. We also collect basic usage data such as login timestamps and API request logs to maintain the security and stability of the platform.

How We Use Your Information

  • To provide and maintain the Posthawk platform
  • To authenticate your identity and manage your account
  • To process and deliver emails through your configured email provider (e.g., AWS SES)
  • To monitor system health and prevent abuse
  • To respond to your support requests or inquiries

Data Storage & Security

Since Posthawk is self-hosted, your data resides on your own infrastructure. You are responsible for securing your deployment, including your database (Supabase/PostgreSQL), Redis instance, and email provider credentials. We recommend following security best practices such as encrypting data at rest, using secure connections (TLS/SSL), and regularly updating your Posthawk deployment. Sensitive credentials like API keys and SMTP passwords are stored using Supabase Vault for encryption at rest.

Third-Party Services

Posthawk integrates with third-party services to provide its functionality. When you configure an email provider such as AWS SES, your email data is transmitted through that provider according to their terms and privacy policies. We encourage you to review the privacy policies of any third-party services you integrate with your Posthawk deployment.

Your Rights

Because Posthawk is self-hosted, you have full control over your data at all times. You can access, modify, export, or delete any data stored in your Posthawk instance directly through your database. If you are using a managed Posthawk instance hosted by us, you may contact us to exercise your data rights, including the right to access, correct, or delete your personal information.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated revision date. We encourage you to review this policy periodically to stay informed about how we handle your information.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please reach out to us at privacy@posthawk.dev or open an issue on our GitHub repository.