Skip to content
Peachtree Data

Your Data, Protected

Your file, our responsibility. What happens to your file

Sending your customer file to anyone is an act of trust. We've handled that responsibility since 1994, and we'd rather show you how than ask you to take our word for it. Here is your file's journey through Peachtree Data, step by step.

The journey, step by step

  1. Transfer — encrypted from the start

    Your file reaches us through encrypted transfer channels: SFTP, FTPS (FTP over SSL), or HTTPS. Prefer PGP? We support that too — a layer of encryption you control, on top of the encrypted channel it travels through, so you know your data is protected in transit and at rest. We'll set the transfer up with you before anything is sent. Email attachments are not how customer files should travel, and we'll never ask you to send one that way.

  2. Access — limited to the people doing the work

    Only the processing team working on your job can touch your data — the minimum number of people, by design. And when your job runs through FAST, our automated processing platform, it completes with no human interaction at all.

  3. Processing — in our controlled environment

    All processing happens on our own servers, housed in a data center facility that carries its own SOC 2 Type II attestation. (To be precise: that's the facility's audit — Peachtree Data's own SOC 2 Type II audit is currently underway, as noted below.) Your data stays in the United States from start to finish — no offshore processing, no offshore access.

  4. Return — delivered back the way it came

    Your processed file returns through the same encrypted channels it arrived on, with documentation of what was done — no surprises, nothing withheld.

  5. Retention & destruction — on a clear schedule

    How long we keep your data depends on how the job ran. Manual projects are retained for 13 months, FAST automated jobs for 45 days, and API calls aren't retained at all — once the results return to your application, the data is gone. Want it gone sooner? Just ask. We'll delete and purge your data ahead of schedule on request.

Work with PGP? Download our public key to encrypt your file before you send it.

How to judge any data processor — including us

Whoever you send your data to, ask these three questions. The answers tell you more than any brochure.

Do they insist on the paperwork?

NCOA work requires a signed USPS Processing Acknowledgement Form from every party handling the data — no exceptions, no signing on someone's behalf. A provider who's casual about a USPS requirement is telling you how they treat the rest of their obligations. Ours is collected every time.

How the PAF works

Will they show you what happens to your file?

Not a security badge — the actual journey: how it arrives, who touches it, where it lives, when it's destroyed. If they can't walk you through it in plain English, that's an answer too. Ours is the page you're reading.

When you call, who answers?

If reaching a person who knows your account takes a ticket queue, imagine the conversation when something needs fixing mid-campaign. Call us during business hours and a person picks up.

Our credentials, plainly stated

SOC 2 Type II — audit underway

We are currently completing our SOC 2 Type II audit. That means an independent auditor is examining our security controls over time — not a checkbox, an examination. We'll update this page the day the report is issued.

USPS NCOALink® Full Service Provider licensee

The USPS licenses NCOALink access in tiers and holds licensees to its standards. We hold the Full Service license — the highest data-access tier.

USPS DSF2® licensee

Our DSF2 license is likewise granted and governed by the USPS, with the compliance obligations that come with it.

The evidence, in one place

Our Trust Center — built with our compliance partner, Vanta — is where our security documentation lives: our policies and the supporting evidence behind everything on this page. Once our SOC 2 Type II audit is complete, the report will be published there too. It requires a sign-in while we prepare it for public view, so if you'd like access today, just ask — we'll share it.

Visit the Trust Center

Questions about how we'd handle your file?

Ask us anything — before you send a single record. That's exactly the conversation we want to have.