Postcrossing uses cookies to help deliver its services. By using this website, you agree to its use of cookies. Learn more.

Postcrossing Privacy Policy

Our Privacy and Cookie Policies are going to be updated on May 25, 2018. Please take the time to review the new Privacy and Cookie policies.

Postcrossing is committed to protecting the privacy of its users, and has therefore developed this Privacy Policy to explain how personal data is collected, processed and disclosed by its platform. We advise everyone to read it carefully, in order to become familiar with our privacy practices.


POSTCROSSING, LDA. (hereinafter referred to as, Postcrossing) with tax number 513 308 016 and headquartered at Rua Elísio de Melo 28, 2, sala 20, 4000-196 Porto (Portugal) is a Portuguese company dedicated, among other activities, to the development and management of the web platform POSTCROSSING.COM (hereinafter referred to as, Platform).

Scope and coverage

This Privacy Policy applies only to the collection and processing of personal data carried out by Postcrossing for the provision of services through the Platform, allowing those services to be provided expeditiously and without inconvenience to the users.

Users can navigate through parts of the Platform without having to register, however, it is necessary to register to be able to make use of certain features, in particular those that enable the sending and receiving of postcards.

Personal Data

Personal data means any information in any nature and/or medium relating to an identified or identifiable person, directly or indirectly, in particular by reference to one or more specific elements, whether of their identity or their private life.


The collected personal data is an essential tool for users’ satisfaction and that personal data is processed in accordance with the applicable law and best practices. Postcrossing uses this data in an appropriate and expected way for the provision of its Platform services, namely, (a) to enable the services that facilitate the sending and receiving of postcards; (b) to setup the user accounts and profiles; (c) to improve the contents of the service; (d) to report news about the Platform; (e) to adapt the services to the needs of its users; (f) and, to allow the development of new features.

Data collected

Postcrossing collects and processes personal data necessary for the provision of services, to its operations and Platform management, namely, username, name, email address, postal address, date of registration and of the last login and profile image.

When using the service, the Platform can automatically register in its servers general data, such as the type of browser, IP address and requested pages.

How data is collected

The data will be collected through forms and through the Platform's usage, after the user acknowledges the collection and consents to its processing, which is made according to the law. The collected data is stored on secure servers and will not be used, in any situation, for any purpose other than that for which consent was previously obtained.


The Platform makes use of cookies. Postcrossing has a dedicated Cookie Policy page, which explains in detail what cookies are, how Postcrossing uses them and how you can control and/or remove them. The Cookie Policy page is an integral part of this Privacy Policy.

Users and security

Postcrossing takes the security of personal information very seriously, and does its best to safeguard it. Keeping in mind the state of the art and the technical knowledge available, Postcrossing uses technical and organizational measures to protect personal data against destruction, accidental or unlawful loss, accidental alteration, disclosure or unauthorized access, within a level of security appropriate to the nature of the data being protected. However, Postcrossing cannot guarantee the total security of the information of its users' accounts against all possible situations of unauthorized access, hardware or software failures and other factors that may compromise the security of the information.

Users should make careful use of the Platform in order to prevent unauthorized access to their accounts and personal information, namely, by carefully selecting and protecting their passwords and limiting access to the devices through which they access the Platform.

Storage period

Personal data will be stored and kept only for the lifespan of each user's account, and up to two (2) years after its termination, either by cancellation, suspension or lack of use of the Platform, as referred in the Terms of Service. This period is deemed to be sufficient for the purposes for which the personal data was collected. After this period, any personal data collected will be eliminated.


Users may update their personal data at any time through the account settings section of the Platform.

If the user is unable to update his personal data that way, they should contact Postcrossing via the proper contact form requesting this update, of which they will be notified by email as soon as it occurs.

Right of access

Data protection laws grant users the right to access their personal data at any time, as well as the right to oppose the use of the provided personal data. To this end, users should submit a written request through the proper contact form.


Users may eliminate their personal data at any time through the termination of their account on the Platform. However some of the personal data may be stored for a longer period of time, as detailed above.


Postcrossing uses statistical information gathering services, which collect anonymous information about the Platform’s usage, for example, time of visits, pages viewed and type of operating system used.

Google Analytics is a traffic analysis service provided by Google, Inc. ("Google") used in the Platform. Google uses the data collected to analyze the Platform’s usage and to prepare reports which enable Postcrossing to improve its services. Google Analytics integration is done in a way that keeps users’ IP address anonymous by removing part of its information. You can find Google’s privacy policy on its website.

Disclosure to third parties

Postcrossing does not sell or rent personal data to third parties. However, sharing of personal data may occur under the following conditions:

  1. Postcrossing shares users’ postal addresses between users, in a restricted and controlled way, for the purpose of providing the postcard exchange related services of the Platform.
  2. Postcrossing may rely on third parties for the provision of certain services on its behalf, and these third parties may have access to some personal data. Postcrossing ensures that entities that have access to personal data are credible and offer high guarantees of protection, never transmitting more data than that which is necessary to provide the contracted service;
  3. Postcrossing may also transmit data to third parties regarding investigations, judicial enquiries and legal and/or administrative procedures, when ordered to do so by a court of law.

Third-party websites

The Platform may contain links to other websites. These websites and the way they process collected information are the sole responsibility of their holders, and therefore, Postcrossing is not responsible for their privacy policies and/or practices.

Data transfer

In the event of any personal data being transferred to third-parties in countries which are not Member states of the European Union, Postcrossing will comply with the applicable legislation, in particular in regard to the adequate level of protection offered to personal data and the requirements for such transfers, not transferring personal data to jurisdictions that do not provide adequate safety and security guarantees.

Changes to Privacy Policy

Postcrossing reserves the right to adjust or amend this Privacy Policy at any time, adequately announcing those changes.

Effective from: January 1, 2016

If you believe that this website is not following its Privacy Policy, please contact us.