Four controls that run on every single send
Consent gating
Every contact must carry a valid lawful basis before it can be messaged. No basis, no send — enforced automatically at import and again at send time.
Suppression first
Unsubscribes, bounces, complaints, and your do-not-contact list are checked before every message. A suppressed address is never messaged again, on any account.
Row-level isolation
Every row of every table is tenant-scoped in the database. One workspace can never read, query, or send on behalf of another — isolation is enforced by the store, not the app.
Encrypted secrets
Your SMTP passwords, OAuth tokens, and LLM API keys are encrypted at rest with per-tenant keys. They are decrypted only in memory, only to do the job you asked for.
How does Postyai make sure every email is lawful?
Every contact must carry a valid lawful basis before it can be messaged, and Postyai enforces this automatically — a contact without a recorded basis is blocked at import and again at send time, so the agent can never email it.
When you upload a CSV, each row is tagged with its basis (consent or legitimate interest) and its source. Rows that arrive without one are quarantined, not sent. Because the check runs again the moment before each send, a consent that is later withdrawn immediately stops all future messages — including already-scheduled follow-ups.
Is Postyai aligned with DPDP (India) and GDPR?
Yes — Postyai is built around the principles India's DPDP Act and the EU GDPR share: a lawful basis for every message, honoring data-subject rights, purpose limitation, and easy withdrawal of consent.
Lawful basis
Recorded per contact and enforced before every send.
Data-subject rights
Access, correction, and erasure requests are supported and logged.
One-click unsubscribe
Every email carries a working opt-out; withdrawal is instant and permanent.
You stay the controller
You are the data fiduciary/controller; Postyai processes on your instructions only.
How is my workspace kept separate from everyone else's?
Every row in the database is scoped to a tenant and protected by row-level security, so one workspace can never read, query, or send on behalf of another — the isolation is enforced by the data store itself, not just by application code that could be bypassed.
Contacts, campaigns, replies, accounts, and secrets all carry a tenant key. Even a mistaken query returns only your rows, because the boundary lives one layer below the application. There is no shared pool of contacts and no cross-tenant reuse of any kind.
How are my passwords and API keys stored?
Your SMTP passwords, OAuth tokens, and LLM API keys are encrypted at rest with per-tenant keys and are decrypted only in memory, only to perform the exact task you asked for.
Secrets are never written to logs, never returned in plain text through the interface, and never leave your tenant boundary. Connections to your providers use TLS in transit. Revoke access from your email or LLM provider and Postyai loses the ability to act instantly — you hold the off switch.
How do you honor unsubscribes and suppression?
Suppression is checked before every message: unsubscribes, hard bounces, spam complaints, and your own do-not-contact list are all consulted, and a suppressed address is never messaged again on any of your accounts.
Opt-outs are one click and take effect immediately — including on follow-ups already queued in a sequence. Suppression is global across your workspace, so unsubscribing from one campaign removes the contact from all of them.
What stops the agent from burning my sender reputation?
Deliverability guardrails keep the agent inside safe limits: it caps daily volume per inbox, warms new accounts gradually, throttles the moment bounce or spam-complaint rates rise, and pauses any account that looks at risk before damage is done.
Per-inbox limits
Daily and hourly send caps sized to each account, never exceeded.
Self-warming ramp
New inboxes start small and scale only as reputation proves out.
Signal-based throttling
Bounces and complaints automatically slow or pause sending.
Can I see exactly what the agent did?
Yes — every send, follow-up, suppression, consent change, and account action is written to an immutable, timestamped audit trail that you can review and export at any time.
If a regulator, a client, or a teammate ever asks what was sent, to whom, and on what basis, the answer is one export away. The log is append-only, so the record of what happened cannot be quietly rewritten.
Send on autopilot — without giving up control
Bring your own data, accounts, and keys. Postyai keeps every message lawful and every action logged.
More questions? See the FAQ or explore features and integrations.