What CryptoPostage Stores
A plain-English breakdown of what shipping, payment, and account data may exist before, during, and after label generation.
Plain-English Summary
Data Lifecycle
What happens to each category of data at each stage of an order.
| Data | Before payment | During label generation | After label generation | After expiry/failure | Notes |
|---|---|---|---|---|---|
| Sender name & address | Encrypted (envelope) | Encrypted (unsealed briefly) | DEK destroyed — deleted | Deleted within 24h | Never stored in plaintext in the database |
| Recipient name & address | Encrypted (envelope) | Encrypted (unsealed briefly) | DEK destroyed — deleted | Deleted within 24h | Never stored in plaintext in the database |
| Email address | Optional — retained if provided | Retained | Cleared | Cleared within 24h | Optional. Used only for recovery links |
| Phone number | Encrypted (envelope) | Encrypted (unsealed briefly) | DEK destroyed — deleted | Deleted within 24h | Optional. Encrypted at rest |
| Package dimensions / weight | Encrypted (envelope) | Encrypted (unsealed briefly) | Summary weight retained; full details deleted | Deleted within 24h | Only aggregate weight_oz survives for analytics |
| Package contents / description | Encrypted (envelope) | Encrypted (unsealed briefly) | DEK destroyed — deleted | Deleted within 24h | Never in plaintext |
| Carrier & service | Retained | Retained | Retained | Retained | Operational metadata — no PII |
| Tracking number | Not yet assigned | Assigned by carrier | Retained | N/A | Required for delivery status |
| Label PDF | Not yet generated | Generated & stored | Private storage (signed URL) | N/A | Accessible only via your order link |
| Payment coin (BTC / XMR) | Retained | Retained | Retained | Retained | No personal information |
| Payment invoice ID | Retained | Retained | Retained | Retained | Required for payment reconciliation |
| Payment address | Retained | Retained | Retained | Retained | Used for recovery. Bitcoin addresses are independently visible on-chain |
| Transaction / payment status | PENDING | PAID / CONFIRMED | Retained | EXPIRED / FAILED retained | Always retained for order integrity |
| IP address | Hashed (truncated SHA-256) | Hashed only | Hashed only | Hashed only | Raw IP is NEVER stored |
| Device / browser | Hashed (truncated SHA-256) | Hashed only | Hashed only | Hashed only | Raw user-agent is NEVER stored |
| Recovery token | SHA-256 hash only | Hash only | Hash only | Hash only | Raw token shown once at checkout — never stored |
| Account data (if registered) | Retained | Retained | Retained | Retained | Retained until account deletion request |
| Admin audit logs | Hashed IDs + action | Hashed IDs + action | Retained | Retained | No PII in audit logs — hashed identifiers only |
Retention Policy
| Scenario | Retention |
|---|---|
| Successful paid order — shipment PII | Deleted/redacted after label generation |
| Expired unpaid order | Deleted within 24 hours of expiry |
| Failed label generation | Encrypted payload retained for 24h retry window, then deleted |
| Label PDFs | Private storage with signed URL access; retention configurable |
| Logs | No plaintext PII; short retention; hashed identifiers only |
| Account data (registered users) | Retained until account deletion request |
| IP addresses | Never stored as plaintext — truncated hash only |
| Payment records | Retained for business operations and reconciliation |
Full Data Inventory
Every field category and its retention status.
Shipment PII
| Field | Retention | Third-party shared | Notes |
|---|---|---|---|
| Sender name | Deleted after label generation | Yes — EasyPost, Carrier (USPS/UPS/FedEx/DHL) | Temporarily encrypted. Deleted from our systems after label generation. |
| Sender street address | Deleted after label generation | Yes — EasyPost, Carrier (USPS/UPS/FedEx/DHL) | Temporarily encrypted. Deleted from our systems after label generation. |
| Recipient name | Deleted after label generation | Yes — EasyPost, Carrier (USPS/UPS/FedEx/DHL) | Temporarily encrypted. Deleted from our systems after label generation. |
| Recipient street address | Deleted after label generation | Yes — EasyPost, Carrier (USPS/UPS/FedEx/DHL) | Temporarily encrypted. Deleted from our systems after label generation. |
| Email address | Deleted after label generation | Yes — Resend (transactional email, if provided) | Optional. Deleted from our systems after label generation or order expiry. |
| Phone number | Deleted after label generation | No | Optional. Temporarily encrypted. Deleted after label generation. |
| Package dimensions & weight | Deleted after label generation | Yes — EasyPost, Carrier | Package details temporarily encrypted. Summary weight retained for operations. |
| Package contents / description | Deleted after label generation | No | Temporarily encrypted. Deleted after label generation. |
Operational Metadata
| Field | Retention | Third-party shared | Notes |
|---|---|---|---|
| Carrier & service selected | Retained (operational) | Yes — Carrier, EasyPost | Retained. Does not contain personal information. |
| Tracking number | Retained (operational) | Yes — Carrier, EasyPost | Retained. Required to track label delivery status. |
| Label PDF | Configurable retention | No | Stored in private storage. Accessible only via your order link. Retention is configurable. |
| Destination ZIP prefix / state / country | Retained (operational) | No | Regional summary (ZIP prefix, state, country) retained for analytics and abuse prevention. |
| Pricing snapshot | Retained (operational) | No | Pricing details retained for order records. Contains no personal information. |
Payment Metadata
| Field | Retention | Third-party shared | Notes |
|---|---|---|---|
| Payment coin | Retained (operational) | Yes — NOWPayments (or BTCPay) | Retained. Indicates Bitcoin or Monero — no personal information. |
| Payment invoice ID | Retained (operational) | Yes — NOWPayments (or BTCPay) | Retained for payment reconciliation. |
| Payment address (invoice address) | Retained (operational) | Yes — NOWPayments (or BTCPay), Public blockchain | Retained for order recovery. Crypto addresses on public blockchains (Bitcoin) are independently observable. |
| Transaction / payment status | Retained (operational) | No | Retained. Indicates whether payment was received. |
Security & Access Logs
| Field | Retention | Third-party shared | Notes |
|---|---|---|---|
| IP address | Hash only — never stored plaintext | No | We do not store your IP address. Only a one-way hash is retained for abuse prevention. |
| Device / browser user-agent | Hash only — never stored plaintext | No | We do not store your browser user-agent string. Only a one-way hash is retained. |
| Recovery token | Hash only — never stored plaintext | No | Your recovery link is shown once. We only store a one-way hash — we cannot recover your original link. |
Account Data
| Field | Retention | Third-party shared | Notes |
|---|---|---|---|
| Account data (registered users) | Retained until account deletion | No | No account required. If you create an account, your email is retained until you request deletion. |
Third-Party References
| Field | Retention | Third-party shared | Notes |
|---|---|---|---|
| EasyPost shipment ID | Retained (operational) | Yes — EasyPost | Retained reference to EasyPost. EasyPost retains their own records per their privacy policy. |
| Payment processor reference | Retained (operational) | Yes — NOWPayments, BTCPay (if configured) | Retained for reconciliation. Payment processors retain their own records per their policies. |
What Happens If CryptoPostage Receives a Legal Request?
- We review legal requests for validity before taking any action.
- We can only provide data that exists in our systems at the time of a valid legal request.
- We cannot provide data we have deleted or never collected.
- We may be required to preserve data after receiving a valid legal request (legal hold).
- Where legally permitted and technically possible, we may notify affected users.
- Third parties such as our shipping API provider, carriers, hosting providers, CDN providers, and payment processors may have separate records and may receive independent legal requests.
Important clarifications
CryptoPostage can only provide data that exists in our systems at the time of a valid legal request. Shipment data may also exist with carriers, our shipping API provider, payment processors, hosting providers, or other infrastructure providers. We delete or redact shipment PII from our systems after label generation whenever possible.
Data Outside CryptoPostage
CryptoPostage uses third-party services to generate labels and process payments. These providers operate independently and retain their own records.
Carriers (USPS, UPS, FedEx, DHL)
Carriers receive sender and recipient addresses to generate and deliver labels. They retain delivery records independently.
Shipping API provider
Our shipping API provider processes shipment data on our behalf to generate carrier labels. They retain records per their own data retention policy.
Crypto payment processor
Our payment processor handles crypto invoices and retains payment records per their own policies.
Public blockchains
Bitcoin and Monero transactions are recorded on public blockchains and may be independently observable by anyone, regardless of what CryptoPostage retains.
Hosting & infrastructure providers
Our hosting and infrastructure providers may retain limited access logs per their own policies.
Email delivery provider
If you provide an email address, our email delivery provider processes it solely to send your recovery link. CryptoPostage does not retain your email longer than necessary.
Your Controls
Guest checkout
No account required. Buy labels without providing any identifying information beyond what the carrier requires.
Optional account
Create an account with just an email address to track orders across sessions.
Recovery link
For guest orders, a one-time recovery link is generated at checkout. Keep it — it's your only way to access the order.
Account deletion
Registered users may request account deletion at any time by contacting support.
Download label immediately
Download your label as soon as payment is confirmed. You don't need to keep coming back to our site.
Data request
Contact support to request a copy of any data we retain about your order.