Privacy Policy
Last updated: May 19, 2026 · Last reviewed: May 19, 2026
Summary
- We collect only what we need to generate your letter, deliver it, and process payment.
- Your letter inputs are sent to our AI providers (Anthropic and, as a fallback, xAI) to generate the letter. Neither provider uses your data to train their models.
- We do not sell or share your personal information, and we do not run third-party advertising or analytics trackers.
- We retain letter content for 24 months unless you request earlier deletion. You can request access, correction, deletion, or portability at any time.
- Do not enter Social Security numbers, full bank or credit-card numbers, government ID numbers, or other highly sensitive data into the questionnaire. Use placeholders (e.g., "my SSN") and fill those in manually after downloading your letter.
Information We Collect
We collect the following information when you use LetterLotus:
- Email address— used to send your receipt and for any follow-up communication about your order.
- Letter questionnaire inputs— the information you provide through our questionnaire to generate your letter. These inputs may include narrative descriptions of your circumstances, which can incidentally reveal sensitive information (such as health, financial, or legal context).
- Payment information— collected and processed by Stripe. We never see or store full card numbers. Stripe provides us limited metadata (last four digits, card brand, billing ZIP) for receipts, fraud prevention, and refund processing.
- Session identifier— an anonymous UUID stored as a first-party cookie to maintain session continuity while you use the site.
- Basic usage data— pages visited, referral link clicks, and server logs (IP address, user agent, timestamp) used for security, debugging, and aggregate service improvement.
How We Use Your Information
- Generate your letter based on the questionnaire inputs you provide
- Send email receipts and order-related communication via Postmark
- Process payments and refunds via Stripe
- Detect and prevent fraud, abuse, and chargebacks
- Improve our service using aggregate, deidentified usage data. We commit to maintaining that data in deidentified form, applying technical and business safeguards against re-identification, and not attempting to re-identify it.
- Comply with legal obligations and respond to lawful requests
AI Processing of Your Inputs
LetterLotus generates letters using third-party large language model providers: Anthropic (Claude) as the primary model, and xAI (Grok) as a fallback when Claude is unavailable. When you submit your questionnaire, your responses are transmitted to one of these providers through their secure business APIs, and the generated letter is returned to you.
Under our agreements with these providers:
- Your inputs and the generated letter are not used to train their AI models.
- Anthropic retains API logs for up to 30 days for abuse-monitoring purposes before automatic deletion.
- xAI retains API logs for up to 30 days for the same purposes.
- Neither provider shares your data with third parties or uses it for advertising.
Because letter generation is automated and probabilistic, the output may contain inaccuracies, omissions, or fabricated information (commonly called "hallucinations"). You should carefully review every letter before sending it. Do not enter Social Security numbers, full bank or credit-card numbers, government ID numbers, protected health information beyond what is necessary for your letter, or information about minors under 13. If your letter requires reference to such data, use a generic placeholder and add specifics manually after download.
What We Store
- Letter data— questionnaire inputs and generated output, stored in Supabase with encryption at rest and access restricted by row-level security.
- Email address— retained for receipt delivery, order-related communication, and (with consent) optional follow-up.
- Session ID cookie— a strictly necessary first-party cookie. It is httpOnly, has a 12-month lifetime, and contains only an anonymous identifier. It is not used for cross-site tracking, advertising, or third-party analytics.
What We Do Not Store
- Full payment card details (Stripe handles all payment data directly)
- Browsing history beyond our site
- Third-party tracking cookies or advertising identifiers
- Biometric data or precise geolocation
Categories of Personal Information (CCPA)
In the preceding twelve months, we have collected the following categories of personal information, as defined by the California Consumer Privacy Act:
| CCPA Category | Examples | Source | Purpose | Recipients | Retention |
|---|---|---|---|---|---|
| Identifiers | Email, session ID, IP address | You; cookie; server logs | Service delivery, receipts, security | Postmark, Supabase, Vercel | 24 months (email); session lifetime; 90 days (logs) |
| Commercial information | Purchase records, refund history | Stripe | Fulfillment, accounting, fraud prevention | Stripe | 7 years (tax/accounting) |
| Internet or network activity | Pages visited, referral clicks, user agent | Cookie, server logs | Service improvement, debugging, security | Vercel | 90 days |
| Inferences | None | — | — | — | — |
| Sensitive Personal Information (only when included in your letter inputs) | References to health (e.g., medical-debt hardship), financial account context, or criminal-justice context | You | Letter generation only | Anthropic / xAI (transient processing) | 24 months |
We do not sell or share (as those terms are defined under the CCPA) personal information, and we have not done so in the preceding twelve months. We do not engage in targeted advertising or cross-context behavioral advertising.
Cookies and Tracking
We use a single strictly necessary first-party cookie (letterlotus_session) to maintain your session. We do not use analytics cookies, advertising cookies, social-media trackers, or third-party fingerprinting tools.
Data Retention
- Letter content and questionnaire inputs: 24 months after generation, after which the content is deleted or anonymized.
- Email addresses and receipt records: 7 years for tax, accounting, and chargeback-response purposes.
- Session cookies: 12 months, or until you clear them.
- Server logs: 90 days.
- Stripe payment metadata: retained by Stripe per their own terms (typically 7 years).
- AI provider logs:Anthropic and xAI each retain inputs and outputs for up to 30 days for abuse-monitoring before automatic deletion (see "AI Processing of Your Inputs" above).
You may request earlier deletion at any time (see "Your Privacy Rights" below). Some records may be retained longer where required by law or for legitimate fraud-prevention purposes.
Third-Party Services
We use the following third-party services to operate LetterLotus. Each service has its own privacy policy governing how it handles your data:
- Stripe — payment processing. Stripe Privacy Policy
- Supabase— database and file storage (US region). Supabase Privacy Policy
- Postmark — transactional email delivery. Postmark Privacy Policy
- Vercel— hosting, edge functions, and server logs. Vercel Privacy Policy
- Anthropic— primary AI model (Claude) for letter generation. Anthropic Privacy Policy
- xAI— fallback AI model (Grok) when Anthropic is unavailable. xAI Privacy Policy
Data Security
We use industry-standard administrative, technical, and physical safeguards to protect your information, including encryption in transit (TLS 1.2+), encryption at rest, row-level access control, least-privilege access, and rate-limiting. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
International Data Transfers
LetterLotus is operated from the United States, and our service providers process data primarily in the United States. If you access the service from outside the United States, your information will be transferred to and processed in the United States, which may have data protection laws different from those in your country.
Your Privacy Rights
Subject to applicable law, you have the right to:
- Know what personal information we have collected about you, the categories of sources, the purposes of collection, and the categories of recipients.
- Access a copy of the personal information we hold about you.
- Correct inaccurate personal information.
- Delete personal information we have collected, with certain exceptions required by law.
- Portability— receive your information in a portable, structured, machine-readable format.
- Opt out of any sale or sharing of personal information (we do not sell or share).
- Limit the use and disclosure of Sensitive Personal Information (see below).
- Non-discrimination— we will not deny service, charge different prices, or provide a different level of quality because you exercised your privacy rights.
- Appeal a denial of any of these rights (where required by your state).
How to Exercise Your Rights
To exercise any of these rights, email support@letterlotus.com with "Privacy Request" in the subject line and a description of your request. To protect your information, we will verify your identity by confirming control of the email address associated with your account or order, and may request additional information if needed to confirm the request is legitimate.
We will acknowledge your request within 10 business days and respond substantively within 45 days, extendable by an additional 45 days when reasonably necessary (we will notify you if an extension is required).
You may designate an authorized agent to make a request on your behalf by providing the agent with written, signed permission and verifying your own identity directly with us.
If we deny your request in whole or in part, you may appeal by replying to our response within 60 days. We will respond to appeals within 60 days.
State-Specific Disclosures
Residents of certain U.S. states have additional rights under state privacy laws, including California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Utah (UCPA), Oregon, Montana, Iowa, Delaware, New Hampshire, New Jersey, Tennessee, Indiana, Kentucky, Maryland, Minnesota, Nebraska, Rhode Island, and others. The rights summarized above apply to residents of these states to the extent provided by their respective laws.
California residentsmay also designate an authorized agent and have specific rights to know the categories listed above. We do not use or disclose Sensitive Personal Information beyond purposes permitted under Cal. Civ. Code §1798.121(d) (i.e., to provide the services you requested), and so the right to limit the use of Sensitive Personal Information does not apply to our processing.
Global Privacy Control (GPC)
We honor Global Privacy Control (GPC) signals from browsers as a valid opt-out request for any sale, sharing, or use of personal information for targeted advertising. Because we do not engage in any of those activities, sending a GPC signal does not change how we process your data, but we will treat the signal as a valid opt-out should those practices ever begin.
Sensitive Personal Information
Your questionnaire inputs may reveal Sensitive Personal Information (for example, references to health, financial accounts, or criminal-justice context) when relevant to your letter. We use this information solely to generate the letter you requested and do not use it to infer characteristics about you. Under Cal. Civ. Code §1798.121(d), this use is exempt from the right to limit the use of Sensitive Personal Information.
Automated Decision-Making
Letter generation is fully automated using large language models. The output is content, not a decision about you (such as eligibility, pricing, or risk scoring). You always have the right to review, edit, or discard the output before you use it. If you would like to understand the general logic involved, email support@letterlotus.com.
Children's Privacy
Our service is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If we learn we have collected such information, we will delete it. If you believe we may have collected information from a child under 13, please contact us so we can investigate.
Data Breach Notification
In the event of a data breach affecting your personal information, we will notify you in accordance with applicable law, including, for New York residents, within 30 days as required by the New York SHIELD Act, and as otherwise required by state and federal breach-notification statutes.
Marketing Communications
We primarily send transactional emails (receipts, order updates, deletion confirmations). If we send any promotional emails, you may opt out at any time by clicking the unsubscribe link in the email or by emailing support@letterlotus.com. We comply with the CAN-SPAM Act for all commercial email.
Users in the EU and UK
LetterLotus is offered from the United States and primarily directed to U.S. customers. If you are located in the European Economic Area, United Kingdom, or Switzerland and use the service, the following applies:
- Controller: LetterLotus is the controller of your personal information.
- Lawful bases: performance of a contract (to generate and deliver your letter); legitimate interests (security, fraud prevention, service improvement); consent (where required); and legal obligations (tax, accounting).
- Transfers: your information will be transferred to and processed in the United States. We rely on Standard Contractual Clauses or equivalent safeguards with our processors where applicable.
- Rights: in addition to the rights listed above, you may lodge a complaint with your local supervisory authority.
- Retention: as described above, with the same deletion-on-request procedures.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top. For material changes, we will provide additional notice (such as a banner on the site or an email to recent customers) at least 14 days before the changes take effect. We review this policy at least annually.
Contact
For privacy-related questions, requests, or appeals, email us at support@letterlotus.com. California residents may also see our California-specific notice in our Terms of Service.