Terms of Service

1. The Service

Postelist provides real-time email address verification and mail-infrastructure diagnostics, including DNSBL / blacklist monitoring. We query each submitted address against the provider of record—including Microsoft, Google, Apple iCloud, Yahoo, QQ, NetEase, and SMTP-compatible domains—and return a classification of deliverable, undeliverable, or uncertain, together with supporting signals such as SMTP response codes and reason codes.

Verification is probabilistic and provider-dependent. Results reflect the state of the mailbox and its provider at the moment of query and may change at any time. Postelist does not guarantee that any address classified as deliverable will accept, render, or respond to messages you subsequently send, and does not guarantee inbox placement, sender reputation, or the absence of blocklisting.

2. Accounts

To use paid features you must create an account. You are responsible for keeping your credentials confidential and for all activity that occurs under your account, including activity through API keys you generate. Notify us promptly at security@postelist.com if you suspect unauthorised access.

You must be at least 18 years old, or the age of majority in your jurisdiction, to create an account. You must provide accurate registration information and keep it current.

3. Credits and Billing

Postelist is pay-as-you-go. You purchase verification credits up front. Credits are consumed per request according to the published rate (one credit per standard address verification; additional credits for blacklist monitoring and other premium checks). Credits do not expire while your account remains in good standing.

All purchases are final and non-refundable except where required by law. Credits are consumed regardless of verdict, including “uncertain” results, because the underlying query has already been executed against the provider. We may update pricing from time to time; changes apply only to purchases made after the update takes effect. Previously purchased credits remain valid at their original rate.

4. Customer Responsibilities & Representations

Because email verification involves the processing of personal data, you make the following representations and warranties each time you submit an address or domain to the Service:

• You have a lawful basis under every applicable privacy and data-protection regime (including the UK GDPR, EU GDPR, the California Consumer Privacy Act, the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”), the Australian Privacy Act, Canada’s PIPEDA, and any other regime applicable to you, your sending infrastructure, or the data subject) to submit that address or domain for verification.
• The address was obtained lawfully—for example, through opt-in sign-up, existing customer relationship, or other legitimate means—and was not scraped, harvested, purchased from a list broker without documented consent, sourced from a data breach, or otherwise obtained in violation of applicable law.
• You have provided any notices and obtained any consents legally required before submission, including, where applicable, notice that a third-party processor may be used to verify deliverability.
• You will comply with all laws governing your sending activity, including CAN-SPAM (United States), CASL (Canada), the UK Privacy and Electronic Communications Regulations (PECR), the EU ePrivacy Directive, and the Hong Kong Unsolicited Electronic Messages Ordinance (Cap. 593).
• You will not submit addresses of individuals who have opted out of receiving communications from you, appear on your internal suppression list, or who you otherwise know or should know would not wish to be contacted.

You are solely responsible for the lawfulness of your sending, the content of your messages, and the downstream use of any verification result. Postelist does not review, audit, or endorse the addresses you submit or the purpose for which you use our results.

5. Acceptable Use

You must not use the Service, directly or indirectly, to:

• Verify addresses obtained through scraping, harvesting, data breaches, credential dumps, or any other source that does not satisfy Section 4 above.
• Enumerate, validate, or test email addresses or accounts for the purpose of credential stuffing, account takeover, targeted phishing, social engineering, doxxing, extortion, stalking, or any attack on the security or integrity of a third-party system or person.
• Support unsolicited bulk email, cold-email spam in violation of applicable law, mail-bombing, pharmacy / crypto / romance / investment scams, or any activity that would cause your sending infrastructure, ours, or that of our upstream providers to be listed on a public blocklist.
• Use the blacklist-monitoring features to probe, map, or target third-party infrastructure without that party’s authorisation.
• Transmit malware, links to malicious content, or content that infringes intellectual-property, publicity, or privacy rights.
• Process special categories of personal data (such as data concerning health, ethnicity, religious belief, sexual orientation, or political opinion) through the Service except where you have an explicit, documented lawful basis to do so.
• Reverse engineer, decompile, rent, resell, white-label, or attempt to extract the underlying provider logic, heuristics, probe datasets, or model weights behind the Service, or use the Service to build a competing product.
• Circumvent rate limits, quotas, billing controls, or any technical restriction we place on the Service, or use automated means to create multiple accounts.
• Impersonate another person or entity, or misrepresent your affiliation with any person or entity.

We may suspend, throttle, or terminate access without notice, and without refund of unused credits, if we reasonably believe your use violates these Terms, poses a security or reputational risk to the Service, our providers, or other customers, or is the subject of a credible complaint from a mailbox provider, anti-abuse organisation, or regulator. We may cooperate with mailbox providers, anti-abuse organisations (including Spamhaus), and law-enforcement agencies investigating abuse.

6. Roles & Data Processing

With respect to addresses you submit to the Service, you act as the data controller (or, under the PDPO, the data user) and Postelist acts as a processor on your instructions. With respect to your account information, billing data, and usage telemetry, Postelist acts as an independent controller. Our handling of personal data is described in detail in our Privacy Policy, which is incorporated into these Terms by reference. Our processing of personal data on your behalf is governed by our Data Processing Agreement (the “DPA”), which is incorporated into these Terms by reference and applies to all customers from the date the DPA was last updated.

We process submitted addresses only to perform the verification you have requested, to maintain security and audit trails, to comply with legal obligations, and to operate, secure, monitor, and improve the Service in accordance with the Service-Improvement Processing clause of the DPA, which limits routine diagnostic review to aggregate and domain-level signals and restricts targeted access to specific records. We do not rent, sell, or disclose submitted addresses to third parties for marketing or enrichment.

Acceptance of the Service-Improvement Processing framework.By creating an account or otherwise using the Service, you affirmatively consent to the Service-Improvement Processing described in Section 6 of the DPA on the terms set out there, including the access controls that limit routine diagnostic review to aggregate and domain-level signals and the conditions under which targeted record access is permitted. This consent is given as part of your acceptance of the Agreement and is a material consideration for the prices charged for the Service.

Audit framework is exclusive.The means by which you may verify Postelist’s compliance with the Agreement are set out exhaustively in Section 11 of the DPA. You agree that:

• Section 11 of the DPA constitutes the complete and exclusive framework for any audit, inspection, examination, interview, or interrogation of Postelist’s systems, personnel, premises, records, or data-handling practices in connection with the Service. No other audit, inspection, or oversight right is implied, granted, or reserved by the Agreement, by any course of dealing between the parties, or by any sales, onboarding, or other incidental communication.
• Within the parameters of Section 11 of the DPA, Postelist retains sole discretion over the scheduling of any on-site audit, including the right to designate the dates within the agreed audit window, the personnel made available, and the order in which areas are reviewed, provided the audit is conducted in good faith and the agreed audit plan is observed.
• The expedited-audit carveouts in Section 11.3 of the DPA apply only on their express terms (regulator-mandated, breach-triggered, or material breach uncured for thirty (30) days). Outside those express triggers, the six (6) month notice period and the once-per-twelve-months frequency cap in Section 11.2 of the DPA apply without exception.
• Nothing in this Section limits the rights of a competent supervisory authority acting under applicable Data Protection Law, the rights of a Data Subject to bring claims under applicable Data Protection Law, or any other non-waivable statutory right. Such rights are preserved as required by law and operate outside the contractual audit framework set out in this Section.

7. Intellectual Property

The Service, including its software, interfaces, documentation, probe methodology, classification heuristics, dashboards, and branding, is the exclusive property of Postelist and is protected by intellectual-property laws. These Terms grant you a limited, non-exclusive, non-transferable, revocable licence to use the Service for its intended purpose during the term of your account. No other rights are granted.

Verification results returned to you may be used within your own sending operations. Aggregated, anonymised, and de-identified signals derived from your use of the Service may be retained by Postelist to operate, secure, and improve the Service, to publish accuracy benchmarks, and to train internal detection models.

8. Disclaimer of Warranties

THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE”. TO THE MAXIMUM EXTENT PERMITTED BY LAW, POSTELIST DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. Postelist does not warrant that the Service will be uninterrupted, error-free, secure, or that every verification will be accurate; that third-party mailbox providers will continue to permit the queries the Service performs; or that the Service is suitable for any specific business use. You assume all risk and responsibility for the selection and use of the Service and for any consequences of relying on its results.

9. Limitation of Liability

TO THE FULLEST EXTENT PERMITTED BY LAW, POSTELIST AND ITS DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, AND LICENSORS WILL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, OR PUNITIVE DAMAGES; LOSS OF PROFITS, REVENUE, DATA, GOODWILL, BUSINESS OPPORTUNITY, OR SENDER REPUTATION; BLOCKLISTING, DELIVERABILITY PROBLEMS, OR ANY DOWNSTREAM REGULATORY, CONTRACTUAL, OR REPUTATIONAL CONSEQUENCE OF YOUR SENDING ACTIVITY; OR THE ACTS OR OMISSIONS OF MAILBOX PROVIDERS, ANTI-ABUSE ORGANISATIONS, OR OTHER THIRD PARTIES, IN EACH CASE ARISING OUT OF OR IN CONNECTION WITH THE SERVICE.

Our total aggregate liability arising out of or related to the Service, whether in contract, tort, or otherwise, is limited to the greater of (a) the amount you paid us in the twelve (12) months preceding the event giving rise to the claim, or (b) one hundred US dollars (US$100). The limitations in this Section apply even if a stated remedy fails of its essential purpose.

10. Indemnity

You agree to defend, indemnify, and hold harmless Postelist and its directors, officers, employees, agents, and licensors from and against any claim, loss, damage, liability, fine, penalty, or expense (including reasonable legal fees and regulatory costs) arising out of or related to:

• your use of the Service;
• your breach of these Terms, including any representation in Section 4;
• any assertion that an address, domain, or other data you submitted was obtained or processed without a lawful basis, or that notices or consents required by privacy or anti-spam law were not obtained;
• any sending, marketing, transactional, or transactional-adjacent activity you undertake using verification results, including any regulator complaint, mailbox-provider complaint, CAN-SPAM, CASL, PECR, GDPR, PDPO, or equivalent enforcement; and
• your violation of any third-party right, including intellectual-property or privacy rights.

Postelist may assume the exclusive defence and control of any matter otherwise subject to indemnification by you, in which case you agree to cooperate with our defence.

11. Suspension & Termination

You may stop using the Service at any time and close your account from the dashboard. We may suspend or terminate your access, with or without notice, for material breach of these Terms, for conduct we reasonably believe is harmful to the Service, its users, or third parties, for non-payment, for extended account inactivity, or if required by law or legal process. Upon termination, unused credits may be forfeited to the extent your termination results from breach of these Terms. Sections that by their nature should survive termination will do so, including Sections 4, 6–10, and 13–15.

12. Force Majeure

Postelist will not be liable for any failure or delay in performance caused by events beyond its reasonable control, including acts of God, natural disasters, war, terrorism, civil unrest, government action, labour disputes, telecommunication or internet outages, DDoS attacks, or actions of mailbox or upstream service providers.

13. Changes to these Terms

We may update these Terms from time to time. When we make material changes, we will update the “Last updated” date and, where appropriate, notify account holders by email. Continued use of the Service after a change takes effect constitutes acceptance of the revised Terms. If you do not accept a change, your sole remedy is to stop using the Service and close your account.

14. Governing Law & Dispute Resolution

These Terms and any dispute, claim, or matter of any nature arising out of or in connection with them (including non-contractual disputes or claims) are governed by and construed in accordance with the laws of the Hong Kong Special Administrative Region of the People’s Republic of China (“Hong Kong”), without regard to its conflict-of-laws principles.

The parties submit to the exclusive jurisdiction of the courts of Hong Kong in respect of any such dispute, save that Postelist may, at its sole option, elect to resolve any dispute by binding arbitration administered by the Hong Kong International Arbitration Centre (HKIAC) under the HKIAC Administered Arbitration Rules in force when the Notice of Arbitration is submitted. The seat of arbitration shall be Hong Kong, the language English, and the tribunal comprised of one arbitrator.

Nothing in this Section limits any right you may have under mandatory consumer protection law in your place of residence.

15. General

These Terms, together with our Privacy Policy and any order form or payment confirmation, constitute the entire agreement between you and Postelist regarding the Service and supersede all prior or contemporaneous understandings. If any provision is held unenforceable, the remaining provisions will remain in full effect. No waiver is effective unless in writing. You may not assign these Terms without our prior written consent; we may assign them to an affiliate or in connection with a merger, acquisition, or sale of assets. There are no third-party beneficiaries.

16. Contact

Questions about these Terms should be sent to legal@postelist.com. Abuse reports should be sent to abuse@postelist.com.