Privacy Policy

Last updated: March 13, 2026

1. Introduction

Letterable (“we”, “our”, or “us”) operates the Letterable platform, a newsletter creation and publishing tool available at letterable.io. This Privacy Policy explains what personal data we collect, how we use it, and what rights you have in relation to it. By using our service you agree to the practices described here.

2. Data we collect

We collect the following categories of personal data:

  • Account information — name, email address, and password (stored as a secure hash) when you create an account or join the waitlist.
  • Profile and content data — newsletter content, subscriber lists, and other material you upload or create while using the platform.
  • Usage data — pages visited, features used, session duration, and interaction events collected to improve the product. These are collected only after you grant explicit consent.
  • Technical data — IP address, browser type, operating system, and device identifiers collected automatically for security and service operation.
  • Communications — messages you send us via email or support channels.

We do not collect sensitive personal data (e.g. health, financial, or biometric data).

3. How we use your data

  • To create and maintain your account and provide product access.
  • To send transactional emails such as email verification and password resets.
  • To notify waitlist members when the product becomes available.
  • To send product update and marketing emails where you have opted in.
  • To analyse product usage in aggregate and improve the platform.
  • To detect and prevent fraud, abuse, and security incidents.
  • To comply with legal obligations.

We will never sell, rent, or trade your personal data to third parties for their own marketing purposes.

4. Legal basis for processing

We process personal data under the following legal bases:

  • Contract — processing necessary to deliver the services you requested.
  • Consent — analytics tracking and marketing emails, where we ask for opt-in.
  • Legitimate interests — security monitoring, fraud prevention, and service improvement, balanced against your rights.
  • Legal obligation — retaining records required by applicable law.

5. Sharing of data

We share personal data only with trusted sub-processors that help us operate the service (for example, cloud hosting, email delivery, and authentication providers). Each sub-processor is bound by data processing agreements and is prohibited from using your data for any purpose other than providing services to us. We may also disclose data when required by law or to protect the rights and safety of users and the public.

6. Data retention

We retain account data for as long as your account is active. If you delete your account we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or compliance purposes (typically up to 7 years for financial records). Analytics data is retained in aggregate form only and is not linked to identifiable individuals.

7. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include encrypted data transmission (TLS), encrypted storage, access controls, and regular security reviews. No transmission over the internet can be guaranteed to be 100% secure; you use the service at your own risk.

8. International transfers

Your data may be processed in countries outside the European Economic Area (EEA). When data is transferred outside the EEA we rely on Standard Contractual Clauses or other approved transfer mechanisms to ensure an adequate level of protection.

9. Your rights

Depending on your location you may have the right to access, correct, delete, restrict processing of, or receive a portable copy of your personal data. You may also have the right to object to processing or withdraw consent at any time. See our GDPR page for full details on exercising these rights.

10. Cookies and tracking

We use essential cookies to operate the service and, with your consent, optional analytics storage. See our Cookie Policy for details.

11. Children

The service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will update the “Last updated” date and, where appropriate, notify registered users by email. Continued use of the service after a change constitutes acceptance of the updated policy.

13. Contact

For privacy-related requests or questions, please contact us at contact@letterable.io.