Last updated
May 18, 2026. This policy applies to KasaPost websites, hosted business email, transactional sending, support, billing, and related control panels.
Data we collect
We may collect account details, company and domain details, mailbox configuration, aliases, API keys, billing identifiers, support requests, abuse reports, device and browser metadata, security logs, message routing metadata, delivery logs, DMARC reports, and email content stored or transmitted through the service.
How we use data
We use data to provide mailboxes, route and deliver email, authenticate domains, prevent abuse, secure accounts, troubleshoot delivery, provide support, bill customers, maintain records, improve reliability, and comply with lawful obligations.
Customer content
Email content belongs to the customer or the customer's users. KasaPost processes that content to operate the service, deliver messages, detect security threats, respond to support requests, and comply with abuse, legal, or security obligations.
Sharing
We do not sell customer mailbox content. We may share limited data with infrastructure, email delivery, payment, analytics, support, security, legal, and compliance providers when needed to operate KasaPost. We may disclose information when required by law or to protect the service from abuse.
Retention
We keep data for as long as needed to provide the service, meet security and legal needs, resolve disputes, maintain billing records, and support backups. Customers may request account or mailbox deletion, subject to security, billing, backup, and legal retention requirements.
Security
We use access controls, TLS-protected web access, domain authentication checks, operational logging, rate limits, suppression controls, and backup readiness checks. No service can guarantee perfect security, so customers should use strong passwords, two-factor authentication, and careful mailbox administration.
Privacy requests
Customers and eligible users may request access, correction, deletion, export, or restriction of personal data where applicable. Send privacy requests to privacy@kasapost.com and include the account, domain, and request type.
Texas and U.S. notices
KasaBase is based in Dallas, Texas. Texas residents and other eligible users may have privacy rights under applicable state or federal law. We will review verified requests and respond as required by applicable law.
Children
KasaPost is intended for business use and is not directed to children under 13. Customers must not create accounts for children or use KasaPost to knowingly collect children's personal data.
International use
KasaPost is operated from the United States. If customers use the service from outside the United States, they are responsible for confirming that their use complies with local privacy, email, and data transfer laws.
Contact
Privacy questions can be sent to privacy@kasapost.com. General support requests can be sent through the support page.