Privacy Policy

Last updated April 23, 2026.

This Privacy Policy explains how Letterly handles personal information in connection with the service. It is intended to provide a clear description of our current data practices and service architecture as they exist today.

Letterly is built around private reflection and delayed email delivery. That means the service is designed to limit in-app access to sealed letters, while still using the operational systems, infrastructure, and service providers necessary to verify, schedule, store, and deliver letters in the future.

1. Scope and application

This Privacy Policy describes how Letterly collects, uses, stores, discloses, and otherwise processes personal information in connection with the Letterly website, application, email communications, and related services.

This Privacy Policy applies to information we collect when you browse the service, create or use an account, compose or schedule a letter, upload attachments, receive transactional communications from us, or otherwise interact with Letterly.

This Privacy Policy should be read together with any applicable terms of service and any additional notices we may present to you at the point of collection.

2. Categories of information we may collect

Depending on how you use Letterly, we may collect the following categories of personal information:

  • Identity and account information, such as your name, email address, authentication identifiers, sign-in provider details, and verification status.
  • Letter and scheduling information, such as the recipient email address, delivery date, delivery timezone, reference codes, scheduling status, and related operational metadata.
  • User content and attachments, including encrypted letter content, encrypted attachment records, and file metadata necessary to validate, store, associate, and deliver supported uploads.
  • Communications information, including messages you send to us and records of transactional emails or verification messages sent by or through the service.

3. How we collect information

  • Directly from you when you create an account, sign in, compose a letter, schedule a delivery, verify your email address, upload attachments, or otherwise submit information through the service.
  • Automatically through your browser, device, and application interactions, including cookies, session mechanisms, logs, and similar technical means necessary to operate and secure the service.
  • From service providers and infrastructure partners that support authentication, hosting, storage, email delivery, security, and related operational functions.

4. How we use personal information

We may use personal information as reasonably necessary to operate, secure, improve, and support Letterly, including to:

  • provide, maintain, and administer the service and its core functionality;
  • authenticate users, manage accounts, and verify control of destination email addresses;
  • process scheduling requests and deliver letters at the selected future date and timezone;
  • store encrypted payloads, upload and manage encrypted attachments, and maintain related records;
  • send transactional communications, including sign-in, verification, security, operational, and delivery-related emails;
  • detect, prevent, investigate, and address fraud, abuse, security incidents, or other harmful or unlawful activity;
  • debug, monitor, analyse, and improve the performance, reliability, and safety of the service;
  • comply with applicable law, legal process, regulatory requirements, and enforceable government requests;
  • protect our rights, property, systems, users, and legitimate business interests.

5. Privacy model and important service limitations

Letterly is designed to reduce casual access to sealed letters inside the application and to use encrypted storage as part of the scheduling and delivery flow. However, Letterly is not represented as a zero-knowledge or no-access service.

In order to verify recipient email addresses, maintain scheduled-delivery records, host encrypted content, and deliver letters by email at the appropriate future time, Letterly necessarily relies on backend systems, operational metadata, and third-party infrastructure.

You should not use Letterly to submit information that would create unacceptable risk if processed, stored, disclosed by law, or compromised despite commercially reasonable safeguards.

6. Attachments, storage, and email delivery

  • Supported attachments may be encrypted and uploaded in connection with the scheduling flow.
  • Encrypted attachments may be stored separately from the primary application database using private object-storage infrastructure.
  • Letterly uses third-party email delivery providers and background processing systems to send verification messages, account-related communications, and scheduled letters.
  • We may retain operational metadata relating to uploads, verification events, delivery attempts, and system processing for reliability, auditing, abuse prevention, and support purposes.

7. Disclosure of personal information

We do not sell your personal information. We may disclose personal information in the following circumstances:

  • to service providers, contractors, and infrastructure partners that help us operate the service, including hosting, storage, authentication, communications, security, analytics, and email-delivery providers;
  • to professional advisers, auditors, insurers, and similar parties where reasonably necessary for legitimate business or compliance purposes;
  • where disclosure is required or permitted by law, regulation, court order, subpoena, or other legal process;
  • where disclosure is reasonably necessary to investigate, prevent, or address fraud, abuse, security incidents, unlawful conduct, or threats to users, the public, or our systems;
  • in connection with an actual or proposed merger, acquisition, financing, reorganisation, insolvency event, sale of assets, or similar corporate transaction, subject to appropriate confidentiality and transition arrangements where applicable;
  • with your consent or at your direction.

8. Data retention

We retain personal information for as long as reasonably necessary to provide the service, maintain operational integrity, comply with legal obligations, resolve disputes, enforce agreements, and protect the service and its users.

Scheduled and failed delivery workflows may require us to retain operational metadata and, where applicable, encrypted content for a period necessary to complete delivery, retry failed delivery, or administer the service.

We may remove or purge certain encrypted content after successful delivery while retaining limited metadata and delivery history for operational, auditing, and support purposes. Backup systems and disaster-recovery copies may persist for a limited period after deletion from active systems.

9. Security

We implement administrative, technical, and organisational safeguards designed to protect personal information against unauthorised access, alteration, disclosure, or destruction. Those safeguards may include access controls, encrypted transport, credential protections, scoped infrastructure access, and operational monitoring.

No method of transmission over the internet, electronic storage, or security control is completely secure. Accordingly, we cannot guarantee absolute security, uninterrupted confidentiality, or that the service will be free from all vulnerabilities, loss events, or unauthorised access.

10. International transfers

Letterly and its service providers may process or store personal information in jurisdictions other than your own. By using the service, you understand that your information may be transferred to and processed in countries that may have data-protection laws different from those of your place of residence.

Where required by applicable law, we will rely on appropriate transfer mechanisms or other lawful safeguards for such cross-border processing.

11. Your rights and choices

Depending on your jurisdiction, you may have rights relating to your personal information, including rights of access, correction, deletion, restriction, portability, objection, or withdrawal of consent where consent is the basis of processing.

These rights are not absolute and may be subject to legal exceptions, verification requirements, retention obligations, security constraints, and technical limitations of the service at the relevant time.

If you wish to make a privacy-related request, you may contact us using the details below. We may ask you to verify your identity before responding.

12. Children’s privacy

Letterly is not directed to children under the age at which they may lawfully consent to digital services in their jurisdiction, and we do not knowingly collect personal information from children where doing so would be prohibited by applicable law.

If you believe a child has provided us with personal information inappropriately, please contact us so that we can review and, where appropriate, take action.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to the service, legal requirements, operational practices, or risk controls. When we do, we will update the effective or last-updated date on this page and may provide additional notice where required by law.

14. Contact

If you have questions about this Privacy Policy or wish to submit a privacy-related request, you may contact us at [email protected]