Privacy Policy

Last updated: 13 April 2026

The short version

Letta stores your letters privately and securely. We never read them, never sell your data, and never share it with third parties except where strictly necessary to run the service (for example, sending an email via our delivery provider). Your letters belong to you.

Who we are

Letta is operated by Digital Legacy Navigator Ltd. If you have any questions about this policy, you can contact us at [email protected].

What we collect and why

Account information. When you create an account, we store your name and email address. This is used to identify you, send you letters you've written to yourself as previews, and communicate with you about your account.

Letters and recipients. The letters you write and the details of the people you write to (name, email address, date of birth) are stored securely in our database. We never read your letters. They are encrypted at rest and in transit.

Payment information. Payments are processed by Stripe. We never see or store your card details. We only store a Stripe customer ID to manage your subscription.

Usage data. We collect basic analytics (page views, sign-up counts) to understand how the product is used. This data is aggregated and never tied to individual users.

How we use your data

  • To deliver your letters at the moment you've chosen
  • To send you account-related emails (welcome, billing receipts, check-in reminders)
  • To send you optional product update emails (you can unsubscribe at any time)
  • To provide customer support when you contact us
  • To detect and prevent fraud or abuse

Who we share data with

We do not sell your data. We share it only with the following service providers who help us operate Letta:

  • Resend — Email delivery (for sending letters and account emails)
  • Stripe — Payment processing
  • AWS S3 — Secure file storage
  • TiDB Cloud — Database hosting

Each of these providers is contractually required to protect your data and may not use it for any other purpose.

How long we keep your data

We keep your account and letters for as long as your account is active. If you delete your account, we permanently delete all your letters and personal data within 30 days. Some anonymised usage data may be retained for analytics purposes.

Your rights

Under UK GDPR and the Data Protection Act 2018, you have the right to:

  • Access the personal data we hold about you
  • Correct any inaccurate data
  • Request deletion of your data
  • Object to or restrict how we process your data
  • Export your data in a portable format

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

Cookies

We use a single session cookie to keep you signed in. We do not use advertising cookies or third-party tracking cookies.

Security

Your letters are encrypted at rest using AES-256 and in transit using TLS. We use industry-standard security practices and conduct regular reviews. No system is perfectly secure, but protecting your letters is something we take seriously.

Changes to this policy

If we make significant changes to this policy, we will notify you by email at least 14 days before the changes take effect. The "last updated" date at the top of this page will always reflect the most recent version.

Contact

Questions about this policy? Email us at [email protected]. We're a small team and we read every message.