TRUST

Trust & Compliance

Healthcare practices, financial services, and regulated industries make up a large share of PostKnock's customers. We take that seriously. Below is the plain-English version of how we handle privacy, compliance, and security.

Healthcare

HIPAA Approach

Why marketing contact data isn't PHI, how the product is designed to keep it that way, why no BAA is required, and per-vertical templates that follow HIPAA-aware design rules.

Read →

Privacy

Privacy Policy

What data PostKnock collects, how it's stored, who it's shared with (our print/mail subprocessor handles print and USPS submission; Stripe handles billing), and how to exercise your rights.

Read →

Legal

Terms of Service

The agreement covering account use, billing, acceptable content, and the limits of postcard mailings under USPS rules.

Read →

Coming

SOC 2 Type II

SOC 2 Type II audit is on the roadmap for our infrastructure. We're already enforcing single-tenant data isolation, encrypted at rest and in transit. Email legal@postknock.com for our current security overview document.

In Place

Payment Processing

Billing and card storage are handled by Stripe (PCI DSS Level 1). PostKnock never sees or stores raw card numbers — checkout and saved-card flows run inside Stripe's iframe. Failed charges, refunds, and dispute notifications come through verified Stripe webhooks.

Questions?

Compliance and security questions go to legal@postknock.com. Vendor security questionnaires and data-processing agreements all start at the same address. PostKnock does not sign Business Associate Agreements — see our HIPAA approach for why.