Privacy Policy
Effective Date: December 2025
Last Updated: December 2025
Overview
Letter IRL ("we," "our," or "us") provides a service that lets you send physical letters through AI assistants like ChatGPT. This Privacy Policy explains what data we collect, how we use it, and your rights.
By using Letter IRL, you agree to this policy.
Important: Sensitive Data Warning
Do not use this Service to transmit sensitive or confidential information.
This includes:
- Social Security numbers
- Financial account numbers
- Health information (PHI/HIPAA)
- Passwords or security credentials
- Any other highly confidential data
Physical mail is handled by multiple third parties (printing facilities, postal services) and is not encrypted once printed. We are not liable for exposure of sensitive information you choose to include.
Information We Collect
Information You Provide
| Data Type | Examples | Purpose |
|---|---|---|
| Account Info | Email, name, login provider | Create and manage your account |
| Letter Content | Letter text, recipient names, addresses | Print and mail your letters |
| Return Address | Your name and mailing address | Include sender info on letters |
| Support Requests | Emails, feedback | Respond to your inquiries |
Information from Third Parties
| Source | Data | Purpose |
|---|---|---|
| Auth0 | Email, authentication identifiers | Verify your identity |
| Stripe | Payment tokens, transaction history | Process Letter Pack purchases |
| ChatGPT/OpenAI | Commands and text you send through MCP | Fulfill your letter requests |
Note: We do not store full credit card numbers. Stripe handles payment processing securely.
How We Use Your Information
We use your data to:
- Provide the Service - Print and mail your letters via PostGrid
- Process Payments - Manage letter balance and transactions via Stripe
- Improve Reliability - Debug issues, monitor performance, fix bugs
- Prevent Abuse - Detect fraud, harassment, and policy violations
- Comply with Law - Respond to legal requests when required
Third-Party Services
We use the following services to operate Letter IRL:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Auth0 | User authentication | auth0.com/privacy |
| Stripe | Payment processing | stripe.com/privacy |
| PostGrid | Letter printing and mailing | postgrid.com/privacy |
| Neon | Database hosting | neon.tech/privacy |
| Railway | Application hosting | railway.app/privacy |
| OpenAI | AI interface (ChatGPT) | openai.com/privacy |
Data Access and Sharing
We do not sell your personal data.
Your data may be accessed in these circumstances:
Service Fulfillment
- PostGrid receives letter content and addresses to print and mail your letters
- Our team may view letter content for troubleshooting, quality assurance, or fraud prevention
- Your content is not encrypted to us - we must process it to generate the physical document
Legal Requirements
We may disclose information if required by law (e.g., subpoena, court order) or to protect the rights, property, or safety of Letter IRL, our users, or the public.
Data Retention
| Data Type | Retention Period |
|---|---|
| Letter Content | 90 days after sending (for delivery verification and disputes) |
| Letter Drafts | Deleted automatically after 24 hours if not sent |
| Account Data | Retained while your account is active |
| Transaction History | Retained for accounting and legal compliance |
| Expired Letter Balance | Records retained, but letters no longer usable |
You can request deletion of your account and associated data by contacting us.
Data Security
We implement industry-standard security measures:
- Encryption in Transit - All data transmitted via HTTPS/TLS
- Secure Authentication - OAuth 2.0 via Auth0
- Payment Security - PCI-compliant processing via Stripe
- Access Controls - Limited employee access to production data
However, no system is 100% secure. Physical mail, once printed, is not encrypted and passes through postal handling. You use the Service at your own risk.
Your Rights
You may request:
- Access - A copy of your personal data
- Correction - Correction of inaccurate data
- Deletion - Deletion of your account and associated data
To make a request, contact us at policy-team@letterirl.com.
Cookies and Tracking
Our website uses minimal cookies for:
- Authentication - Keeping you logged in
- Security - Preventing cross-site request forgery
We do not use advertising cookies or third-party tracking for marketing purposes.
Children's Privacy
Letter IRL is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected data from a child, we will delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. We'll notify you of significant changes through the service or by email. Continued use after changes means you accept the updated policy.
Contact Us
Questions about this Privacy Policy? Contact us at:
Email: policy-team@letterirl.com
Website: https://letterirl.com
This policy is written to be understandable. For questions about specific legal rights in your jurisdiction, please consult a legal professional.