# Data Management & Compliance

Open Letter Connect (OLC), safeguarding your data and maintaining compliance with privacy regulations is a core part of how we operate. Whether you're uploading mailing lists, managing campaigns, or integrating with your CRM, you can trust that your data is secure, validated, and handled responsibly.

### Data Retention & Ownership

* **Your data is your property.**\
  Any contact lists or mailing data you upload remain **yours**. OLC does **not sell**, **share**, or **use your data for marketing**.
* **How long we keep your data:**
  * Contact lists and campaign data are retained **as long as your account is active**.
  * If your account becomes **inactive for over one year**, data may be deleted for security and storage optimization.
  * We recommend **backing up your data** regularly outside of OLC.

### Address Validation & List Cleaning

* **Automatic Address Validation:**\
  OLC uses **Accutrace**, a **USPS-certified** address verification service, to:
  * **Standardize address formatting** (e.g., abbreviations, casing)
  * **Confirm deliverability** to reduce undeliverable mail
  * Ensure compliance with USPS regulations, including **CASS** and **NCOA** standards.

> 🔍 **Pro Tip:** Upload clean lists for better deliverability. Invalid or incomplete addresses may be flagged during import.

### Data Security

* **Encryption:**\
  All data is protected:
  * **In transit:** via **HTTPS encryption** during uploads, imports, and API calls.
  * **At rest:** stored securely within our infrastructure.
* **Access Controls:**\
  Your data is accessible **only to authorized personnel** involved in campaign fulfillment and technical support.
* **Sunsetting Policy:**\
  Inactive accounts and unused data are **reviewed annually** for removal to maintain security and compliance.

### Compliance Framework

* **GDPR & CCPA Alignment:**\
  OLC aligns with key privacy regulations:
  * **Right to Access:** Users may request a copy of their account data.
  * **Right to Deletion:** Users may request full deletion of their account and associated data by contacting <support@openletterconnect.com>.
  * OLC does **not sell personal data** and only processes data for the intended purpose of fulfilling mailing services.
* **Data Controller vs. Processor:**
  * You (the OLC client) act as the **Data Controller**: You determine what data to upload and who receives mail.
  * OLC operates as the **Data Processor**: We handle the processing (printing, mailing, address validation) on your behalf.

### Consent & Opt-Out Best Practices

* **Obtain Consent:**\
  As the Data Controller, it’s your responsibility to ensure you have the **right to contact** individuals on your mailing list.
* **Include Opt-Out Instructions (Recommended):**\
  While **opt-outs are not legally required** for direct mail in many jurisdictions, we recommend including opt-out methods, such as:
  * A **phone number**
  * An **email address**
  * A **website link** (QR codes are great here!)

> 🧠 **Why Include Opt-Outs?**\
> It builds **trust and transparency**, reduces complaints, and aligns your business with best practices.

### Fulfillment Partners & Subprocessors

* **Mailing Fulfillment:**\
  OLC fulfills all mail through **USPS**, with address validation powered by **Accutrace**.
* **No External Data Processors:**\
  Apart from mailing and address verification, OLC does **not engage third-party processors** for your contact data.

### Summary: Your Role, Our Role

| **Aspect**              | **Your Responsibility (Controller)** | **Our Responsibility (Processor)**              |
| ----------------------- | ------------------------------------ | ----------------------------------------------- |
| Uploading Contacts      | Ensure lawful consent                | Securely store and validate addresses           |
| Data Privacy Compliance | Comply with GDPR/CCPA for your lists | Align services with GDPR/CCPA standards         |
| Fulfillment             | Design campaigns, choose recipients  | Print, validate, and mail to verified addresses |

For more details, review our:

* [Privacy Policy](https://openletterconnect.com/privacy-policy/)
* Terms of Service\
  Or contact <support@openletterconnect.com> for compliance-related inquiries.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.openletterconnect.com/olc-help-docs/direct-mail-marketing-best-practices/data-management-and-compliance.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.