lettrs
DE

Privacy Policy

Last updated: March 2026

1. Data Controller

The data controller for this website is:
[Your full name]
[Your address]
Email: [your@email.at]

2. Data We Collect

We collect and process the following personal data:

  • Contact data: Name, address, email address (for letter creation and delivery)
  • Recipient data: Name and address of the letter recipient
  • Letter content: The letter text you compose or generate from templates
  • Signature: Digital signature (if provided), stored as an image file
  • Payment data: Processed directly by Stripe — we do not store credit card information
  • Account data: Email address and password hash for registered users
  • Technical data: IP address, browser type, timestamps (server logs)

3. Legal Basis

Your data is processed based on:

  • Contract performance (Art. 6(1)(b) GDPR): Processing to create and send your letter
  • Legitimate interest (Art. 6(1)(f) GDPR): Server logs for security and error diagnosis
  • Consent (Art. 6(1)(a) GDPR): Storing your signature for future letters (optional)

4. Third-Party Data Sharing

We share your data with the following service providers:

  • Pingen AG (Switzerland) — Printing and postal delivery of your letter. Receives: recipient address, letter content, your sender address.
  • Stripe, Inc. (USA) — Payment processing. Receives: payment information. Privacy: stripe.com/privacy
  • Resend, Inc. (USA) — Email notifications. Receives: your email address.
  • Turso (ChiselStrike, Inc.) (USA) — Database hosting. Stores: all user data.
  • Vercel, Inc. (USA) — Website hosting. Processes: IP addresses, server logs.

For data transfers to the USA and Switzerland, we rely on Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR and the EU Commission adequacy decision, respectively.

5. Data Retention

Your data is stored for as long as necessary to provide our service. Letter data is retained for the duration of your account. After account deletion, personal data is deleted within 30 days, unless statutory retention obligations apply.

6. Your Rights

You have the following rights regarding your personal data:

  • Access (Art. 15 GDPR) — What data we store about you
  • Rectification (Art. 16 GDPR) — Correction of inaccurate data
  • Erasure (Art. 17 GDPR) — Deletion of your data
  • Restriction (Art. 18 GDPR) — Restriction of processing
  • Data portability (Art. 20 GDPR) — Export your data
  • Objection (Art. 21 GDPR) — Object to processing

Contact us at [your@email.at] to exercise your rights.

7. Right to Complain

You have the right to lodge a complaint with the competent supervisory authority:
Austrian Data Protection Authority (Datenschutzbehörde)
Barichgasse 40-42, 1030 Vienna
dsb.gv.at

8. Cookies

We only use technically necessary cookies for authentication (session cookies). No marketing or tracking cookies are used.