Postyai
FeaturesHow it worksPricingSolutionsSecurityBlog
Log inSign up
Security & Compliance

Permission-based by design. Yours by default.

Postyai is a bring-your-own-everything email agent: your data, your sending accounts, and your LLM key stay yours. Contacts without a lawful basis are blocked automatically, every unsubscribe is honored, and every action is written to an audit trail — so autopilot never means out of control.

Four controls that run on every single send

Consent gating

Every contact must carry a valid lawful basis before it can be messaged. No basis, no send — enforced automatically at import and again at send time.

Suppression first

Unsubscribes, bounces, complaints, and your do-not-contact list are checked before every message. A suppressed address is never messaged again, on any account.

Row-level isolation

Every row of every table is tenant-scoped in the database. One workspace can never read, query, or send on behalf of another — isolation is enforced by the store, not the app.

Encrypted secrets

Your SMTP passwords, OAuth tokens, and LLM API keys are encrypted at rest with per-tenant keys. They are decrypted only in memory, only to do the job you asked for.

Your data, your control

We are the platform — your data and accounts stay yours. Postyai never resells your data, never mixes it with another customer's, and never trains shared models on it. Here is exactly what stays under your control:

Your contact data

The CSV you upload stays in your workspace. Export or delete it any time — nothing is sold, shared, or reused to train shared models.

Your sending accounts

Gmail, Microsoft, or any SMTP inbox connects with your credentials. Revoke access from your provider and Postyai stops sending instantly.

Your LLM API key

Bring your own OpenAI, Anthropic, or compatible key. Prompts and generations run on your key, under your provider terms — not ours.

Your proxies (optional)

Route sending through your own proxies if you want. Postyai is the platform; the pipes and the data stay yours.

Read the fine print in our Privacy Policy and Terms of Service.

Every contact must carry a valid lawful basis before it can be messaged, and Postyai enforces this automatically — a contact without a recorded basis is blocked at import and again at send time, so the agent can never email it.

When you upload a CSV, each row is tagged with its basis (consent or legitimate interest) and its source. Rows that arrive without one are quarantined, not sent. Because the check runs again the moment before each send, a consent that is later withdrawn immediately stops all future messages — including already-scheduled follow-ups.

Is Postyai aligned with DPDP (India) and GDPR?

Yes — Postyai is built around the principles India's DPDP Act and the EU GDPR share: a lawful basis for every message, honoring data-subject rights, purpose limitation, and easy withdrawal of consent.

Lawful basis

Recorded per contact and enforced before every send.

Data-subject rights

Access, correction, and erasure requests are supported and logged.

One-click unsubscribe

Every email carries a working opt-out; withdrawal is instant and permanent.

You stay the controller

You are the data fiduciary/controller; Postyai processes on your instructions only.

How is my workspace kept separate from everyone else's?

Every row in the database is scoped to a tenant and protected by row-level security, so one workspace can never read, query, or send on behalf of another — the isolation is enforced by the data store itself, not just by application code that could be bypassed.

Contacts, campaigns, replies, accounts, and secrets all carry a tenant key. Even a mistaken query returns only your rows, because the boundary lives one layer below the application. There is no shared pool of contacts and no cross-tenant reuse of any kind.

How are my passwords and API keys stored?

Your SMTP passwords, OAuth tokens, and LLM API keys are encrypted at rest with per-tenant keys and are decrypted only in memory, only to perform the exact task you asked for.

Secrets are never written to logs, never returned in plain text through the interface, and never leave your tenant boundary. Connections to your providers use TLS in transit. Revoke access from your email or LLM provider and Postyai loses the ability to act instantly — you hold the off switch.

How do you honor unsubscribes and suppression?

Suppression is checked before every message: unsubscribes, hard bounces, spam complaints, and your own do-not-contact list are all consulted, and a suppressed address is never messaged again on any of your accounts.

Opt-outs are one click and take effect immediately — including on follow-ups already queued in a sequence. Suppression is global across your workspace, so unsubscribing from one campaign removes the contact from all of them.

What stops the agent from burning my sender reputation?

Deliverability guardrails keep the agent inside safe limits: it caps daily volume per inbox, warms new accounts gradually, throttles the moment bounce or spam-complaint rates rise, and pauses any account that looks at risk before damage is done.

Per-inbox limits

Daily and hourly send caps sized to each account, never exceeded.

Self-warming ramp

New inboxes start small and scale only as reputation proves out.

Signal-based throttling

Bounces and complaints automatically slow or pause sending.

Can I see exactly what the agent did?

Yes — every send, follow-up, suppression, consent change, and account action is written to an immutable, timestamped audit trail that you can review and export at any time.

If a regulator, a client, or a teammate ever asks what was sent, to whom, and on what basis, the answer is one export away. The log is append-only, so the record of what happened cannot be quietly rewritten.

Send on autopilot — without giving up control

Bring your own data, accounts, and keys. Postyai keeps every message lawful and every action logged.

More questions? See the FAQ or explore features and integrations.