Privacy Policy
Last updated on: 1st September 2025
Stannp Privacy and Cookies Policy
This Privacy and Cookies Policy (the "Policy") applies to Stannp, Inc., a Delaware corporation with its principal office at 251 Little Falls Drive, Wilmington, DE 19801 ("Stannp," "we," "us," or "our"). This Policy describes how we collect, use, share, and protect personal information when you visit our website at stannp.com (the "Website") or use our direct mail platform and services (the "Platform" or "Services"). About Our Services Stannp provides a Software-as-a-Service (SaaS) direct mail platform that enables businesses to create, manage, and send physical mail campaigns through a fully digital, integrated solution. We collect and process personal information as necessary to deliver these direct mail services to our business customers and their recipients. Your Acceptance of This Policy By accessing or using our Website, Platform, or Services in any manner, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our practices, please do not use our Services. Changes to This Policy We may update this Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes through the email address associated with your account or through a prominent notice on our Platform. Your continued use of our Services after such notice constitutes acceptance of the updated Policy. For non-material changes, we encourage you to review this Policy periodically. If you disagree with any changes, you should discontinue use of our Services. This Policy was last updated on: 1st September 2025.
1. Registration Information and Legal Basis
For the purposes of US data protection legislation, Stannp is a Data Controller in relation to our own business operations, and a Data Processor when handling customer data through our Platform services. This Policy covers our treatment of personally identifiable information as defined by US Federal and State privacy laws, including the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Utah Consumer Privacy Act (UCPA), New York SHIELD Act, and other applicable US state privacy laws. We collect and use personal information based on one or more of the following: Your consent when you use our Services To fulfill our contractual obligations to provide Services To comply with legal requirements For our business purposes as described in this Policy When you provide us with personal information about others, you represent that you have obtained any necessary consents or have another lawful basis for sharing that information with us. Except as noted in this Privacy Policy, our collection and use of Personal Information is not a contractual or statutory requirement or a requirement necessary to enter into a contract. You can always opt not to disclose information to us. If you elect to do so, that decision will affect our ability to communicate with, provide Services to, employ, or otherwise interact with you.
2. Information We Collect and Use
We collect and process the following information from you via the Platform:
| Category of Information | Examples | Sources | Business/Commercial Purposes | Disclosed to |
|---|---|---|---|---|
Identifiers & Contact Information | First name, last name, email address, business address, phone number, company name, job title | • Directly from you • Third party data providers | • Account creation and management • Customer service • Billing and payments • Marketing communications • Legal compliance | • Service providers • Payment processors • Marketing partners (with consent) • Legal authorities (if required) |
Financial Information | Credit card details, billing address, payment history | • Directly from you • Payment processors | • Payment processing • Fraud prevention • Account administration • Legal and tax compliance | • Payment processors • Financial institutions • Legal authorities (if required) |
Commercial Information | Purchase history, account usage, service preferences | • Your use of our Platform | • Service delivery • Account personalization • Product improvement • Analytics | • Service providers • Analytics providers |
Internet/Network Activity | IP address, browser type, device information, operating system, cookies, usage data | • Automatically collected via Website/Platform | • Platform functionality • Security and fraud prevention • Analytics and improvement • Troubleshooting | • Hosting providers • Security services • Analytics providers |
Professional Information | Company name, job title, business contact details | • Directly from you • Third party data providers | • B2B communications • Service customization • Marketing (where permitted) | • Service providers • Marketing partners (with consent) |
Customer Support Data | Support tickets, issue descriptions, communications with support team | • Directly from you | • Issue resolution • Service improvement • Training and quality assurance | • Customer support platforms • Service providers |
Preferences & Settings | Dashboard configuration, communication preferences, marketing opt-in/opt-out choices | • Directly from you | • Service customization • Compliance with preferences • User experience improvement | • Service providers |
Employment Application Data | Name, contact details, resume, education history, employment history, references, interview notes, background check results (where permitted), work authorization status | • Directly from applicants • Recruitment platforms • Background check providers • References | • Evaluating qualifications • Conducting interviews • Background verification • Legal compliance • Equal opportunity monitoring | • HR service providers • Background check services • Payroll processors (if hired) • Legal authorities (if required) |
Additional Uses of Information In addition to the purposes outlined in the table above, we may use the information we collect for the following business and operational purposes: Employment and Recruitment: Evaluating job applications, conducting interviews, performing background checks where permitted, making hiring decisions, and maintaining records for equal opportunity compliance Business Operations: Managing business relationships, conducting internal audits and investigations, resolving disputes, enforcing our Terms of Service, and pursuing legal claims or defenses Events and Communications: Organizing and managing webinars, conferences, or other events you register for, and sending service-related announcements and administrative messages Legal and Regulatory Compliance: Complying with applicable laws, regulations, legal processes, and governmental requests, including tax reporting, maintaining required business records, and responding to subpoenas or court orders Business Transactions: Evaluating and executing mergers, acquisitions, reorganizations, bankruptcies, or other transactions where personal information may be transferred as a business asset Safety and Security: Protecting against malicious, deceptive, fraudulent, or illegal activity, protecting the rights and property of Stannp and others, and ensuring the physical safety of individuals Research and Development: Analyzing usage patterns to improve our Platform, developing new features and services, and conducting internal research for technological development and demonstration Financial Incentives: We do not offer financial incentives, payments or other compensation in exchange for providing personal information Other Purposes: Any other lawful purpose for which you provide consent, or as otherwise permitted or required by applicable law We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose. Information We Do Not Collect We do not knowingly collect sensitive personal information as defined under CPRA, including social security numbers, driver's license numbers, account passwords, precise geolocation, racial or ethnic origin, religious beliefs, union membership, genetic or biometric data, health information, or sexual orientation data. We also do not knowingly collect personal information from children under 13. Marketing Communications We may track email opens and clicks to improve our services. To opt out of marketing emails, click the unsubscribe link in any email or contact us using the information below. To opt out of marketing SMS, reply STOP to the message or contact us. Please note that, if you do not want to receive emails or notices from Stannp, those notices will still govern your interactions with Stannp, and you remain responsible for reviewing and adhering to such notices, including this Privacy Policy and the Terms of Service on the Websites and Portals.
3. Data Processing for our Customers
When you use our Platform to send mailings to your customers, you are the business under US privacy laws, and we act as your service provider. In this capacity:
| Category | What We Process | Purpose | Your Responsibilities |
|---|---|---|---|
Recipient Data | Names, addresses, email addresses, phone numbers, and other identifiers you provide | To fulfil your mailing campaigns through printing, mailing, and delivery tracking | You must ensure compliance with CAN-SPAM, state privacy laws, and obtain necessary consents |
Campaign Content | Marketing materials, letters, personalization fields, images, and variable data | To produce and deliver your mailings | You are responsible for content compliance and accuracy |
Your Uploaded Databases | CRM exports, suppression lists, custom data fields | To store for future campaigns and apply suppressions | You control retention and must ensure data accuracy |
Campaign Analytics | Delivery confirmations, response tracking, QR code scans (if enabled) | To provide performance reports | You determine how to use analytics for future targeting |
Important Notes for Customers:
As the data controller, you are responsible for:
Ensuring you have a lawful basis for processing all recipient data
Responding to data subject rights requests from your recipients
Maintaining accuracy of uploaded data
Complying with data protection laws including GDPR, PECR, and the CAP Code
Providing appropriate privacy notices to your recipients
We process this data solely on your instructions and do not use it for our own purposes
You can configure retention periods in your account settings
We act as your data processor under the terms set out in our Terms of Service (Clause 11)
Important Service Provider Commitments As your service provider, we process personal data solely based on your documented instructions and do not use it for our own independent purposes. We do not sell or share your customers' data outside of fulfilling your service requests, nor do we combine your data with data from our other customers. We provide assistance with your compliance obligations as outlined in our Terms of Service, including support for consumer rights requests when contractually required. We maintain appropriate security measures in accordance with applicable US privacy laws and industry standards to protect the personal data you entrust to us. Your Obligations as the Business As the business/controller, you are responsible for ensuring you have appropriate legal basis and consent from all recipients before including them in any mailing campaigns. You must respond to all consumer rights requests from your recipients, including requests to access, delete, or opt-out of future communications. You are required to provide clear and conspicuous privacy notices to your recipients explaining how their data is collected, used, and shared. You must maintain compliance with all applicable laws including CAN-SPAM, TCPA, and relevant state marketing and privacy laws. You are responsible for maintaining accurate Do Not Contact and suppression lists and ensuring they are applied to all campaigns. Additionally, you must ensure the accuracy of all data you upload to our platform and verify you have lawful rights to use any third-party data sources for your marketing purposes.
4. Sharing Your Information with Third Parties
We share data with carefully selected service providers as detailed in our subprocessor list, updated regularly and available on our website. We may also share your information in the following circumstances: with any group companies or affiliates; with regulators when required by law; in anonymized form with third parties for business sale/restructuring purposes, data analysis, or law enforcement compliance; with the United States Postal Service for delivery confirmations and address validation; with service providers including printing services, delivery services, payment processors, cloud hosting, and customer support platforms. We will not disclose your personal information to other third parties beyond those described above without obtaining your consent, except as required by law.
5. Sale and Sharing of Personal Information
Under US privacy laws, we do not 'sell' personal information in traditional commercial terms, except for disclosures to our customers as part of our service delivery. We may 'share' personal information as described in Section 4. In the past 12 months, we have disclosed the following categories to customers: delivery confirmation data, address validation results, and mailing status information. Right to Opt Out: You have the right to opt out of the "sale" or "sharing" of your personal information as defined under state privacy laws. To exercise this right: you may contact us here [Add in CONTACT US Link] Call us at 888-321-2148 Write to us at Stannp Compliance Team, 6312 S Fiddlers Green Cir, Suite 350E, Greenwood Village, CO 80111 We will process opt-out requests within 15 days and direct any third parties who received your data to honor your opt-out.
6. Links to Third Party Websites
Stannp is not responsible for privacy policies of other sites accessed via our Website or Platform. Check each site's policy and contact owners with concerns or questions.
with any group companies of ours or affiliates;
with our regulator (the ICO) when required;
-
in anonymised form, we may share information with:
any third party, in relation to the sale of some or all of Stannp's business, or its assets, or as part of any business restructuring or reorganisation. Stannp will take steps with the aim of ensuring that your rights continue to be protected if your personal data is transferred under these circumstances;
data aggregators and platform providers as part of an analysis of user metrics or sales performance; or
law enforcement agencies in compliance with law enforcement.
7. Security
Stannp employs appropriate technological, physical, and administrative measures to safeguard the confidentiality, integrity, and availability of personal information from unauthorized access and improper use. Our technical security measures include encryption of personal data both in transit and at rest. We implement access controls to restrict data access to authorized personnel only. Our systems undergo regular security monitoring, supported by network security infrastructure including firewalls and intrusion detection systems. Physical security protections encompass secure data centers with restricted access controls and secure procedures for disposal of physical media containing personal information. Access to facilities housing personal data is controlled and monitored. Administrative safeguards include employee security training, regular reviews and updates of security policies and procedures, established incident response and breach notification procedures, and security assessments of vendors and contractors who may access personal information. We maintain these security measures in accordance with applicable US privacy laws and industry standards. However, no security system is completely impenetrable, and we cannot guarantee absolute security. Individuals seeking additional information about our specific safeguards may contact us using the information in Section 15 below. Payment Card Security: We do not directly store or process full payment card numbers on our systems. All payment transactions are handled securely by PCI DSS-compliant payment processors. These processors are contractually required to maintain strict safeguards in accordance with the Payment Card Industry Data Security Standard (PCI DSS) to protect your financial information.
8. Storage and Data Retention
We store personal data of US-based customers within the United States. Data from European customers may be stored in the United Kingdom or transferred to the United States with appropriate safeguards. All international transfers use appropriate safeguards per applicable privacy laws. Stannp retains Personal Information it uses to provide the Services to a customer between 12 and 24 months after the customer stops using the Services. Users may request early deletion subject to legal requirements. Previous customer data may be anonymized rather than fully deleted, and invoice data retained for 7 years minimum for legal compliance.
9. Cookies and Similar Technologies
We store personal data of our UK and EEA-based customers within the EEA. We do not currently transfer such data outside the EEA. We retain your data for no longer than is reasonable in line with the purposes for which it was originally collected. If you have an active account on our Platform, you can configure a retention policy yourself. If you do not configure it the default retention period for sensitive assets will be 3 years unless you fail to use your account at least once in any 12 month period in which case we will delete your account and associated data after such 12 months of non-use. Where we transfer personal data outside the UK or EEA, we will ensure appropriate safeguards are in place, including: • reliance on an adequacy decision (where the recipient country is recognised as providing an adequate level of protection); • use of the EU Commission's Standard Contractual Clauses; and/or • use of the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs. Any user with an account can request their personal data to be removed at any time, however please note that • if the user account was a previous customer of Stannp, data may be anonymised rather than fully removed; and • any personal data appearing on sales invoices will be retained by Stannp for at least 7 years for legal compliance.
What are Cookies?
Cookies are small text files that are placed on your device when you use the Website or Platform. Session cookies enable you to move from page to page within the Website and Platform and any information you enter will be remembered but is deleted when you close the page or after a short time. Persistent cookies allow us to remember your preferences and settings when you use the Website or Platform in the future.
Types of Cookies We Use
| Cookie Type | Purpose | Examples |
|---|---|---|
Strictly Necessary Cookies | • Authentication tokens to keep you logged in • Dashboard configuration preferences • Security and fraud prevention • Load balancing and platform functionality | Essential for Platform operation |
Analytics Cookies (with your consent) | • Understanding how visitors use our site • Tracking if advertising or referral links were effective • Analyzing user behavior to improve Platform functionality | • Google Analytics • Referrer tracking • User behavior tracking |
Marketing Cookies (with your consent) | • Advertising optimization • Marketing campaign effectiveness • Showing relevant advertisements | • Google Adwords • Hubspot • Retargeting cookies |
Managing Your Cookie Preferences
You can control cookie settings through our cookie consent banner when you first visit our website, your account settings if you're a logged-in user, or directly through your browser settings. If you do not want cookies to be served on your device, you can disable them through these settings; however, please note that disabling necessary cookies may prevent you from accessing some Platform features.
Third Party Cookies
Third party advertisers may place or read cookies on your browser when you use our website or Platform. This Policy applies only to Stannp's use of cookies and does not cover third party cookies. For more information about managing cookies, visit www.aboutcookies.org or www.allaboutcookies.org.
10. Your Rights
Under US privacy laws, you have several rights regarding your personal information:
General Rights
You have the right to access and request copies of any personal information we hold about you. You can request that we correct any inaccurate or incomplete information in our records. You may request the deletion of your personal information from our systems. Additionally, you have the right to opt out and stop us from sharing your information for marketing purposes.
California Residents (CCPA/CPRA)
If you are a California resident, you have specific rights under state law. You have the right to know the categories and sources of personal information we have collected about you. You can request information about the business purposes for which we collect your data. You have the right to limit how we use your sensitive personal information. Furthermore, you are protected by the right to non-discrimination, meaning we cannot treat you differently for exercising any of these privacy rights.
Other State Residents
Residents of Virginia, Colorado, Connecticut, and Utah have similar rights to those described above under their respective state privacy laws.
Specific Request Types
Verification Process
We will verify your identity before processing requests by: Matching information provided in your request against our records Requesting additional information if needed for verification Using a tiered approach based on the sensitivity and risk of the request We will acknowledge receipt within 10 business days and respond substantively within 45 days (extendable to 90 days with notice for complex requests).
Exercising Rights - Contact Methods
To exercise your privacy rights, you may contact us here [CONTACT US Link] or by mail to Stannp Compliance Team at 6312 S Fiddlers Green Cir, Suite 350E, Greenwood Village, CO 80111. When making a request, please include your name, email address, and a specific description of your request. We will verify your identity before processing any request and will respond within 45 days, though we may extend this to 90 days for complex requests with notice to you. If you wish to designate an authorized agent to act on your behalf, they must provide: Written authorization signed by you Proof of the agent's identity We may also contact you directly to confirm the agent's authority to act on your behalf
Additional Rights and Protections
The following additional rights and protections apply to your personal information under various US state and federal privacy laws. Withdrawal of Consent: Where we process your data based on consent, you may withdraw that consent at any time by contacting us. This won't affect the lawfulness of processing before withdrawal. Right to Object: You may object to our processing of your personal information for direct marketing or based on our business purposes. Contact us using the information in Section 15. Non-Discrimination: We will not discriminate against you for exercising any privacy rights, including by denying services, charging different prices, or providing different service levels, unless permitted by law. Accessibility: If you need this Privacy Policy in an alternative format due to a disability, please contact us to request accommodation.
Filing Complaints
If you're unsatisfied with our response to your privacy concerns, you may file a complaint with: California residents: California Attorney General at oag.ca.gov/privacy Other states: Your state's Attorney General's office
Automated Decision-Making
We do not use automated decision-making that produces legal or similarly significant effects. All decisions affecting your account or services involve human review.
11. Children's Privacy
Our services are not directed to children under 13 years of age, and we do not knowingly collect personal information from children under 13 in compliance with COPPA (Children's Online Privacy Protection Act). If we learn that we have collected such information from a child under 13, we will delete it promptly. In accordance with state law compliance requirements, we do not knowingly sell or share personal information of consumers under 16 years of age without proper authorization. If you believe we have collected information from a child, please contact us immediately so we can address the situation.
Access: You can request a copy of the personal data we hold about you.
Rectification: You can ask us to correct any inaccurate or incomplete personal data.
Erasure: You can request deletion of your personal data in certain circumstances.
Restriction: You can ask us to restrict processing of your personal data in certain situations.
Portability: Where technically feasible and legally required, you can request your data in a portable format.
Objection: You can object to processing based on legitimate interests or for direct marketing.
Automated Decision-Making: We do not currently use automated decision-making or profiling that produces legal or similarly significant effects.
Withdrawing Consent: Where we process data based on consent, you can withdraw this at any time.
You can exercise any of the rights listed above by contacting us at gdpr@stannp.com. If you have an account, you may also be able to update or delete some of your information directly through your account settings. We will respond to your request without undue delay and in any event within one month of receiving it. Where a request is complex or numerous, we may extend this period by up to a further two months. If this is necessary, we will notify you within the first month and explain why the extension is needed. We may need to request specific information from you to help us confirm your identity before we can process your request. This is a security measure to ensure that personal data is not disclosed to anyone who has no right to receive it. Exercising your rights is free of charge. However, if your request is manifestly unfounded, excessive or repetitive, we may charge a reasonable fee or refuse to act on the request.
12. Data Breach Notification
For breaches affecting data we process on your behalf, we notify you without undue delay per applicable law, providing breach details, affected categories, consequences, and remedial measures.
13. International Data Transfers
If and to the extent that Stannp transfers Personal Information from another country into the United States, Stannp does so in compliance with the Privacy Laws of the originating country.
14. Changes to This Policy
Stannp may amend this Privacy Policy from time to time. Use of Personal Information we collect now is subject to the Privacy Policy in effect at the time such information is used. If we make changes in the way we use Personal Information, we will notify you by posting an announcement on the Websites or sending you an email. You are bound by any changes to the Privacy Policy when you use the Websites, Portals, other applications, or the Services after such changes have been first posted.
15. Contact Information
All questions, concerns, or requests about or under this Privacy Policy or about Stannp's collection and use of Personal Information should be directed to Stannp as follows: Laura Manning 6312 S Fiddlers Green Cir, Suite 350E, Greenwood Village, CO 80111 888-321-2148 Contact Us [Need link to Contact Us] We respond to privacy inquiries within 2 business days and process requests within legal timeframes.