Go back

Privacy Policy

Last updated: Wednesday, 15th May, 2024.

For the purposes of this Privacy Policy:

Interpretation

The words of which the initial letter is capitalised (and in some cases not) have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural or any class of pronoun.

Definitions

The proprietorship firm (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to D & N Global Business. 

Cookies are small files that are placed on Your computer, mobile device or any other device by a Website, containing the details of Your browsing history on that Website among its many uses.

You (may also be referred by “a user” or “user”) means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable and classified as sender, recipient, and payer.

Sender refers to an entity using the Website to send a letter. Payer refers to an entity making payment on the Website and recipient refers to the entity to whom a letter is sent using their email id.

Country/land refers to: Uttar Pradesh, India

Device means any device that can access the Service such as a computer, a cellphone or a digital tablet. Personal Data is any information that relates to an identified or identifiable individual.

Service refers to the Website.

Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analysing how the Service is used. Third-party Social Media Service refers to any Website or any social network Website through which a User can log in or create an account to use the Service.

Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Website  or Service refers to POSTMAN, accessible from https://www.postman.land

1. We are CCPA/GDPR compliant.


2. Your letters are end to end encrypted (encrypted in rest and in transit)and inaccesible in storage means no person other than the sender and the receiver of the letter can access it. On top of it, the letters are protected by a One Time Key system on the recipient's side.


3. Personal Data

   We store following data from You in our database:

   
   

   A. Data from Sender/payer side

   
   
   1. Recipient’s email id 
   2. Time & Date of sending
   3. Payer’s PayPal id and Payer’s email as provided by PayPal with the payer’s shipping/billing address which is a non-sensitive personal data
   
   

   B. Recipient’s side

   
   
   1. Time of viewing the letter
   
   

   We also store the content of a letter in our database however protected by strict authorisation based database administration, the letters stored in the database are technically inaccesible.

   
   

   C. The data is stored using Mongo DB Atlas V7.0.8 at our server at AWS Mumbai (ap-south-1), India.

   
   

   D. Other than that the entire letter and the recipients email id is also stored in our mailbox operated through google workspace - letter@postman.land



4. Personal data security & encryption:
   
   1. The data stored in our database is encrypted in rest by default and is accessed by a single person admin control.
   
   
   2. We use TSL/SSL certification on our Website and hence is encrypted in transit.
   
   
   3. The data stored in our mailbox letter@postman.land is inaccessible by any person whatsoever as the password of the mailbox has been destroyed and the data thereon is safeguarded by Google’s safety protocols. This can be confirmed by the last login to the mailbox.


5. Other primary personal user data storage:
   1. Other than those mentioned above, We store a user’s data as We receive request for a refund or any other customer care concerns which includes a user’s email id and content of the email. The data stays safe at our mailboxes according to Google’s safety protocols and our mailbox security where We make sure only authorised access to such data on our mailboxes.


6. Commitment to no-operation/analysis/profiling/sharing/disclosing of user data:

   1. We DO NOT in any situation whatsoever perform any manual or automated operation of our user’s data stored in our database or mailboxes for any profiling purposes whatsoever other than deleting the data on a user’s request or in the case when an abuse or cybercrime has been reported.

   
   

   2. We DO NOT sell, share, or export our user’s data out of our database to any third party other than those mentioned in point 7.

   
   

   3. So data stored in our database is merely an archive and for the record purpose. You will never be contacted by us other than the letter sent to a recipient using our services or Your request for a refund or other customer care concerns.



7. In case of a persisting and valid (based on our discretion) legal obligation, We may have to share a user data on the request of a law enforcing authority according to the laws of the land in India.
   

   The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

   
   
   • Comply with a legal obligation
   • Protect and defend the rights or property of the Company
   • Prevent or investigate possible wrongdoing in connection with the Service
   • Protect the personal safety of Users of the Service or the public
   • Protect against legal liability


8. Deleting Your personal data:
   1. Write us an email on postman@cherryWeb.online providing the recipient’s email id requesting the deletion of the data. And We’ll delete the data stored in our database.


9. Usage Data 
   1. Usage data is collected automatically when using the Service.
   
   
   2. Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
      When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.
      We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device. HoWever, We do not perform any operation or store these data at any place on our servers.


10. Cookies
    
    
    1. Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. HoWever, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless You have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
    
    
    2. Cookies are of two types - Session cookies and persistent cookies. We use only session cookies on our Website and this is administered by us.
       

       when a sender begins filling out letter information, the same data is stored in cookies for drafting purposes. Upon sending the letter, the data stored in cookies is automatically cleared, while the database retains a record of the sent letter.

    
    
    3. Persistent cookies are used for profiling purposes and We do not use them on our Website.
    
    
    4. Furthermore, the Service does not utilise any third-party cookies.


11. Links to other Websites (Paypal and Cherry Web Design Studio)
    
    
    1. Our Service may contains links to other Websites that are not operated by us which is only Paypal for making payments. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of Paypal.
       We have no control over and assume no responsibility for the content, privacy policies or practices of Paypal.
    
    
    2. We have link to Cherry Web Design Studio, the makers of this Website on our Website. We advise You to go through the privacy policy of www.cherryWeb.online when You visit that Website.


12. Changes to this Privacy Policy

    We may update Our Privacy Policy from time to time. We will not notify You of any changes and Your data will be governed according to the privacy policy on the Website on the day You sent/viewed the letter.
    You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.



13. Conflict

    We have total commitment towards our users. In case of a conflict or dispute and a legal suite from Your side, we are available to participate in the court of law of the choice of a user however through video conferencing so and commit to work in cooperation with the law enforcing agents. In case of a suit from our side however, the matter will come under the jurisdiction of courts of law of the Country.



14. Concluding security concerns
    
    
    1. The Website employs standard practices to guard against SQL/NoSQL injections, ensuring that sanitized data is stored in the database. It only collects non-sensitive information such as email addresses and some personal details. However, none of the data requested from senders is strictly validated against any personal detail's registry, nor is it enforced. 
    
    
    2. Senders can opt to provide “dummy” data, including names and addresses, to maintain anonymity. Personal details are not subject to validation. 
    
    
    3. The Website ensures end-to-end encryption when storing data in the database, with additional security measures provided by the default settings of the database provider, “Mongo Atlas”. Data stored in cookies is safeguarded by the browser's session storage and default security rules.
    
    
    4. Payment-related data, such as the payer's email address and ID, is obtained from PayPal and directly stored in the database using the same sanitisation methods and security measures employed for user data storage. 
    
    
    5. The Website itself is stateless, meaning it does not retain or save any data within its logic, business, or server components. Data collected from users are processed through the server/business layer and promptly passed to the database for secure storage when necessary.
    
    
    6. Our data is managed by strict authorisation principles and through trusted staff and business structures. We are committed to your privacy and safety.


15. Contact Us

    
    For any query or dispute please contact us - postman@cherryweb.online