Customer Contract Pack

Master Subscription Agreement (MSA) — postal.ID

Effective date: [DATE] This Master Subscription Agreement ("Agreement") is between [POSTAL.ID LEGAL NAME] ([DIFC ENTITY / LICENSE NO.]), [DIFC REGISTERED ADDRESS] ("postal.ID") and the customer identified in an Order Form ("Customer").

1. Key concept: roles (Controller/Processor)

For Verification Subject Data processed in connection with Customer's use of the verification service:

  • Customer is the Controller; and
  • postal.ID is the Processor, processing only on Customer's documented instructions.

For postal.ID's own Website/Admin/Billing Data, postal.ID is a Controller (see Privacy Notice — Website & Customer Admin Users).

2. Definitions

  • Services: postal.ID platform, portals, APIs, and verification workflows.
  • Verification: address verification via postal mail code/QR and optional digital factors (email/SMS OTP), and optional KYC/AML add-ons if enabled.
  • Case: a verification request created by Customer.
  • Subject: the individual being verified.
  • Evidence Pack: generated artifacts and logs for a Case.
  • Assurance Level: Digital Verified / Postal Verified / Digital+Postal Verified (defined in Verification Services Terms).

3. Subscription and access

postal.ID grants Customer a non-exclusive, non-transferable right to access and use the Services during the Term, subject to this Agreement, the AUP, and the Order Form.

4. Customer responsibilities

Customer will:

  • ensure it has a lawful basis to provide Subject data and initiate verification;
  • provide required notices/consents (especially for SMS/email where required);
  • configure policies responsibly (assurance levels, expiry, reminders);
  • keep credentials secure and use RBAC appropriately.

5. Verification results; no guarantee

postal.ID provides evidence-backed events and artifacts. Customer remains responsible for its onboarding/compliance decisions. postal.ID does not guarantee prevention of fraud or confirm legal residency.

6. Fees and payment

Fees, billing periods, and usage limits are in the Order Form. Taxes are Customer's responsibility unless required by law.

7. Confidentiality

Each party will protect the other's Confidential Information using reasonable care.

8. Data protection

The DPA forms part of this Agreement. Customer instructions are set in the Service configuration, API calls, and documented support tickets.

9. Security

postal.ID will maintain appropriate technical and organizational measures per the Security Addendum.

10. Intellectual property

postal.ID retains all IP in the Services. Customer retains IP in its data.

11. Acceptable use; suspension

postal.ID may suspend access for AUP violations, security threats, suspected fraud, or legal compliance.

12. Term and termination

Term is as stated in the Order Form. Either party may terminate for material breach not cured within [30] days. On termination, data return/deletion occurs per DPA and retention settings.

13. Warranties and disclaimers

Except as expressly stated, Services are provided "as is". postal.ID disclaims implied warranties to the maximum extent permitted by law.

14. Limitation of liability

Liability caps and exclusions apply as specified in the Order Form. Common structure:

  • cap = fees paid in the [12] months preceding the claim;
  • exclude indirect/consequential damages;
  • carve-outs for IP infringement and breach of confidentiality as negotiated.

15. Indemnities

  • postal.ID indemnifies Customer for third-party IP infringement claims regarding the Services.
  • Customer indemnifies postal.ID for claims arising from Customer data, instructions, or unlawful use.

16. Changes

postal.ID may update Service features. Material changes to legal terms will be notified with reasonable advance notice.

17. Governing law and jurisdiction

This Agreement is governed by DIFC laws and subject to exclusive jurisdiction of the DIFC Courts.

18. Order of precedence

Order Form → DPA/Transfer Addendum → Security Addendum → this Agreement → policies (AUP, etc.).

19. Contact

Legal notices: [LEGAL@POSTAL.ID]

Legal

    Referencia de ayuda

    82 entradas disponible

    Dashboard Overview

    Total Cases

    Descripción

    The total number of verification cases created across all statuses. Includes active, completed, failed, and expired cases.

    Impacto

    Tracks overall verification volume and platform adoption. Spikes may indicate batch uploads or new client onboarding.

    Ejemplo

    Displayed as a number, e.g. "247". Includes all cases regardless of status (active, completed, failed, expired).

    Referencia

    Typical tenants process 50-500 cases/month depending on plan.

    Consejos profesionales

    • Use batch CSV upload for high-volume onboarding periods.
    • Monitor for unexpected spikes which may indicate API misuse.

    Completed

    Descripción

    Cases that have reached the COMPLETE terminal state — all required verification layers passed successfully.

    Impacto

    Directly measures successful verifications. A low completed count relative to total cases suggests drop-off in the verification funnel.

    Ejemplo

    Displayed as a number, e.g. "189". Only counts cases with status = COMPLETE.

    Referencia

    Healthy completion rates are 70-85% of total cases.

    Fórmula

    Count of cases where status = COMPLETE

    Consejos profesionales

    • Send reminders to subjects with pending verifications.
    • Review failed cases to identify common blockers.

    In Transit

    Descripción

    Cases where a postal letter has been dispatched but not yet delivered or verified. Status is POSTAL_DISPATCHED.

    Impacto

    High in-transit counts may indicate postal delays or delivery issues in certain regions.

    Ejemplo

    Displayed as a number, e.g. "34". Counts cases with status = POSTAL_DISPATCHED.

    Referencia

    UK letters: 1-3 business days. EU/US: 3-7 business days.

    Letters in transit for more than 10 business days may indicate delivery failure.

    Consejos profesionales

    • Check delivery tracking for stuck letters.
    • Consider re-dispatching if beyond expected delivery window.

    Success Rate

    Descripción

    Percentage of cases that reached COMPLETE status out of all cases that have reached a terminal state (COMPLETE, FAILED, or EXPIRED).

    Impacto

    The primary health metric for your verification process. Low success rates may indicate issues with subject engagement, postal delivery, or bundle configuration.

    Ejemplo

    Displayed as a percentage, e.g. "82.5%". If 165 of 200 terminal cases completed, rate = 82.5%.

    Referencia

    75-90% is healthy. Below 60% warrants investigation.

    Fórmula

    COMPLETE / (COMPLETE + FAILED + EXPIRED) x 100

    Success rate excludes in-progress cases. A high total with low terminal count means most cases are still active.

    Consejos profesionales

    • Enable automated reminders to improve completion.
    • Review expired cases — shorter TTLs increase expiry rates.

    Case Lifecycle

    CREATED

    Descripción

    Initial state when a case is first created. No verification actions have been taken yet.

    Impacto

    Cases should move out of CREATED quickly. A backlog here means digital verification or letter dispatch is delayed.

    Ejemplo

    Input: Subject name "Jane Smith", address "12 Baker Street, London, NW1 6XE, GB", email "jane@example.com". Output: Case created with status CREATED.

    Consejos profesionales

    • Automate dispatch to avoid cases sitting in CREATED.

    DIGITAL_PENDING

    Descripción

    Email and/or SMS OTP has been sent to the subject. Waiting for them to enter the code.

    Impacto

    Long dwell times suggest the subject did not receive the OTP or is not engaging.

    Ejemplo

    Email OTP sent: "A3K9X2MF" (8 characters). SMS OTP sent: "482917" (6 digits). Subject enters the code on the verification page.

    Referencia

    Most digital verifications complete within 5 minutes of sending.

    Consejos profesionales

    • Check for disposable email addresses causing delivery failures.
    • SMS delivery rates vary by carrier — monitor bounce rates.

    DIGITAL_VERIFIED

    Descripción

    Subject has successfully entered the correct email/SMS OTP. Digital layer is complete.

    Impacto

    If the bundle includes postal verification, the case will transition to POSTAL_DISPATCHED next.

    Ejemplo

    Subject entered "A3K9X2MF" correctly. Status transitions from DIGITAL_PENDING to DIGITAL_VERIFIED.

    POSTAL_DISPATCHED

    Descripción

    A physical letter with a unique 10-character OTP and QR code has been printed and dispatched via the postal provider.

    Impacto

    Delivery tracking is available for UK and US/Canada (tracked delivery).

    Ejemplo

    Letter dispatched with postal OTP "K7M2X9P4LR" (10 characters) and QR code linking to verification URL. Tracking reference: "TRK12345678".

    Referencia

    UK: 1-3 days. EU/US: 3-7 days.

    POSTAL_PENDING

    Descripción

    Letter has been confirmed delivered (via tracking) but the subject has not yet entered the postal OTP.

    Impacto

    The subject has the letter but has not acted. A reminder may help.

    Ejemplo

    Tracking shows "Delivered" on 2026-02-20. Subject has not yet entered OTP "K7M2X9P4LR". Reminder email scheduled.

    Consejos profesionales

    • Enable automated reminders for postal-pending cases.
    • QR code on the letter makes verification faster — mention this to subjects.

    POSTAL_VERIFIED

    Descripción

    Subject has entered the correct postal OTP. Physical address possession is confirmed.

    Impacto

    The case will now transition to COMPLETE (assuming all required layers are verified).

    Ejemplo

    Subject entered "K7M2X9P4LR" correctly via QR scan or manual entry. Address possession confirmed.

    COMPLETE

    Descripción

    All required verification layers have been successfully completed. Evidence pack is sealed with SHA-256 hash chain.

    Impacto

    Terminal state. The evidence pack is now available for download and webhook delivery.

    Ejemplo

    Case completed with assurance level "Verified (Digital + Postal)". Evidence pack PDF available for download. Webhook "case.completed" fired.

    Completed cases cannot be re-opened. Create a new case if re-verification is needed.

    FAILED

    Descripción

    Case failed due to max OTP attempts exceeded, fraud detection, or manual rejection by a caseworker.

    Impacto

    Terminal state. Review the case timeline for the specific failure reason.

    Ejemplo

    Reason: "Max OTP attempts exceeded (5/5 for postal layer)". Or: "Caseworker rejected — ghost address confirmed".

    Failed cases count against your verification quota.

    Consejos profesionales

    • Check risk signals — disposable emails and ghost addresses are common causes.
    • Cases can be failed manually from MANUAL_REVIEW status.

    EXPIRED

    Descripción

    Case exceeded its time-to-live (TTL) without completing all required verification layers.

    Impacto

    Terminal state. The subject did not complete verification within the allowed window.

    Ejemplo

    Case created 2026-01-15 with 30-day TTL. Expired on 2026-02-14 with status stuck at POSTAL_PENDING.

    Referencia

    Default TTL is 30 days. Adjust per bundle if needed.

    Consejos profesionales

    • Increase TTL for international postal verifications.
    • Send reminders before expiry to improve completion rates.

    Assurance Levels

    Verified (Digital)

    Descripción

    Case completed using only digital verification (email and/or SMS OTP). No postal letter was required or sent.

    Impacto

    Fastest verification method. Suitable for lower-risk scenarios where regulatory requirements allow digital-only proof.

    Ejemplo

    Subject verified email ("A3K9X2MF") and SMS ("482917"). No postal letter sent. Assurance badge shows "Digital".

    Digital-only does not prove physical address possession. Some regulators may not accept this level.

    Verified (Postal)

    Descripción

    Case completed using postal letter verification only. A physical letter was sent and the OTP was entered correctly.

    Impacto

    Proves physical possession of the address. Stronger than digital-only but lacks digital cross-reference.

    Ejemplo

    Subject received letter and entered OTP "K7M2X9P4LR". No email/SMS required. Assurance badge shows "Postal".

    Verified (Digital + Postal)

    Descripción

    Case completed using both digital (email/SMS) and postal letter verification. Highest assurance level.

    Impacto

    Maximum assurance — confirms both digital contact details and physical address. Meets the strictest FCA, SRA, and HMRC audit requirements.

    Ejemplo

    Subject verified email + SMS (digital), then received letter and entered postal OTP. Badge shows "Digital + Postal".

    Referencia

    Recommended for regulated industries: law firms, financial services, accountancy.

    Consejos profesionales

    • Use the Enhanced or Maximum bundle to achieve this level automatically.

    Risk & Fraud

    Risk Score

    Descripción

    Composite fraud risk score from 0-100 calculated at case creation. Higher scores indicate greater risk.

    Impacto

    Determines whether risk-based step-up is triggered. Cases above the threshold are automatically escalated from digital to postal verification.

    Ejemplo

    Score 15: Low risk (no signals). Score 45: Medium (disposable email detected). Score 75: High (ghost address + velocity + disposable email).

    Referencia

    0-30: Low risk. 30-60: Medium risk. 60+: High risk (step-up likely).

    Fórmula

    Weighted sum of individual risk signals (disposable email, ghost address, address velocity, etc.)

    Consejos profesionales

    • Configure step-up threshold in tenant settings.
    • Review high-risk cases manually even if they complete.

    Disposable Email

    Descripción

    Detected when the subject email address belongs to a known disposable/temporary email provider (e.g. Guerrilla Mail, Tempail).

    Impacto

    Strong fraud indicator. Disposable emails cannot receive follow-up communications and suggest intent to avoid accountability.

    Ejemplo

    Input email: "user@guerrillamail.com" or "temp@throwaway.email". Signal triggers: Disposable Email = true, +25 risk points.

    Contributes 25 points to the risk score by default.

    Consejos profesionales

    • Consider requiring postal verification for all cases with disposable emails.

    Ghost Address

    Descripción

    Address matches a known mail forwarding service, virtual office, PO box farm, or serviced office address.

    Impacto

    The subject may not physically reside or operate at this address. Letters will be received but do not prove actual occupancy.

    Ejemplo

    Input address: "71-75 Shelton Street, London, WC2H 9JQ" (known virtual office). Signal triggers: Ghost Address = true.

    Ghost addresses undermine the core promise of postal verification. Always investigate.

    Consejos profesionales

    • Cross-reference with business registration records.
    • Consider requiring in-person verification for ghost addresses.

    Mail Forwarding

    Descripción

    Address is associated with a mail forwarding or redirection service (e.g. postal redirection service, PO Box).

    Impacto

    Mail forwarding means the letter could be received at a different physical location than the claimed address.

    Ejemplo

    Input address: "PO Box 4521, Manchester, M60 3AT" or an address with an active postal redirect. Signal: Mail Forwarding = true.

    Forwarded mail breaks the proof-of-address chain. The letter arrives but not necessarily at the claimed address.

    Address Velocity

    Descripción

    Multiple cases for different subjects have been submitted with the same address within a rolling time window.

    Impacto

    Could indicate a legitimate shared address (e.g. office building) or a fraud pattern where one address is used for multiple fake identities.

    Ejemplo

    5 different subjects verified at "42 High Street, Bristol, BS1 2AW" in the past 7 days. Velocity signal triggered.

    Referencia

    1-2 cases per address per month is normal. 5+ within a week is suspicious.

    Consejos profesionales

    • Cross-reference with subject names to identify legitimate shared offices.
    • Set velocity thresholds in fraud configuration.

    Cross-Tenant

    Descripción

    The same address has appeared in verification cases across different tenants on the platform.

    Impacto

    May indicate an address being used to fraudulently verify across multiple regulated firms simultaneously.

    Ejemplo

    "10 Downing Street, London" verified by 3 different tenants in the past 30 days. Cross-tenant signal raised (tenant names anonymised).

    Cross-tenant signals are anonymised — you see the signal but not the other tenant's details.

    IP Mismatch

    Descripción

    The IP address used during digital verification geolocates to a region significantly different from the claimed postal address.

    Impacto

    May indicate the subject is not near the claimed address. However, VPN usage can produce false positives.

    Ejemplo

    Claimed address: London, UK. Verification IP: 203.0.113.45 (geolocated to Lagos, Nigeria). Mismatch distance: 4,900 km.

    IP geolocation is approximate — do not use as sole rejection criteria.

    Consejos profesionales

    • Combine with geo-location layer for stronger physical presence confirmation.

    Step-Up

    Descripción

    Automatic escalation from a digital-only verification bundle to include postal verification, triggered when the risk score exceeds the configured threshold.

    Impacto

    Ensures high-risk cases get physical address verification even when the original bundle was digital-only.

    Ejemplo

    Case created with "Basic" bundle (email only). Risk score = 72 (above threshold 60). Postal layer automatically added. Step-Up badge shown.

    Referencia

    Default step-up threshold is 60 (configurable per tenant).

    Consejos profesionales

    • Monitor step-up rates — very high rates may mean your threshold is too low.
    • Step-up adds postal cost; factor this into billing estimates.

    Verification Bundles

    Email Layer

    Descripción

    Sends an 8-character OTP code to the subject's email address for verification.

    Impacto

    Fast digital verification — most subjects complete within minutes. Validates email ownership but not physical address.

    Ejemplo

    Input: subject email "jane.smith@lawfirm.co.uk". Output: OTP "A3K9X2MF" sent via configured email template.

    Referencia

    Delivery rate: 98%+ for legitimate email addresses. Completion rate: 85-95%.

    Consejos profesionales

    • Customise the email template with your branding via Template Engine.
    • Check bounce rates — high bounces suggest invalid email data.

    SMS Layer

    Descripción

    Sends a 6-digit OTP code via SMS to the subject's mobile number.

    Impacto

    Validates phone number ownership. Higher engagement than email due to push notification.

    Ejemplo

    Input: subject phone "+44 7700 900123". Output: SMS with OTP "482917" sent. Subject enters code on verification page.

    Referencia

    Delivery rate: 95-99% depending on carrier. Completion rate: 90%+.

    SMS costs are per-message and vary by country. International SMS is more expensive.

    Consejos profesionales

    • Use as a complement to email, not a replacement — some subjects prefer email.

    Postal Layer

    Descripción

    Dispatches a physical letter with a unique 10-character OTP and QR code to the subject's claimed address.

    Impacto

    The core Postal.id verification — proves physical possession of the address. Unfakeable by digital means.

    Ejemplo

    Input: "12 Baker Street, London, NW1 6XE". Letter printed with OTP "K7M2X9P4LR" + QR code. Dispatched via tracked post.

    Referencia

    UK delivery: 1-3 days. Completion rate: 70-85% (dependent on subject engagement).

    Postal verification is slower and more expensive than digital. Use for higher-assurance requirements.

    Consejos profesionales

    • Enable QR code scanning to simplify the subject experience.
    • Customise the letter template with your branding.

    Geo Layer

    Descripción

    Captures GPS coordinates from the subject's device at the time of OTP entry. Compares with the claimed address location.

    Impacto

    Adds a physical presence confirmation. The subject must be near the claimed address when entering the postal OTP.

    Ejemplo

    Claimed address: 51.5074, -0.1278 (London). Subject GPS: 51.5081, -0.1290 (0.15 km away). Within 1 km radius: PASS.

    Requires location permissions from the subject's browser. Some may decline.

    Consejos profesionales

    • Configure the acceptable radius (default: 1km) based on your needs.
    • Urban areas may need a smaller radius; rural areas may need larger.

    TTL (Time to Live)

    Descripción

    Maximum number of days allowed for the subject to complete all required verification layers before the case expires.

    Impacto

    Shorter TTLs create urgency but increase expiry rates. Longer TTLs are more lenient but delay case resolution.

    Ejemplo

    Input: 30 (days). Case created 2026-02-01 will expire 2026-03-03 if not completed. Enter 7-60 depending on use case.

    Referencia

    Default: 30 days. For urgent verifications, 7-14 days. For international postal, 45-60 days.

    Consejos profesionales

    • Match TTL to the expected postal delivery time in the target country.
    • Send reminders at 50% and 80% of TTL elapsed.

    Max Attempts

    Descripción

    Maximum number of OTP entry attempts allowed per verification layer before the case is marked as failed.

    Impacto

    Prevents brute-force OTP guessing. Too few attempts frustrate legitimate subjects; too many weaken security.

    Ejemplo

    Input: 5. Subject enters wrong OTP 5 times → case fails. Enter 3-10 (recommended: 5 for standard, 3 for high security).

    Referencia

    Default: 5 attempts. Security-sensitive: 3 attempts.

    Fórmula

    After max attempts exhausted → case status transitions to FAILED.

    Each failed attempt is logged in the audit trail and may contribute to risk scoring.

    Letter Format

    Descripción

    The postal format used for dispatching verification letters. Options depend on the provider and destination country.

    Impacto

    Different formats have different costs, delivery speeds, and tracking capabilities.

    Ejemplo

    Options: "standard" (cheapest, no tracking), "tracked" (mid-range, delivery confirmation), "certified" (signature required).

    Consejos profesionales

    • Standard letter: cheapest, no tracking. Tracked letter: mid-range, delivery confirmation. Certified mail: most expensive, signature required.

    Required vs Optional

    Descripción

    Each verification layer in a bundle can be marked as required or optional. Required layers must be completed; optional layers enhance assurance if completed.

    Impacto

    Required layers determine the minimum assurance level. Optional layers provide additional confidence without blocking completion.

    Ejemplo

    Bundle config: Email = Required, SMS = Optional, Postal = Required, Geo = Optional. Subject must complete email + postal; SMS and geo are bonus.

    Consejos profesionales

    • Make postal required for regulated use cases.
    • Make geo optional to avoid blocking subjects who decline location permissions.

    Postal Delivery

    Delivery Rate

    Descripción

    Percentage of dispatched letters that were successfully delivered to the destination address.

    Impacto

    Low delivery rates may indicate address quality issues, incorrect postcodes, or regional postal problems.

    Ejemplo

    96 of 100 letters delivered = 96% delivery rate. Displayed as a percentage on the postal metrics card.

    Referencia

    UK: 98%+. EU: 95-98%. US: 97%+.

    Fórmula

    Delivered / Dispatched x 100

    Consejos profesionales

    • Validate addresses before dispatching.
    • Monitor delivery rates by country to identify regional issues.

    Return Rate

    Descripción

    Percentage of dispatched letters returned to sender (RTS) by the postal service.

    Impacto

    High return rates indicate invalid addresses, subjects who have moved, or incorrect address formatting.

    Ejemplo

    3 of 100 letters returned = 3% return rate. Common reasons: "addressee gone away", "insufficient address".

    Referencia

    Healthy: below 3%. Above 5% warrants address validation review.

    Fórmula

    Returned / Dispatched x 100

    Returns add cost (dispatch + return postage) with no verification value.

    Avg Delivery Days

    Descripción

    Average number of business days between letter dispatch and confirmed delivery (where tracking is available).

    Impacto

    Helps set realistic TTL values and subject expectations.

    Ejemplo

    Displayed as "1.8 days" for UK, "4.2 days" for EU. Based on tracked deliveries in your recent cases.

    Referencia

    UK: 1.5 days. EU: 4-5 days. US: 3-4 days.

    QR Scan Rate

    Descripción

    Percentage of postal verifications completed by scanning the QR code on the letter versus manually typing the OTP.

    Impacto

    Higher QR scan rates indicate good subject experience — scanning is faster and less error-prone.

    Ejemplo

    55 of 100 postal verifications used QR scan = 55%. Remaining 45% typed the 10-character OTP manually.

    Referencia

    Typical: 40-60% use QR scanning.

    Consejos profesionales

    • Mention QR scanning in subject communications to increase adoption.

    Address Alerts

    Address Velocity Signal

    Descripción

    Alert triggered when an address receives more verification cases than the configured threshold within a time window.

    Impacto

    May indicate legitimate shared occupancy or potential fraud via address reuse.

    Ejemplo

    Alert: "42 High Street, Bristol" — 5 cases in 7 days (threshold: 3 per 30 days). Investigate shared office or fraud.

    Referencia

    Default threshold: 3 cases per address per 30 days.

    Consejos profesionales

    • Acknowledge alerts after investigation to keep the list manageable.
    • Adjust thresholds based on your client demographics.

    Cross-Tenant Signal

    Descripción

    Alert triggered when the same address is being verified across multiple different tenants on the platform.

    Impacto

    Could indicate a professional fraud attempt spanning multiple regulated firms.

    Ejemplo

    Alert: "10 Downing Street, London" appears in 3 different tenants within 30 days. Other tenant names are anonymised.

    Cross-tenant details are anonymised for data protection. You see the signal, not the other tenant's case details.

    Alert Score

    Descripción

    Numerical severity score assigned to each address alert based on the type and frequency of signals detected.

    Impacto

    Higher scores warrant more urgent investigation. Used for prioritising the alert queue.

    Ejemplo

    Score 15 (low): single velocity signal. Score 45 (medium): velocity + ghost address. Score 80 (high): cross-tenant + velocity + forwarding.

    Referencia

    1-30: Low priority. 30-60: Medium. 60+: High priority — investigate immediately.

    Acknowledge

    Descripción

    Mark an alert as reviewed after investigation. Acknowledged alerts are moved out of the active queue.

    Impacto

    Helps team members track which alerts have been investigated versus which need attention.

    Ejemplo

    Click "Acknowledge" on an alert → add a note like "Confirmed shared office building, legitimate usage". Alert moves to resolved queue.

    Consejos profesionales

    • Add a note when acknowledging to document your investigation findings.
    • Acknowledged alerts remain in the audit trail permanently.

    Webhooks

    Webhook Events

    Descripción

    Real-time HTTP POST notifications sent to your configured endpoint when case status changes occur.

    Impacto

    Enables automated workflows — update your CRM, trigger follow-up actions, or sync verification status with your systems.

    Ejemplo

    Events: case.created, case.digital_verified, case.postal_dispatched, case.postal_verified, case.completed, case.failed, case.expired, letter.dispatched, letter.delivered

    Consejos profesionales

    • Subscribe only to events you need to reduce noise.
    • Use case.completed for most integration use cases.

    HMAC-SHA256 Signature

    Descripción

    Every webhook request includes an X-Postal-Id-Signature header containing an HMAC-SHA256 hash of the request body using your webhook secret.

    Impacto

    Verify this signature before processing to ensure the webhook came from Postal.id and was not tampered with.

    Ejemplo

    Header: "X-Postal-Id-Signature: sha256=a1b2c3d4e5...". Verify by computing HMAC-SHA256(your_secret, raw_body) and comparing.

    Fórmula

    HMAC-SHA256(webhook_secret, request_body)

    Never process webhooks without verifying the signature — this is a critical security control.

    Retry Behaviour

    Descripción

    Failed webhook deliveries (non-2xx response or timeout) are retried with exponential backoff up to 5 attempts.

    Impacto

    Ensures temporary outages on your side do not cause missed events.

    Ejemplo

    Retry delays: ~30s, ~2min, ~8min, ~30min, ~2hr (exponential backoff with jitter)

    After 5 failed attempts, the webhook is marked as failed. Check the webhook logs to identify persistent failures.

    Billing & Usage

    Plan Limit

    Descripción

    Maximum number of verification cases included in your current subscription plan per billing period.

    Impacto

    Cases beyond the plan limit may incur overage charges or be blocked depending on your plan settings.

    Ejemplo

    Performance plan: "87 / 100 cases used this period". At 100, new case creation may be blocked until next period.

    Referencia

    Essential: 25/month. Performance: 100/month. Enterprise: unlimited.

    Consejos profesionales

    • Monitor usage at 80% of limit to avoid disruptions.
    • Upgrade plan before hitting limits for uninterrupted service.

    Usage Period

    Descripción

    The current billing cycle during which verification cases are counted against your plan limit.

    Impacto

    Case counts reset at the start of each billing period.

    Ejemplo

    Displayed as "1 Feb 2026 — 28 Feb 2026". Cases created within this window count toward the limit.

    Plan Status

    Descripción

    Current state of your subscription: active, past_due, cancelled, or trialing.

    Impacto

    Verification capabilities may be restricted for past_due or cancelled plans.

    Ejemplo

    Values: "active" (normal), "trialing" (free trial), "past_due" (payment failed), "cancelled" (subscription ended).

    Past-due accounts have a grace period before case creation is blocked.

    Verification Funnel

    Funnel Overview

    Descripción

    Visual breakdown of cases at each stage of the verification lifecycle, showing where subjects progress and where they drop off.

    Impacto

    Identify bottlenecks — if many cases stall at POSTAL_PENDING, subjects are receiving letters but not entering codes.

    Ejemplo

    Created: 100 → Digital Verified: 85 → Postal Dispatched: 80 → Postal Verified: 65 → Complete: 62 → Failed: 8 → Expired: 15.

    Consejos profesionales

    • Focus improvement efforts on the stage with the largest drop-off.
    • Compare funnel shapes across different verification bundles.

    Manual Review

    Descripción

    Cases escalated from the automated flow for human review. Typically due to risk signals, edge cases, or caseworker discretion.

    Impacto

    Manual review cases require a caseworker to approve or reject. They do not auto-complete.

    Ejemplo

    Case escalated due to risk score 85 + ghost address. Caseworker reviews evidence, clicks "Approve" (→ COMPLETE) or "Reject" (→ FAILED).

    Consejos profesionales

    • Set up notifications for new manual review cases to reduce response time.
    • Document review decisions in case notes for audit trail.

    Batch Upload

    Batch Upload

    Descripción

    Create multiple verification cases at once by uploading a CSV file. The system validates every row, flags errors, checks for duplicates, and processes valid rows in parallel.

    Impacto

    Enables bulk onboarding — process hundreds of verification cases from a single file upload instead of creating them one by one.

    Ejemplo

    Upload "clients_q1.csv" with 50 rows → Validate → 47 valid, 2 invalid, 1 duplicate → Upload 47 cases → Cases created and digital OTPs sent.

    Consejos profesionales

    • Always validate before uploading to catch errors early.
    • Download the template CSV for the correct column format.

    CSV Format

    Descripción

    Your CSV must include these required columns: name (subject's full name), line1 (street address), city, postalCode, countryCode (2-letter ISO code e.g. GB, US, DE). Optional columns: email, phone (with country prefix e.g. +44), line2, region, reference (your internal ID), bundleId.

    Impacto

    Correct CSV formatting ensures maximum validation success. Missing required columns will cause row-level errors.

    Ejemplo

    Header row: name,email,phone,line1,line2,city,region,postalCode,countryCode,reference,bundleId Data row: Jane Smith,jane@example.com,+447700900123,12 Baker Street,,London,,NW1 6XE,GB,MATTER-001,bundle_enhanced

    Using "UK" instead of "GB" is the most common error. The correct ISO code for United Kingdom is "GB".

    Consejos profesionales

    • Download the CSV template from the batch upload page for guaranteed correct format.
    • Use 2-letter ISO country codes: GB (not UK), US, DE, FR, NL, IE, ES, IT, CA, AU.
    • Phone numbers must include country prefix (e.g. +44 for UK, +1 for US).

    CSV Validation

    Descripción

    Before uploading, click "Preview & Validate" to check your file. The system checks: required fields present, valid email format, valid country codes, address completeness, and duplicate detection against existing cases.

    Impacto

    Validation catches errors before cases are created, saving time and avoiding wasted postal costs on invalid addresses.

    Ejemplo

    Validation results: Total Rows: 50, Valid: 47 (green), Invalid: 2 (red), Duplicates: 1 (amber). Country breakdown: GB: 30, US: 15, DE: 5.

    Consejos profesionales

    • Fix invalid rows and re-upload — only valid rows will be processed.
    • Duplicates are detected by matching name + address against existing active cases.

    Validation Errors

    Descripción

    Common errors: "Missing required field" (name/line1/city/postalCode/countryCode is blank), "Invalid country code" (not a recognised 2-letter ISO code), "Invalid email format" (malformed email), "Duplicate" (same name+address already exists as an active case).

    Impacto

    Each error shows the row number, field name, and error message so you can fix the exact issue in your CSV.

    Ejemplo

    Row 15: postalCode — "Missing required field". Row 23: countryCode — "Invalid country code 'UK' (expected 'GB')". Row 31: name — "Duplicate of row 12 (Jane Smith, 12 Baker Street)".

    Consejos profesionales

    • Check postcode format matches the target country (UK: "SW1A 2AA", US: "10001" or "10001-1234").
    • Remove duplicate rows before uploading.

    Upload Results

    Descripción

    After validation, you'll see: Total Rows (all rows in CSV), Valid (ready to upload), Invalid (have errors — fix and re-upload), Duplicates (match existing active cases — skipped). Only valid rows are processed when you click Upload.

    Impacto

    Invalid and duplicate rows are skipped. You can download a report of failed rows to fix and re-upload separately.

    Ejemplo

    Click "Upload 47 Cases" → system creates 47 verification cases in parallel. Each case gets digital OTPs sent immediately. Postal letters dispatched based on bundle config.

    Batch Job Status

    Descripción

    After upload, each batch job shows a status: Processing (still creating cases), Complete (all rows processed), Failed (system error during processing). The progress bar shows Succeeded/Failed/Remaining counts.

    Impacto

    Monitor batch progress in real-time. Most batches complete within minutes.

    Ejemplo

    Batch "clients_q1.csv": 47/47 processed, 45 succeeded, 2 failed. Click "View Errors" to see which rows failed.

    Consejos profesionales

    • Failed rows can be retried without re-uploading the entire file.
    • Download the error report CSV for failed rows with detailed error messages.

    Error Report

    Descripción

    Click "View Errors" on a completed batch to see which rows failed and why. Click "Download Report" to get a CSV of failed rows with error details — fix the errors and re-upload just those rows. "Retry Failed" re-processes failed rows without re-uploading.

    Impacto

    Efficiently handle partial failures without re-processing the entire batch.

    Ejemplo

    Error report: Row 12 — "Address validation failed: undeliverable address". Row 38 — "Plan limit exceeded". Fix address in row 12, upgrade plan, then retry.

    Quick Actions

    New Case

    Descripción

    Opens the case creation form where you enter the subject's details, address, and select a verification bundle. Once submitted, digital OTPs are sent immediately and a postal letter is dispatched (if the bundle includes postal verification).

    Impacto

    The primary way to start a single address verification. For bulk verifications, use Batch Upload instead.

    Ejemplo

    Click "New Case" → fill in name, email, address → select "Enhanced" bundle → click "Create Case" → email OTP sent within seconds, letter dispatched within 1 hour.

    Consejos profesionales

    • Use address autocomplete for faster, more accurate address entry.
    • Select the right bundle upfront — changing it later requires creating a new case.

    Recipients

    Descripción

    View all subjects (people being verified) across all your cases. Search by name, email, phone, or address. Click any recipient to see their full verification history, risk signals, and address changes over time.

    Impacto

    Central directory of all people you've ever verified. Useful for re-verification, fraud investigation, and compliance audits.

    Ejemplo

    Search "Jane Smith" → see all cases for that person → click through to view detailed profile with verification history, risk signals, and address timeline.

    Batch Upload

    Descripción

    Create multiple verification cases at once by uploading a CSV file. The system validates every row, flags errors, checks for duplicates against existing cases, and processes valid rows in parallel.

    Impacto

    Essential for high-volume onboarding. Process hundreds of verifications from a single file instead of creating cases one by one.

    Ejemplo

    Prepare CSV with columns: name, line1, city, postalCode, countryCode (required) + email, phone, reference (optional) → Upload → Validate → Process.

    Consejos profesionales

    • Download the CSV template first for the correct column format.
    • Always validate before uploading to catch formatting errors.

    Verification Packages

    Basic Package

    Descripción

    Digital-only verification using email OTP. An 8-character OTP code is sent to the subject's email address. The subject enters the code to verify email ownership. Fastest completion time (~5 minutes).

    Impacto

    Assurance level: Verified (Digital). Suitable for low-risk onboarding where email confirmation is sufficient and postal proof is not required by regulation.

    Ejemplo

    Layers enabled: Email (required). Subject receives email with OTP "A3K9X2MF" → enters code → case completes with "Verified (Digital)" assurance.

    Referencia

    Completion time: 2-5 minutes. Success rate: 85-95%. Cost: lowest (no postal dispatch).

    Consejos profesionales

    • Best for: initial client onboarding, newsletter signups, low-risk KYC.
    • Can be stepped up to postal automatically if risk score is high.

    Standard Package

    Descripción

    Two-factor digital verification using both email OTP (8-character code) and SMS OTP (6-digit code). Both channels must be verified for the case to complete.

    Impacto

    Assurance level: Verified (Digital). Provides dual-channel digital confirmation. Stronger than Basic but still does not prove physical address possession.

    Ejemplo

    Layers enabled: Email (required), SMS (required). Subject receives email OTP "A3K9X2MF" + SMS OTP "482917" → enters both → case completes.

    Referencia

    Completion time: 3-10 minutes. Success rate: 80-90%. Cost: low (email + SMS, no postal).

    Consejos profesionales

    • Best for: standard KYC, regulated onboarding where dual digital verification is acceptable.
    • Requires valid phone number with country prefix (e.g. +44 for UK).

    Enhanced Package

    Descripción

    Full postal + digital verification. Sends email OTP and dispatches a tracked physical letter with a unique 10-character postal OTP and QR code. SMS is optional. The postal letter proves physical possession of the address.

    Impacto

    Assurance level: Verified (Digital + Postal). Meets the strictest FCA, SRA, and HMRC requirements for proof of address. The gold standard for regulated industries.

    Ejemplo

    Layers enabled: Email (required), SMS (optional), Postal (required). Subject verifies email → letter arrives in 1-7 days → subject enters postal OTP → case completes.

    Referencia

    Completion time: 3-10 days (depends on postal delivery). Success rate: 70-85%. Cost: medium (includes postal dispatch).

    Postal verification adds cost and time. Only use when regulatory requirements demand physical address proof.

    Consejos profesionales

    • Best for: law firms, financial services, accountancy firms, property transactions.
    • The QR code on the letter allows subjects to scan and verify instantly.

    Maximum Package

    Descripción

    Highest assurance. All four verification layers: email OTP (8-char), SMS OTP (6-digit), postal letter (10-char OTP + QR code), AND GPS geo-location capture when entering the postal code. Proves both mail receipt AND physical presence at the address.

    Impacto

    Assurance level: Verified (Digital + Postal) with geo confirmation. The strongest possible proof that the subject physically resides at the claimed address.

    Ejemplo

    Layers: Email (required), SMS (required), Postal (required), Geo (required, 200m radius). Subject verifies email + SMS → receives letter → enters postal OTP while GPS confirms they're at the address.

    Referencia

    Completion time: 3-10 days. Success rate: 60-75% (geo may fail if subject declines location). Cost: highest.

    Some subjects may decline location permissions. Configure geo as optional if you don't want to block these cases.

    Consejos profesionales

    • Best for: high-risk cases, AML/CFT compliance, fraud-prone scenarios, high-value property transactions.
    • Geo verification requires the subject to allow browser location access.

    Default Package

    Descripción

    The bundle marked as "Default" is automatically used when cases are created via the API without specifying a bundleId. Only one bundle can be the default at any time.

    Impacto

    Controls the verification flow for API-created cases and any cases where the caseworker doesn't explicitly select a bundle.

    Ejemplo

    Set "Enhanced" as default → all API-created cases automatically use email + postal verification. Change to "Basic" → API cases only use email.

    Consejos profesionales

    • Set the default to your most commonly used package.
    • You can always override the default by specifying bundleId in the API request.

    Platform Package

    Descripción

    Pre-configured verification packages provided by Postal.id: Basic, Standard, Enhanced, and Maximum. These cannot be edited or deleted but can be set as the default.

    Impacto

    Platform packages cover the most common verification scenarios. Create custom packages only if you need non-standard layer combinations.

    Ejemplo

    Platform packages: Basic (email only), Standard (email + SMS), Enhanced (email + SMS + postal), Maximum (all 4 layers). All are always available.

    Recipients

    Recipient

    Descripción

    A "recipient" (also called "subject") is the person whose address is being verified. Each recipient may have multiple verification cases if they've been verified at different addresses or re-verified over time.

    Impacto

    Click any recipient to view their full profile including verification history, risk signals, address changes, and verification method success rates.

    Ejemplo

    Recipient "Jane Smith" has 3 cases: 1 completed (London address), 1 active (Manchester address), 1 failed (disposable email detected).

    Latest Status

    Descripción

    Shows the status of the most recent verification case for this recipient. Reflects where they are in the verification flow right now.

    Impacto

    Quick indicator of whether the recipient's most recent verification is complete, in progress, or has issues.

    Ejemplo

    COMPLETE (green): latest case fully verified. POSTAL_DISPATCHED (amber): letter sent, awaiting delivery. FAILED (red): latest case failed.

    Cases Count

    Descripción

    Total number of verification cases ever created for this recipient across all addresses and time periods. Includes active, completed, failed, and expired cases.

    Impacto

    Multiple cases may exist if the recipient moved, if a previous case expired, or if periodic re-verification is required.

    Ejemplo

    3 cases: means this person has been through the verification process 3 separate times (possibly at different addresses).

    Risk Score

    Descripción

    Aggregated risk percentage based on all risk signals detected for this recipient across all their cases. Combines ghost address, mail forwarding, address velocity, disposable email, and cross-tenant signals.

    Impacto

    Red (>70%): High risk — investigate immediately. Amber (40-70%): Moderate risk — review recommended. Green (<40%): Low risk — no immediate action needed.

    Ejemplo

    15%: Low risk (no signals). 52%: Medium (disposable email detected). 85%: High (ghost address + cross-tenant + velocity).

    Fórmula

    Weighted average of all risk signals across all cases for this recipient.

    Consejos profesionales

    • Click through to the recipient profile for detailed signal breakdown.
    • High-risk recipients should have their completed cases reviewed.

    Recipient Search

    Descripción

    Search across name, email, phone number, and address fields. Filter by case status to find recipients at a specific verification stage. Sort by newest, oldest, name alphabetically, or most cases.

    Impacto

    Quickly find specific recipients or identify groups of recipients in a particular state.

    Ejemplo

    Search "Manchester" → shows all recipients with Manchester addresses. Filter "FAILED" → shows recipients whose latest case failed.

    Recipient Profile

    Total Cases (Recipient)

    Descripción

    All verification cases ever created for this person, regardless of outcome. Includes active cases in progress, successfully completed cases, failed cases, and expired cases.

    Impacto

    A high case count may indicate re-verifications (normal) or repeated failed attempts (investigate).

    Ejemplo

    5 total cases: 3 completed, 1 active, 1 expired.

    Active Cases

    Descripción

    Cases currently in progress — not yet reached a terminal state (COMPLETE, FAILED, or EXPIRED). These are cases where the subject still needs to complete one or more verification steps.

    Impacto

    Active cases require monitoring. If a case stays active for too long, the subject may need a reminder.

    Ejemplo

    2 active cases: one at DIGITAL_PENDING (email OTP sent, awaiting entry), one at POSTAL_DISPATCHED (letter sent, awaiting delivery).

    Contact Details

    Descripción

    The subject's name, email address, and phone number as provided when the case was created. "First Seen" shows when this person was first added to the system. "Latest Status" shows their most recent case state.

    Impacto

    Contact information is used for email OTP delivery (email) and SMS OTP delivery (phone). Tags help categorise recipients.

    Ejemplo

    Name: Jane Smith. Email: jane@example.com. Phone: +44 7700 900123. First Seen: 15 Jan 2026. Tags: VIP, Priority.

    Current Address

    Descripción

    The most recent address provided for verification. "Verified" with a date means postal verification was successfully completed for this address. Ghost Address and Forwarding badges indicate risk flags detected during address validation.

    Impacto

    The current address is the one used for the latest or active verification case. Previous addresses appear in Address History.

    Ejemplo

    12 Baker Street, London, NW1 6XE, GB. Verified: 20 Feb 2026. Badges: none (clean address).

    Ghost Address badge means this is a known virtual office or mail forwarding address. Forwarding badge means mail may be redirected to a different location.

    Verification Methods

    Descripción

    Breakdown of how many email, SMS, and postal OTPs were sent to this recipient and how many were successfully verified. The progress bar shows the success rate for each channel.

    Impacto

    Identifies which verification channels work best for this recipient. Low success on a channel may indicate delivery issues.

    Ejemplo

    Email: 3 sent, 3 verified (100%). SMS: 2 sent, 2 verified (100%). Postal: 2 sent, 1 verified (50%). Green bar (≥80%), Amber (50-79%), Red (<50%).

    Consejos profesionales

    • Low postal success may indicate address issues or subject disengagement.
    • Low email success may indicate spam filtering or invalid email.

    Address History

    Descripción

    Chronological list of all addresses this person has been verified at across all their cases. Each entry shows the full address, country flag, and whether verification was completed.

    Impacto

    Useful for detecting frequent movers, address fraud patterns, or confirming legitimate address changes over time.

    Ejemplo

    1. 12 Baker Street, London — Verified 20 Feb 2026. 2. 45 Oxford Road, Manchester — Verified 15 Nov 2025. 3. PO Box 123, Bristol (Ghost badge) — Not verified.

    Case History

    Descripción

    All verification cases for this recipient in reverse chronological order. Click any Case ID to view the full case details including timeline, risk assessment, and evidence pack.

    Impacto

    Complete audit trail of every verification attempt for this person. Useful for compliance reviews and dispute resolution.

    Ejemplo

    Case a1b2c3d4: COMPLETE, Verified (Digital + Postal), 12 Baker Street, 20 Feb 2026. Case e5f6g7h8: FAILED, --, 45 Oxford Road, 15 Nov 2025.

    Create Case

    Subject

    Descripción

    The person whose address is being verified. "Subject" is Postal.id terminology for the end-person — not your employee or team member. Provide their full legal name as it would appear at the address.

    Impacto

    The subject's name is printed on the postal letter and included in the evidence pack. Use the correct legal name for compliance purposes.

    Ejemplo

    Input: "Jane Elizabeth Smith" (full legal name). Avoid nicknames or abbreviations unless that's the name at the address.

    Subject Contact

    Descripción

    Email is used for email OTP delivery (8-character code). Phone (with country prefix like +44 for UK, +1 for US) is used for SMS OTP delivery (6-digit code). Both are optional but required if the selected verification bundle includes email/SMS layers.

    Impacto

    Without email, the email OTP layer cannot function. Without phone, the SMS OTP layer cannot function. Postal verification does not require either.

    Ejemplo

    Email: jane.smith@example.com. Phone: +447700900123 (UK mobile) or +12125551234 (US). Note: phone must include country prefix.

    Consejos profesionales

    • Validate email addresses before entry — disposable emails trigger risk signals.
    • Mobile numbers only — landlines cannot receive SMS.

    Consent

    Descripción

    Legal requirement (GDPR/data protection): you must confirm the subject has given consent for address verification before creating a case. This checkbox is mandatory — the case cannot be created without it.

    Impacto

    Ensures compliance with data protection regulations. The consent status is recorded in the audit trail and included in the evidence pack.

    Ejemplo

    Check the box to confirm: "Subject has given consent for address verification". Unchecked = "Create Case" button is disabled.

    Creating cases without genuine subject consent may violate GDPR and expose your organisation to regulatory penalties.

    Address Validation

    Descripción

    After entering an address, the system automatically validates it for deliverability. Checks include: valid postal code format, known ghost/virtual office addresses, active mail forwarding/redirection services, and address standardisation.

    Impacto

    Pre-dispatch validation prevents wasted postal costs on undeliverable addresses and flags risk signals early.

    Ejemplo

    Enter "12 Baker St, London" → validation returns: Deliverable (green tick), standardised to "12 Baker Street, London, NW1 6XE". Or: "71-75 Shelton Street" → Ghost Address warning (orange).

    Consejos profesionales

    • Accept suggested address corrections for better deliverability.
    • Ghost address warnings don't block case creation but do increase the risk score.

    Verification Package Selection

    Descripción

    Choose which verification bundle to use for this case. Each package defines which layers (email, SMS, postal, geo) are enabled and whether they're required or optional. "Default" badge means this is the bundle used for API-created cases. "Platform" badge means it's provided by Postal.id.

    Impacto

    The selected package determines the verification flow, timeline, cost, and resulting assurance level.

    Ejemplo

    Select "Enhanced" → email OTP sent immediately, postal letter dispatched within 1 hour. Estimated postal cost shown below (e.g. £1.20 for UK letter).

    Consejos profesionales

    • Click the ? next to each package name (Basic, Standard, Enhanced, Maximum) for detailed explanations.
    • Required layers must pass; optional layers enhance assurance without blocking.

    Client Reference

    Descripción

    Optional internal reference for your own records. Use your matter ID, client number, file reference, or any identifier that helps you match this verification case to your internal systems.

    Impacto

    Searchable in the case list and included in webhook payloads and evidence packs. Makes it easy to cross-reference with your practice management software.

    Ejemplo

    Examples: "MATTER-2024-001", "CLT-4521", "AML-REF-789", "Property-Sale-42-High-St". Any format up to 100 characters.