GDPR Information

Last updated: March 13, 2026

1. Overview

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and equivalent national laws apply to the processing of your personal data by Letterable. This page explains how we comply with those obligations and how you can exercise your rights.

2. Data controller

Letterable acts as the data controller for personal data collected through letterable.io. As controller, we determine the purposes and means of processing and are responsible for ensuring that processing is lawful and fair. For questions about our role or your data, contact us at contact@letterable.io.

3. Lawful bases for processing

We only process personal data where we have a valid lawful basis:

  • Contractual necessity — processing required to provide the service you signed up for, such as account management, email delivery, and billing.
  • Consent — analytics tracking and marketing communications. You can withdraw consent at any time without affecting the lawfulness of prior processing.
  • Legitimate interests — security monitoring, fraud prevention, improving service quality, and aggregate usage analysis, where those interests are not overridden by your rights.
  • Legal obligation — retaining transaction records and complying with applicable law.

4. Your rights under GDPR

You have the following rights regarding your personal data:

  • Right of access (Art. 15) — you may request a copy of the personal data we hold about you and information about how it is processed.
  • Right to rectification (Art. 16) — you may ask us to correct inaccurate or incomplete personal data without undue delay.
  • Right to erasure (Art. 17) — you may request deletion of your personal data where it is no longer necessary for the purpose it was collected, where you withdraw consent, or where processing was unlawful.
  • Right to restriction of processing (Art. 18) — you may ask us to suspend processing of your data while a dispute about accuracy or lawfulness is resolved.
  • Right to data portability (Art. 20) — where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, machine-readable format.
  • Right to object (Art. 21) — you may object to processing based on legitimate interests or for direct marketing purposes at any time.
  • Rights related to automated decision-making (Art. 22) — we do not make decisions about you based solely on automated processing that produce legal or similarly significant effects.

5. How to exercise your rights

To exercise any of the rights listed above, send a request to contact@letterable.io with the subject line “Data Subject Request”. Please include enough information for us to verify your identity. We will respond within 30 days. If the request is complex or we receive a high volume we may extend this by a further two months, in which case we will notify you.

There is no charge for making a request unless requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse.

6. Withdrawing consent

Where processing is based on your consent, you may withdraw it at any time by contacting us at the address above or by clearing your browser storage for analytics consent. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.

7. International data transfers

Where personal data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other recognised transfer mechanisms such as adequacy decisions. A copy of the relevant safeguards can be provided on request.

8. Data retention

We retain personal data only as long as necessary for the purpose it was collected or as required by law. Account data is deleted within 30 days of account closure. Aggregate and anonymised analytics data may be retained indefinitely. For more detail see our Privacy Policy.

9. Right to lodge a complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority. In the EU, you can find your national data protection authority at edpb.europa.eu. We would, however, appreciate the opportunity to address your concerns directly before you approach a supervisory authority.

10. Contact

For any GDPR-related enquiries, contact us at contact@letterable.io.