Legal

Privacy Policy

Last updated: June 1, 2026

Introduction

Vincenzo.be SRL ("we", "our", "Letter") operates the website https://letter.app and the related Service: an email automation platform that captures your users and product events, then triggers and delivers email sequences and broadcasts on your behalf.

This policy explains how we handle two distinct kinds of data: the data about you, our customer (your account), and the data you send through Letter about your own users and subscribers.

Our two roles: controller and processor

For the data in your account (your name, email, billing details, and settings), Letter is the data controller.

For the personal data you import or stream into Letter about your own users and subscribers (their email addresses, names, custom traits, and product events: together, "Contact Data"), you are the controller and Letter acts as your processor. We handle Contact Data only to provide the Service and only on your documented instructions. A Data Processing Agreement (DPA) is available on request at hello@letter.app.

Data we collect about you

You provide directly:

  • Account information (name, email address)
  • Workspace and project configuration (sending domains, sender identities, API keys you generate)
  • Billing information, when applicable, processed by our payment provider

We collect automatically:

  • Technical metadata (IP address, browser type, pages visited, timestamps)
  • Service usage data (features used, volume of contacts and sends)

Data you send through Letter

To deliver email on your behalf, Letter stores and processes the data you send us through the dashboard, our SDKs, or the API:

  • Contacts and attributes: email addresses, names, and any custom fields or traits you attach to them.
  • Product and user events sent via our SDKs or API (for example identify and track calls): event names, timestamps, and the properties you choose to send.
  • Email content you create: templates, broadcasts, and sequences.
  • Delivery and engagement data: sends, deliveries, opens, clicks, bounces, spam complaints, and unsubscribes.

We process Contact Data solely to provide the Service: to store your contacts, trigger and deliver your email, and report on the results. Your Contact Data is never used to train AI models, is never sold, and is never shared with third parties other than the sub-processors listed below.

How we use data

  • Provide and maintain the Service
  • Deliver your email and run your sequences and broadcasts
  • Protect the platform from abuse and maintain deliverability (see below)
  • Communicate with you (sign-in emails, support, invoices)
  • Improve the product (aggregated, de-identified statistics, never used to identify an individual)
  • Comply with our legal obligations

Email delivery and anti-abuse

Letter delivers email through shared sending infrastructure. To protect deliverability for every customer, we monitor delivery signals such as bounce and spam-complaint rates and may rate-limit or pause sending for an account that exceeds healthy thresholds. Every email Letter sends includes a one-click unsubscribe mechanism; recorded unsubscribes, bounces, and complaints are kept on a suppression list so we can honor opt-outs even if the underlying contact is later deleted.

Sub-processors

Letter relies on the following sub-processors to operate the Service:

Sub-processor Role Location
Railway Application hosting, PostgreSQL database, and Redis queues EU / US (region-dependent)
Amazon Web Services (SES) Outbound and transactional email delivery US / EU
Cloudflare (R2) Storage of images and email assets EU
Stripe Payment processing and subscription billing US / EU

We notify customers before adding or replacing a sub-processor that processes Contact Data, so you can object if needed.

Retention

  • Account and Contact Data: retained while your account is active, and deleted within 30 days of account closure.
  • Contacts you delete from a project are removed promptly, except for the minimal suppression record needed to honor unsubscribes and complaints.
  • Technical logs: retained for 30 days, then purged.
  • Invoices: retained for 7 years (Belgian accounting law).

Your rights (GDPR)

You can access, correct, export, or delete your account data at any time. To exercise these rights, email hello@letter.app.

For Contact Data, the individual's rights are exercised through the customer who controls that data. If you are a subscriber wishing to access or delete your data, please contact the company that sent you the email. We assist our customers in responding to these requests as their processor.

International transfers

Some of our sub-processors are located in the United States. Where data is transferred outside the European Economic Area, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

Security

All communications are encrypted in transit with TLS. Credentials and secrets are encrypted at rest. Code and infrastructure access is restricted to a small set of administrators.

Minors

Letter is a professional tool. The Service is not intended for people under the age of 16.

Changes

We will notify you by email at least 30 days before any significant change to this policy takes effect.

Contact

Vincenzo.be SRL · hello@letter.app · Brussels, Belgium