Your letters, locked down.
Every letter you send through PieMail is encrypted in transit, encrypted at rest, and deleted from our servers once it's in the mail.
SSL/TLS everywhere
Every page and API call on PieMail is served over HTTPS with modern TLS. Your letter contents and recipient addresses never travel in the clear.
PCI-compliant payments
Payments are processed by Stripe in a PCI-DSS Level 1 environment. PieMail never sees or stores your full card number.
Encrypted at rest
Letter contents and account data are stored encrypted at rest by our infrastructure providers (Supabase and Fly.io).
Letters deleted after mailing
Once your letter is handed to USPS, the file is removed from our servers. We keep only the metadata needed for your receipt and tracking.
Address verification
Recipient addresses are validated against the USPS CASS-certified database before printing, reducing failed deliveries and exposed envelopes.
Least-privilege access
Internal access to production systems is restricted, audited, and protected with multi-factor authentication.
Responsible disclosure
Found a security issue? We'd love to hear from you. Please email security@piemail.online with details. We aim to acknowledge reports within two business days and resolve confirmed issues as quickly as possible.
Please don't disclose vulnerabilities publicly before we've had a chance to fix them. We do not currently run a paid bug bounty program, but we're happy to credit researchers who report responsibly.
Subprocessors
- Stripe โ payment processing (PCI-DSS Level 1)
- Supabase โ account database and authentication
- Fly.io โ application hosting
- Lob โ printing, mailing, and address verification
Each subprocessor is contractually required to handle your data in line with our privacy commitments.
Questions
For security questions, contact security@piemail.online. For general privacy questions, see our Privacy Policy.