PRIVACY POLICY

How Letterss handles your data.

Last updated April 24, 2026.

This is the plain-language version of how Letterss treats your information. The short story: we collect what we need to run the service and nothing more, your letters are encrypted on your phone before they reach us, and you can delete your account at any time.

1. What we collect

Account information

When you sign up, you give us either an email address or a phone number. We use it to send you the one-time code that signs you in, and to identify your account. That's it — we don't email you marketing.

During onboarding you also pick a username and a display name, and may upload an avatar image. Your username and display name are visible to anyone you exchange letters with.

Letters you write and receive

Letters are stored on our servers because they need to travel between people, but they are end-to-end encrypted. Before any letter leaves your phone, it's encrypted on-device with a key only your iPhone holds. Two encrypted copies are stored on the server: one for you, one for the recipient. Each copy can only be opened by the right person's device.

In practice, this means we cannot read your letters. If a court served us a warrant, all we could turn over is ciphertext. If a hacker breached our database, the same.

Public key

So that other people can encrypt letters to you, your public encryption key is stored on your profile. The matching private key never leaves your device's secure Keychain.

Things stored only on your phone

The following never leave your iPhone and never reach our servers:

• Your contacts — when you add someone, the contact entry is saved locally. Only your account-scoped contacts are visible to you.
• Drafts — letters you haven't sent yet, including any attached images, stay in local storage.
• Your private encryption key — kept in the iOS Keychain, protected by your device passcode and Secure Enclave.

Push notifications

If you allow notifications, Apple gives us a device token (an APNs token) so we can tell your phone when a letter has arrived. The token identifies your device, not you personally, and is associated with your account. You can turn notifications off at any time in iOS Settings.

Crash reports and diagnostics

We use Sentry to receive automatic crash reports when the app breaks. These reports include things like the crash stack trace, the iOS version, and the device model. They do not include the contents of your letters. We use them only to fix bugs.

Anonymous usage analytics

We use TelemetryDeck to collect anonymous, aggregate analytics about how the app is used — for example, how many people sent a letter today, what iOS version is most common, or what percentage of users finish onboarding. This helps us decide what to improve.

What is collected:

• The name of the event (e.g. letter_sent, letter_read, contact_added).
• An anonymous, one-way hashed device identifier so we can roughly count distinct users without knowing who they are. The hash cannot be reversed to identify you.
• App version, iOS version, and device model.

What is not collected:

• The contents of any letter, draft, or message.
• Any personal identifier — no email, phone, username, IDFA, IP-based location, or device serial.
• Anything that could be linked back to a specific user account on our servers.

You can turn analytics off entirely at any time from Settings → Privacy → Anonymous Usage Analytics inside the app. Once turned off, no signals are sent from your device.

Friend requests, blocks, and reports

When you send a friend request, we store the sender and recipient user IDs and a status (pending, accepted, declined). When you block another user we store the blocker and blocked IDs. When you report a letter, we store the reporter ID, the reported user ID, the letter ID, and the reason — this is the one moderation lever we have, since the letter content itself is encrypted.

2. What we don't collect

• We don't track your location.
• We don't read your phone's contact book.
• We don't run advertising SDKs or behavioral profiling.
• We don't sell, rent, or trade your data with anyone.
• We don't have access to the plaintext of your letters.

3. Who we share data with

The only third parties involved in running Letterss are:

• Supabase — our database, authentication, and file storage host. Letters (encrypted), profiles, friend requests, blocks, reports, and uploaded images live here.
• Sentry — crash and error reporting (no letter content).
• TelemetryDeck — anonymous usage analytics (no personal identifiers, no letter content).
• Apple Push Notification service — to deliver push notifications.

We do not share your data with advertisers, data brokers, or any other third party.

4. How long we keep things

We keep your account data, letters, and friend graph for as long as your account exists. When you delete your account (Settings → Delete Account), we permanently delete your profile, your contacts you've added, your friend requests, and every letter where you are the sender or recipient. The encrypted private key on your device is also wiped.

If you don't delete your account, your data stays. We don't have an automatic expiry.

5. Your rights

You can:

• Edit your profile — change your display name or avatar at any time inside the app.
• Export your letters — email hello@letterss.app and we'll send you a copy of every letter associated with your account in a readable format.
• Delete your account — Settings → Delete Account permanently removes everything. You can also email us if you can't sign in.
• Block someone — blocking removes them from your contacts and prevents future letters in either direction.

If you live in California, the EU, or another jurisdiction with specific privacy rights (CCPA, GDPR, etc.), you also have the right to know what we hold about you and to ask us to correct or delete it. Email us and we'll respond within 30 days.

6. Children

Letterss is not designed for users under 13, and we don't knowingly collect data from anyone under 13. If you are a parent or guardian and believe your child has signed up, email us and we'll delete the account.

7. Security

All connections to our servers use TLS 1.3. Letter contents are end-to-end encrypted with X25519 key exchange and AES-256-GCM, generated and stored on-device. Your private key lives in the iOS Keychain, protected by your device passcode and the Secure Enclave on supported devices.

No system is perfect. If we ever discover a security incident affecting your account, we will notify you by email (or phone, if that's how you signed up) within 72 hours of confirming it.

8. Changes to this policy

If we change this policy in a way that affects what we do with your data, we'll notify you in the app before the change takes effect. The "Last updated" date at the top of this page is the easiest way to check for changes.

9. Contact

Questions, requests, complaints, or anything else: email hello@letterss.app. A real person reads it.

Letterss is operated by an individual developer. This policy is governed by the laws of the State of California, USA.