Legal

Privacy Policy

Last updated: 12 March 2026·Effective: 1 April 2026·v2.1

01 Overview

Letters, Inc. (“Letters”, “we”, “us”) builds an AI-powered email design and sending platform. This policy explains what information we collect, how we use it, and the choices you have. It applies to letters.com, our web app, and our APIs.

We keep this deliberately plain. If anything here is unclear, email privacy@letters.com and a human will answer.

The short version: we collect what we need to run the product, we don’t sell your data, and the emails you design belong to you.

02 What we collect

We collect information in three buckets:

Information you provide

  • Account details — name, work email, company, and password.
  • Brand inputs — the logos, colours, fonts, copy, and briefs you give the AI designer.
  • Billing information, processed by our payment provider (we never store full card numbers).

Information we collect automatically

  • Usage data — features used, emails generated, and basic device and browser metadata.
  • Log data — IP address, timestamps, and error reports, used to keep the service secure and reliable.

Recipient data you upload

If you use Letters to send, you may upload audience lists. You are the controller of that data; we process it on your behalf under our Terms and DPA.

03 How we use it

  • To provide, maintain, and improve the product.
  • To generate email designs from your briefs and brand kit.
  • To send transactional notices, security alerts, and (if you opt in) product updates.
  • To detect, prevent, and address abuse, fraud, and deliverability issues.
  • To meet legal and tax obligations.

We rely on the lawful bases of contract (to deliver what you signed up for), legitimate interest (to secure and improve the service), and consent (for optional marketing).

04 AI & your content

The briefs, brand assets, and emails you create are used to generate output for you. We do not use your private content to train foundation models, and we do not share it with other customers.

Aggregated, fully de-identified signals (for example, “sale emails convert better with shorter subject lines”) may inform product improvements — never your identifiable content.

05 Sharing & processors

We don’t sell personal data. We share it only with vetted sub-processors who help us run Letters — cloud hosting, payment processing, analytics, and email infrastructure — each under contract and bound to confidentiality. A current list is available on request.

We may also disclose information if required by law, or to protect the rights, safety, and property of Letters and its users.

06 Data retention

We keep personal data for as long as your account is active, then delete or anonymise it within 90 days of closure — unless a longer period is required for legal, tax, or security reasons. You can export or delete your designs at any time from your account.

07 Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise any of these, email privacy@letters.com — we’ll respond within 30 days.

You can opt out of marketing email at any time via the unsubscribe link or your notification settings.

08 Security

We encrypt data in transit and at rest, enforce least-privilege access internally, and undergo regular third-party testing. Letters is SOC 2 Type II audited. No system is perfectly secure, but we work hard to protect your information and to notify you promptly in the unlikely event of a breach.

09 Contact us

Questions about this policy or your data? Reach our privacy team at privacy@letters.com or write to Letters, Inc., 2261 Market Street, San Francisco, CA 94114.

For general enquiries, our contact page is the fastest route.