Transport & Web Security
Every page on getbusinessaddress.com is served over HTTPS. We use HTTP Strict Transport Security (HSTS) with preload enabled, which tells browsers to always use encrypted connections to our site — even before the first page load.
Our response headers include X-Frame-Options: DENY to block our pages from being loaded inside iframes, preventing clickjacking. We also enforce a strict Content-Security-Policy that restricts which scripts, styles, and connections the browser will accept from our pages.
Bot Protection & Form Security
Our lead form is protected by Cloudflare Turnstile, a privacy-respecting bot challenge that does not require users to complete frustrating visual puzzles. Turnstile works in the background to confirm a real person is submitting the form, keeping spam and automated submissions out of our intake queue without tracking your behavior across the web.
Lead Data Storage
Form submissions are stored in Cloudflare D1, a serverless SQL database. Access to that database is restricted by an admin API key — there is no public read interface. We use this data only to respond to your inquiry and to follow up on your onboarding. We do not sell, rent, or share your contact information with third parties.
Analytics: What We Track and What We Do Not
We use PostHog analytics to understand how people use our site — which pages are viewed, where visitors come from, and whether the site is working correctly. Our PostHog configuration has session recording disabled and respect_dnt enabled, meaning we honor your browser's Do Not Track setting.
We do not use Google Analytics, Facebook Pixel, LinkedIn Insight Tag, or any other third-party advertising tracker. There are no retargeting pixels on this site.
Mail Handling
We operate as a USPS-licensed Commercial Mail Receiving Agency (CMRA). Mail handling follows USPS CMRA rules, which include identity verification for every customer via notarized USPS Form 1583 before mail can be received in their name.
Mail Handling
Mail is handled at our licensed CMRA location. Physical access is controlled. Mail is scanned, forwarded, held, or shredded per your standing instructions.
Form 1583 Compliance
Every customer completes a notarized USPS Form 1583 with two government-issued IDs before their mailbox goes active. This is a federal requirement, not an optional step.
Shredding on Request
Physical mail can be shredded on request via your dashboard instructions. We do not retain physical mail indefinitely — documents are handled and disposed of per your instructions.
We Keep What We Need
We retain your Form 1583 as required by USPS regulations. Beyond that, we keep the minimum information necessary to serve your account. We do not build profiles for advertising purposes.
What We Do Not Claim
Some security pages list certifications and audit results to build confidence. We want to be straightforward: we are a small business filing and mail-handling service, not an enterprise SaaS provider.
We Do Not Currently Hold or Claim
- SOC 2 Type I or Type II certification
- ISO 27001 or similar information security certification
- Independent penetration test results
- Formal encryption-at-rest certification for D1 data
If any of the above matter for your specific use case, we encourage you to ask questions before signing up. We would rather answer honestly than overstate what we have.
Questions or Security Concerns
If you have a security question, notice something that looks wrong, or want to know more about a specific aspect of how we handle your data, please reach out directly at [email protected]. We read and respond to every message.
Last updated: July 9, 2026