legal/privacy — postlane.devLast updated 1 May 2026

privacy.

Plain English. We collect what we need to keep your account working — nothing more, nothing sold.

§ 01

Introduction

Postlane (“we”, “us”, “our”) is committed to protecting your personal data. This policy explains what information we collect, how we use it, and your rights in relation to it. It applies when you use postlane.dev or the Postlane desktop application.

We act as data controller for the personal data we process about you. If you have any questions, please contact us.

§ 02

Data we collect and how we use it

Account data

When you sign in using GitHub, GitLab, or Google, we receive your name and email address from that provider. We use this to create and manage your Postlane account and issue your licence.

Legal basis: performance of a contract.

Usage data

Our self-hosted servers capture standard server logs including IP addresses, browser type, and pages visited. We use this to monitor service health and diagnose problems.

Legal basis: legitimate interests in operating a reliable service.

Contact enquiry data

If you submit our contact form, we receive your name, email address, and message. We use this solely to respond to your enquiry.

Legal basis: legitimate interests in responding to customer enquiries.

§ 03

Third parties we share data with

We use the following sub-processors:

Supabase
Database and authentication. Stores your account data and licence records.
Cloudflare
Bot protection on our sign-in page via Turnstile.
Kwesforms
Contact form processing. Receives name, email, and message when you submit our contact form.

We do not sell your personal data to third parties and do not use it for advertising.

§ 04

International transfers

Some of our sub-processors are based outside the UK and EEA, including in the United States. Where data is transferred internationally, we rely on appropriate safeguards such as standard contractual clauses or adequacy decisions.

§ 05

Data retention

  • Account data— retained while your account is active and for two years after closure, unless a longer period is required by law.
  • Contact enquiry data — retained for three years.
  • Server logs — retained for 90 days.
§ 06

Your rights

Under UK GDPR, you have the right to:

  • access the personal data we hold about you
  • have inaccurate data corrected
  • have your data deleted in certain circumstances
  • restrict or object to our processing
  • receive your data in a portable format
  • withdraw consent where processing is based on consent
  • lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk

To exercise any of these rights, please contact us.

§ 07

Cookies

Cookies are small files stored on your device by your browser. We use the following categories:

Essential cookies

Required for the service to function and cannot be disabled. They include session cookies that keep you signed in and security cookies used by our authentication provider (Supabase).

Security cookies

Cloudflare Turnstile sets a short-lived cookie on our sign-in page to distinguish human visitors from bots. No personal data is stored in this cookie.

Analytics

We may use privacy-preserving analytics to understand aggregate usage patterns. Where we do, no personally identifiable information is collected and no cross-site tracking occurs.

You can control cookies through your browser settings. Disabling essential cookies will prevent you from signing in.

§ 08

Changes to this policy

We may update this policy from time to time. The date at the top of this page shows when it was last revised. Continued use of our services after any update constitutes acceptance of the revised policy.

§ 09

Governing law

This policy is governed by the law of England and Wales. Any disputes are subject to the exclusive jurisdiction of the courts of England and Wales.

Questions about your data?
We answer privacy queries within one business day.
Contact us