Privacy Policy

1. What we collect

• The letter you upload. The image or PDF you submit for analysis.
• The decode and response. The structured analysis and draft letter we generate from your upload.
• Operational data. Anonymous session identifier, IP address (for rate limiting), browser/device, timestamps, and error logs.
• Payment data. If you pay, Stripe processes your card details. We never see or store full card numbers; we receive only a payment confirmation.
• Subscription identifiers. If you subscribe, we store the Stripe customer and subscription IDs associated with your session so we can manage entitlement and provide a self-service portal. Your email lives at Stripe; we process it transiently when you initiate subscription recovery on a new device, and we do not store it ourselves or use it for marketing.
• Optional account data. If you choose to create an account or save letter history, we store an identifier and any letters you elect to save.

2. How we use it

• To produce a decode and response from your letter.
• To prevent abuse (rate limiting, fraud detection).
• To diagnose errors and improve reliability.
• To process payments and entitlements.

We do not use your uploaded documents to train AI models, and we do not sell, rent, or license your personal data to third parties.

3. Retention & deletion

• The original uploaded image/PDF is processed in memory and is not retained beyond what is needed to generate your decode (typically minutes).
• The decode and response are retained for up to 30 days for your reference, then automatically deleted.
• You can erase every record tied to your device at any time from Your letters using Forget my letters; this also clears your session cookie and any paid-plan binding.
• If you create an account, saved letters are retained until you delete them.
• Anonymous operational logs (no document content) are retained for up to 90 days for debugging and abuse prevention.
• Stripe retains payment records per its own retention policies and applicable law.

4. How we protect it

• Encryption in transit. All connections use TLS 1.2 or higher.
• Encryption at rest. Stored data is encrypted using industry-standard encryption (AES-256 or equivalent).
• Access controls. Only the small set of people who operate the Service can access stored data, and access is logged.
• Vendors. We rely on Anthropic (model inference), Stripe (payments), Vercel (hosting), and Upstash Redis (storage). Each is contractually bound to handle your data with comparable safeguards.

5. HIPAA

DecodeLetter is not a HIPAA-covered entity or business associate. When you upload a document directly to us, you do so as the consumer who controls that document — not on behalf of a healthcare provider or health plan. Even so, we adopt HIPAA-adjacent practices (encryption, minimal retention, access controls) because your documents are sensitive.

6. Your rights

You can:

• Request a copy of the data we hold about you.
• Request deletion of your decode, response, account, and history.
• Opt out of any future use of your data for service improvements.

To make a request, email privacy@decodeletter.com. We will respond within 30 days.

7. Children

DecodeLetter is intended for adults 18 and older. We do not knowingly collect data from children. If you believe a child has used the Service, please contact us and we will delete the related data.

8. Changes

We will post any material changes to this policy on this page and update the effective date above. If changes are substantive, we will highlight them on the home page for at least 30 days.

9. Contact

Privacy questions: privacy@decodeletter.com.

See also our Terms of Service.