letterxchange

Privacy Policy

Last updated: January 28, 2025

1. Introduction

letterxchange (“we,” “our,” or “the Service”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our letter exchange platform.

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you sign in with Google, we receive your email address from Google. During onboarding, you provide your full name and optionally a profile photo.
  • Letter Content: The letters you write, including any text and images you include.
  • Exchange Information: Exchange names, reveal dates, timezones, and invite codes you create.

2.2 Information Collected Automatically

  • Usage Data: We collect basic information about how you interact with the Service, such as letter read status.
  • Timestamps: We record when accounts, exchanges, and letters are created or updated.

2.3 Information from Third Parties

  • Google: When you authenticate with Google, we receive your email address. We do not access other Google account data.
  • Stripe: Payment processing is handled by Stripe. We do not store your credit card information. Stripe may collect information as described in their privacy policy.

3. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Create and manage your account
  • Enable you to write and receive letters
  • Display your profile to other members in your exchanges
  • Process payments for creating exchanges
  • Send you important service-related notifications
  • Respond to your inquiries and provide support

4. Information Sharing

4.1 Within Exchanges

Your profile information (name and avatar) is visible to other members of exchanges you join. Letters you write are only visible to their intended recipients after the reveal date, except for open letters which are visible to all exchange members.

4.2 Service Providers

We share information with third-party services that help us operate:

  • Supabase: Database, authentication, and file storage
  • Stripe: Payment processing
  • Vercel: Hosting and content delivery

4.3 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests by public authorities.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit using HTTPS
  • Secure authentication through Google OAuth
  • Row-level security policies that restrict data access
  • Letters are only accessible to authors before reveal, and to intended recipients after reveal

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. When you delete your account, we will delete your personal data, except where we are required to retain it for legal or legitimate business purposes.

7. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Delete your personal data
  • Object to or restrict processing of your data
  • Data portability

You can update your profile information or delete your account through your account settings.

8. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from your country. We take appropriate safeguards to ensure your information remains protected.

10. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us through the Service.