Last updated: 4 March 2026
This Privacy Policy explains how LetterHelp collects, uses, discloses, and protects personal data when you use our website and services.
For privacy-related requests, contact: support@letterhelp.eu
If required by applicable law, additional controller details are provided in service communications or on request.
Account data: email, authentication identifiers, and profile data required to provide access and billing features.
Usage data: service interactions, limits/usage counters, and technical logs needed for reliability and abuse prevention.
Content data: text prompts, generated outputs, and files you upload to process your requests.
Payment data: payments are processed by Stripe. We do not store full card details.
We process data to provide and secure the service, perform contracts with users, process payments, communicate service information, and comply with legal obligations.
Where required, we rely on consent (for example, optional analytics cookies). You can withdraw consent at any time for future processing.
Where applicable under GDPR, legal bases may include contract performance (Art. 6(1)(b)), legal obligation (Art. 6(1)(c)), legitimate interests such as security and fraud prevention (Art. 6(1)(f)), and consent (Art. 6(1)(a)).
Necessary cookies are used for core functionality (session, security, preferences). Optional analytics cookies are used only where consent is required and granted.
You can manage cookie preferences via the cookie banner and browser settings.
We use service providers to operate the platform, including infrastructure, authentication/database, payment processing, and AI providers.
Current providers include Supabase (hosting/auth/database/storage), Stripe (payments), and AI model providers such as OpenAI and Anthropic when enabled.
These providers process data under contractual safeguards and only for legitimate service purposes.
Your data may be processed in countries outside your residence jurisdiction. Where required, we use appropriate safeguards for cross-border data transfers.
For EU/EEA transfers, safeguards may include adequacy decisions, Standard Contractual Clauses (SCCs), and supplementary measures where required.
We retain personal data only for as long as necessary to provide the service, fulfill legal obligations, resolve disputes, and enforce agreements.
Retention periods depend on data type, account status, legal requirements, and security needs.
Depending on applicable law, you may have rights to access, rectify, erase, restrict, object to processing, and request data portability.
You may also have the right to lodge a complaint with a competent supervisory authority.
To exercise your rights, contact us using the email above. We may request reasonable identity verification before fulfilling a request.
LetterHelp uses AI-assisted processing to generate content. Outputs are not fully automated legal determinations and should be reviewed by the user before reliance.
The form auto-fill feature reads documents that you voluntarily upload to the service (such as passport scans, ID cards, income letters) and uses extracted text to suggest values for official form fields.
We do not separately collect, store, or access sensitive personal identifiers (such as national identity numbers, bank account details, or residence permit data) beyond what you choose to upload as documents.
Uploaded documents are stored in your personal account storage accessible only to you under row-level security. Service operators do not access the contents of your uploaded documents.
AI-generated form field suggestions are processed in-memory and are not retained after the session. You are solely responsible for verifying and correcting any AI-suggested values before entering them in an official form.
LetterHelp accepts no liability for errors, omissions, or consequences arising from use of the form auto-fill feature. The feature is an assistive tool, not a substitute for professional advice or careful personal review.
We use technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction.
No online system can be guaranteed 100% secure, but we apply industry-standard controls appropriate to risk.
The service is not intended for children under the minimum age required by applicable law. If you believe a child has provided personal data, contact us for removal review.
We may update this Privacy Policy from time to time. Material changes become effective when posted unless a later date is stated.