Legal Documents
Stannp maintains comprehensive legal frameworks to protect customer and recipient data through our US Data Processing Agreement and Business Associate Agreement. Our DPA establishes compliant data processing on behalf of US customers under applicable state privacy laws including CCPA/CPRA, VCDPA, CPA, CTDPA, and UCPA, with clear processor obligations, security incident response procedures, and sub-processor management. For healthcare clients, our HIPAA-compliant BAA governs the handling of Protected Health Information with strict administrative, physical, and technical safeguards, mandatory 24-hour breach notification, and explicit prohibitions on PHI use for marketing or sales without authorization.
Policies
Stannp's operational policies ensure transparency and compliance across our direct mail platform services. Our Terms of Service, Data Protection Policy, and Privacy and Cookies Policy detail how we collect, process, and protect personal information in accordance with US federal and state privacy laws, including compliance with CAN-SPAM Act, TCPA, and CASL for Canadian recipients. These policies establish our dual role as Data Controller for business operations and Data Processor for customer campaigns, outline consumer rights under applicable state laws (access, deletion, correction, portability, opt-out), describe our technical and organizational security measures, and provide clear mechanisms for exercising privacy rights and managing marketing preferences.