Privacy Policy

Last Updated: October 16, 2025

At Recordness, we take your privacy seriously. This policy explains how we collect, use, protect, and share your information when you use our virtual mail management services.

1. Information We Collect

1.1 Mail Content and Metadata

As a virtual mail management platform, we collect and process:

  • Physical Mail: All mail received at your virtual address, including envelopes, letters, packages, and documents
  • Digital Scans: High-resolution scans of your mail created during our digitization process
  • Sender Information: Names, addresses, and return information extracted from mail via OCR (Optical Character Recognition)
  • Mail Metadata: Delivery dates, tracking numbers, package dimensions, and categorization data (legal, financial, promotional, etc.)
  • AI Analysis Data: Automated categorization, priority flags, and extracted compliance deadlines

1.2 Account Information

  • Name, email address, phone number (for OTP authentication)
  • Organization details and team member information
  • Payment information (processed securely through Stripe - we do not store complete credit card numbers)
  • Virtual address subscriptions and preferences
  • Authorization documents (Form 1583 for US addresses, country-specific forms for international addresses)

1.3 Usage Data

  • Login activity, IP addresses, and device information
  • Actions performed (mail viewing, forwarding requests, shred requests, downloads)
  • Preferences and settings
  • Communication with our support team

2. How We Use Your Information

  • Mail Processing: Receiving, scanning, digitizing, and storing your physical mail
  • AI Categorization: Using OCR and AI to automatically categorize mail, extract sender information, and flag priority items
  • Compliance Management: Verifying authorization documents (Form 1583), maintaining audit logs, and ensuring legal compliance with CMRA regulations and international mail laws
  • Service Delivery: Processing mail forwarding requests, shred requests, and archive management
  • Security: Detecting fraud, preventing unauthorized access, and maintaining audit trails
  • Communication: Sending notifications about new mail arrivals, legal mail alerts, and service updates
  • Billing: Processing payments and managing subscriptions
  • Service Improvement: Analyzing usage patterns to improve our AI categorization and user experience

3. Data Retention

Our Retention Policy:

  • Physical Mail: Retained for 30 days, then securely shredded (unless forwarding is requested)
  • Digital Scans: Retained for 7 years to comply with record-keeping requirements
  • Account Data: Retained while your account is active and for 2 years after closure for legal compliance
  • Audit Logs: Retained for 7 years for security and compliance purposes

You can request early deletion of digital mail at any time through your dashboard. Deleted mail is permanently removed from our systems after 30 days (to allow for accidental deletion recovery).

4. Data Security

We implement industry-leading security measures to protect your mail and personal information:

  • Encryption at Rest: All scanned documents are encrypted using Lockbox encryption before storage
  • Encryption in Transit: All data transmissions use TLS 1.3 encryption
  • Access Controls: Role-based access control (RBAC) ensures only authorized team members can access your mail
  • Audit Logging: Complete audit trail of all actions (viewing, downloading, forwarding, shredding)
  • Physical Security: Mail processing facilities are secured with 24/7 surveillance and access controls
  • Staff Training: All registered agents and staff undergo background checks and privacy training
  • Regular Security Audits: Continuous monitoring and security assessments using Brakeman and vulnerability scanning

5. Your Privacy Rights (GDPR & CCPA)

You have the following rights regarding your personal data:

  • Right to Access: Request a copy of all personal data we hold about you
  • Right to Rectification: Correct inaccurate or incomplete information
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data (subject to legal retention requirements)
  • Right to Portability: Export your data in machine-readable format (CSV, JSON)
  • Right to Restrict Processing: Limit how we process your data
  • Right to Object: Object to processing for direct marketing or automated decision-making
  • Right to Withdraw Consent: Withdraw consent for data processing at any time

To exercise these rights, contact us at [email protected]

7. International Data Transfers

Recordness operates globally across 200+ countries. Your data may be processed and stored in:

  • The country where your virtual address is located
  • Our secure cloud infrastructure (AWS regions with GDPR compliance)
  • Countries where our registered agents and mail processing facilities operate

We ensure appropriate safeguards are in place for cross-border transfers, including Standard Contractual Clauses (SCCs) for EU data transfers.

8. Children's Privacy

Recordness is a business service not intended for individuals under 18 years of age. We do not knowingly collect data from children.

9. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Material changes will be notified via:

  • Email notification to your registered email address
  • Prominent notice on our website and dashboard
  • 30-day notice period before changes take effect

Continued use of our services after changes constitutes acceptance of the updated policy.

10. Contact Us

For questions about this Privacy Policy or to exercise your privacy rights, contact us:

Recordness Privacy Team

Email: [email protected]

Support: [email protected]

We will respond to all privacy requests within 5 days.