AI Mail Processing Policy

Reviewed: January 2026

Our Compliance Principles

UK Postbox is built around strict UK GDPR principles, including data minimisation, purpose limitation, privacy by design, and security of processing.

We process customer mail only to the extent necessary to provide our service: secure receipt, image scanning, storage, and delivery to the intended account holder.

We deliberately do not use Optical Character Recognition (OCR) or Artificial Intelligence (AI) to analyse or extract the contents of customer mail.

This is a conscious compliance and risk-reduction decision.

What Happens When Your Mail Is Processed

Envelope processing:

• We OCR envelopes using scanners in our mailroom to identify the sender.

• This OCR process is entirely local—no data leaves our infrastructure or is processed by third parties.

• AI is not used in this process.

Mail content processing:

• Mail is captured as a secure PDF file. No OCR or AI

• It is stored for customer access within their account.

• It is handled solely for service delivery purposes.

What We Do Not Do

We do not process customer mail content with OCR or AI. Specifically, we do not:

• Convert mail documents into machine-readable or searchable text.

• Extract names, addresses, financial details, medical information, or other personal data from mail content into structured databases.

• Create additional datasets from document contents.

• Analyse, categorise, summarise, or interpret documents using AI.

• Profile customers or assess behavioural patterns from mail content.

• Use customer mail content to train AI systems or third-party models.

We do not expand the scope of processing beyond what is necessary to deliver the digital mail service.

Why We Do Not Use OCR or AI on Mail Content - Data Minimisation (UK GDPR Article 5)

OCR and AI systems convert documents into structured and searchable datasets, increasing the volume and accessibility of personal data.

By avoiding text extraction and automated content analysis, we:

• Limit the amount of personal data created.

• Reduce internal accessibility of sensitive information.

• Reduce the potential impact of a security incident.

Less derived data means lower overall risk.

Purpose Limitation (UK GDPR Article 5)

Customers use UK Postbox for secure mail handling and digital access — not for content analysis.

We process mail strictly for service delivery. We do not analyse, mine, monetise, or repurpose document contents for secondary uses.

Privacy by Design and Default (UK GDPR Article 25)

Our systems are intentionally designed to:

• Restrict processing to what is operationally necessary.

• Prevent automated content extraction from mail.

• Avoid expanding data processing beyond customer expectations.

This is an architectural decision made to strengthen confidentiality and compliance.

Security of Processing (UK GDPR Article 32)

Automated text extraction and AI processing increase system complexity and data exposure.

By not generating searchable text databases or AI-derived datasets from mail content, we:

• Reduce attack surface.

• Limit structured data accumulation.

• Simplify security controls.

• Lower systemic risk.

Security is enhanced by reducing unnecessary processing.

Our Compliance Position

UK Postbox processes personal data lawfully, fairly, and transparently in accordance with UK GDPR.

We deliberately avoid technologies that would increase the scope, intensity, or secondary use of personal data beyond what is required to provide our service.

We believe that the most secure and GDPR-aligned approach to handling sensitive correspondence is to process only what is strictly necessary — and nothing more.

A Deliberate Choice

Many digital mail providers use OCR and AI tools to extract and analyse document contents.

UK Postbox has chosen not to.

When customers entrust us with their mail, discretion, restraint, and data minimisation come first.

UK Postbox Limited

13 Freeland Park, Wareham Road, Lytchett Matravers, Poole, Dorset, BH16 6FH, United Kingdom

Support: support@ukpostbox.com

Security: security@ukpostbox.com

Legal notices: legal@ukpostbox.com

Data protection: dpo@ukpostbox.com

Complaints: complaints@ukpostbox.com

Accessibility: accessibility@ukpostbox.com

Website: www.ukpostbox.com

Registered in England and Wales Company Number: 06723381

MLR registration no: XLML00000192390

ICO registration no: ZA038907