Privacy policy

The minimum necessary to do the work. We split it into three buckets:

1. Account information you give us

• Your name, email, and (optionally) phone number.
• The household’s mailing address — street, city, state, ZIP — and the household type you tell us (aging parent, deceased relative, prior-resident cleanup, your own household, etc.).
• The names of people whose mail comes to that address, plus optional name variants (nicknames, initials, former names).
• Authority you certify (you’re the resident, the adult child, the executor, etc.) and your acceptance of our authorization terms. We log the version of the terms you accepted, the timestamp, and the IP address you accepted from. You can revoke at any time.

2. Mail-piece images you upload

• Photos of unwanted envelopes / postcards. We look at the front for sender, addressee, and any opt-out codes printed on it.
• We do not open envelopes, do not read enclosed contents, and do not request account statements, bills, prescription information, or anything else that needs to be opened. If you accidentally upload one, tell us and we’ll delete it on the spot.

3. Operational data we generate as we work

• Records of which opt-out requests we drafted, approved, submitted, and any confirmations we received.
• Customer-action items we created for you (e.g., “complete the official credit-bureau opt-out yourself”) and whether you’ve completed them.
• Audit-log entries — actor, action, entity, timestamp — for sensitive events like account creation, authorization acceptance, opt-out submission, and data deletion. These exist so we can show you and ourselves who did what.

Our service is designed around what we don’t need. We will never ask you for, and we have no fields anywhere in our system for:

• Social Security numbers. The credit-bureau prescreen opt-out requires a SSN; we direct you to do that one yourself at OptOutPrescreen.com. We don’t accept it on your behalf.
• Full dates of birth.
• Bank account numbers, routing numbers, or full credit-card numbers. Payments go through Stripe; we never see the card.
• Medicare numbers, health information, or prescription details.
• Account passwords — for any third party.
• The contents of mail you didn’t open. If we generate a letter on your behalf, we use only the addressee, address, and (if visible on the outside of the envelope) a donor / customer / reference code.

If a third-party opt-out flow needs any of the above, we’ll create a customer action and tell you how to complete it directly.

We use your data only to provide the service:

• Identify the senders of your mail and look up the right opt-out method.
• Compose and submit opt-out requests on your behalf, only after you’ve authorized us in writing.
• Track follow-ups, confirmations, and resubmissions over the 90-day window.
• Generate the 30-, 60-, and 90-day progress reports you can read in your dashboard.
• Send service emails (intake, reports, customer actions, refund confirmations).

We do not sell your data. We do not share it with marketers, data brokers, advertisers, or affiliate networks. We do not “monetize anonymous insights” about your mail. The U.S. junk-mail industry is built on the trade in lists like ours; we’re not joining it.

We do not train AI models on your data. Mail-piece images, names, and addresses are not used to train, fine-tune, or evaluate any third-party model.

We use a small list of vendors. Each touches only the minimum data required for its job, under a written data-processing agreement.

• Supabase — managed Postgres database and private object storage. Hosts your records and your uploaded mail-piece images.
• Stripe — payment processing. Stripe sees your name, email, card details, and billing address. We see only the resulting charge ID.
• Resend — transactional email (intake, reports, refunds). Sees your email address and the contents of the messages we send you.
• Vercel — application hosting and HTTPS termination. Sees request logs (IP, URL, response code) for operational purposes.
• Mail recipients you authorize. When you accept the authorization, we contact specific senders, registries, and credit bureaus on your behalf with the addressee’s name and mailing address. Those recipients see what we send; we tell you in your audit log.

We’ll update this list before adding a new subprocessor. If you want to be notified when we do, email hello@householdmailcleanup.com.

• U.S. data centers only. All Supabase, Stripe, and Resend resources we use are provisioned in the United States.
• Encrypted at rest with AES-256, including your mail-piece images and your household records.
• Encrypted in transit with TLS 1.2+. We don’t accept un-encrypted HTTP.
• Private storage. Mail-piece image URLs are not public. They are served through an ownership-checked endpoint that verifies the requester owns the household before returning the bytes.
• Role-based access on our side. The operator(s) reviewing your mail see only what’s necessary to do that work.
• Append-only audit log. Sensitive events are written once and never edited from the admin UI.

If we ever experience a breach affecting your data, we will notify you by email within 72 hours of confirming it, and we will tell you what was affected and what we’re doing about it.

• Mail-piece images — deleted from storage 180 days after your service period ends, or sooner on request.
• Household records (people, name variants, opt-out request history) — kept for 13 months past your last service interaction so we can re-file when DMA opt-outs sunset (10 years) or when senders return after a list refresh.
• Reports — kept until you ask us to delete them, so you have a permanent record of what we did.
• Audit logs and payment metadata — kept for 7 years per business-records norms (Stripe also retains its own copy).
• Marketing leads (the form on the home page, before you become a customer) — kept for 18 months unless you ask us to delete.

You have the right to:

• Access a copy of the data we hold on you. Email hello@householdmailcleanup.com; we’ll respond within 30 days.
• Correct anything that’s wrong.
• Delete your data. We honor deletion requests within 30 days. Some operational records (audit logs, payment history) may be retained per the retention rules above.
• Revoke authorization at any time. We stop submitting new opt-outs immediately; in-flight submissions complete or are withdrawn where withdrawal is possible.
• Export your records as JSON.
• Opt out of any data sale or sharing — but as noted above, we don’t do either, so this is automatic.

You can request all of the above from your dashboard’s Account page or by emailing hello@householdmailcleanup.com.

If you live in California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), or any state with comprehensive privacy law, you have these rights under that law as well. Where the law differs from this page, the law controls.

Our service is for adults (18+). We do not knowingly collect data about children. If you believe we have, email hello@householdmailcleanup.com and we will delete it.

We keep this part small.

• Required cookies. We use one HTTP-only session cookie when you’re logged in.
• UTM parameters. If you arrive from a link with utm_source / utm_medium / utm_campaign in the URL, we save those alongside your lead so we can tell which channels work.
• No third-party advertising trackers. No Facebook Pixel, no Google Ads conversion pixel for retargeting, no LinkedIn Insight Tag.
• No session-replay tools (FullStory, Hotjar, etc.) on logged-in pages.

We may use a privacy-respecting analytics tool (e.g., Plausible) on the public marketing pages to count visits. It does not set cookies and does not collect personal data.

When we change this policy in a material way (new subprocessor, new data category, shorter retention), we’ll email everyone with an active service period at least 14 days before the change takes effect. Non-material changes (typos, link fixes) we just publish. The “Last updated” date at the top reflects every revision.

Questions, complaints, or data requests: hello@householdmailcleanup.com. We respond within one business day during the demand-test window and within 5 business days otherwise.

Mailing address available on request.