Privacy Policy

Last updated: April 30, 2026

Information We Collect

We collect the following information when you use LetterLotus:

• Email address — used to send your receipt and for any follow-up communication about your order.
• Letter questionnaire inputs — the information you provide through our questionnaire to generate your letter.
• Payment information — collected and processed by Stripe. We never see or store your full card number.
• Session identifier — an anonymous UUID stored as a cookie to maintain session continuity while you use the site.
• Basic usage data — pages visited and referral link clicks, used to improve our service.

How We Use Your Information

• Generate your letter based on the questionnaire inputs you provide
• Send email receipts through Postmark
• Process payments through Stripe
• Improve our service using aggregate, anonymized usage data (we do not sell or share individual data)

What We Store

• Letter data — stored in Supabase with encryption at rest.
• Email address — retained for receipt delivery and order-related communication.
• Session ID cookie — a functional cookie (not a tracking cookie). It is httpOnly, lasts one year, and contains only an anonymous identifier.

What We Do Not Store

• Full payment card details (Stripe handles all payment data directly)
• Browsing history beyond our site
• Third-party tracking cookies or advertising identifiers

Data Retention

Letter data is retained indefinitely so you can return to access your letters. You may request deletion of your data at any time by contacting us. When we receive a deletion request, we will remove your data within 30 days.

Third-Party Services

We use the following third-party services to operate LetterLotus. Each service has its own privacy policy governing how it handles your data:

• Stripe — payment processing. Stripe Privacy Policy
• Supabase — data storage. Supabase Privacy Policy
• Postmark — transactional email. Postmark Privacy Policy
• Vercel — hosting. Vercel Privacy Policy

Your Rights

You have the right to:

• Request access to the personal data we hold about you
• Request deletion of your data
• Request correction of inaccurate data

To exercise any of these rights, contact us using the information below.

Contact Information

For privacy-related questions or requests, email us at support@letterlotus.com.