LetterKraft
Sign in Get the app

Privacy Policy

Your privacy is important to us. This policy explains how LetterKraft collects, uses, and protects your information.

Last updated: March 24, 2026

Information We Collect

We collect the following information with your consent:

Personal Information: - Phone number (for OTP-based authentication) - Name, email, organization, and job title (optional profile data) - Address details (optional, for letter formatting)

User Content: - Photos/scans of letters you upload as writing style samples - OCR-extracted text from your uploaded samples - Letters generated using the app - Letterheads you upload

Signatures are stored exclusively on your device and are never uploaded to or stored on our servers.

Usage Data: - AI token consumption per request - Voice transcription usage (if used) - Subscription status

How We Use Your Information

We use your information solely to provide the app's core functionality:

- Authenticate your identity via OTP - Extract text from your uploaded letter samples using OCR - Generate new letters matching your writing style using AI - Store your style profiles and letterheads for reuse (signatures are stored locally on your device only) - Track subscription status and usage limits

We do NOT use your data to train AI models. We do NOT sell, rent, or share your personal information with third parties for marketing purposes.

AI & OCR Processing

When you use LetterKraft's features:

- Uploaded letter images are sent to Google's Gemini API for OCR text extraction - The extracted text is stored in our database and used as a style reference - Letter generation is performed via Google's Gemini API using your style references and instructions - Voice-to-text (if used) is processed via Google's speech recognition API

Google's API services (used via API key access) do not retain your data or use it for model training. Processing happens in real-time and data is not stored on Google's servers beyond the API request lifecycle.

Data Storage & Security

Your data is stored securely on Supabase (hosted on AWS):

- All data is encrypted at rest and in transit (TLS 1.2+) - Database access is protected by Row Level Security — only you can access your own data - Authentication uses secure OTP via Supabase Auth - Uploaded images are stored in private storage buckets accessible only to your account - Service credentials are stored as environment secrets, never in client code

Third-Party Services

We use the following services to operate LetterKraft:

- Supabase: Authentication, database, file storage, and edge functions - Google Gemini API: OCR text extraction and AI letter generation - Google AdMob: Displaying advertisements in the free tier

These services process data as necessary to provide their functionality. Google's paid API services do not use your data for training. We recommend reviewing their respective privacy policies.

Your Rights (DPDPA 2023)

Under India's Digital Personal Data Protection Act, 2023, you have the right to:

- Access: View all personal data we hold about you - Correction: Update inaccurate profile information via the app - Erasure: Permanently delete your account and all associated data - Withdraw Consent: Stop using the app at any time; delete your account to withdraw consent

To delete your account and all data, go to Account > Delete Account. This permanently removes your profile, style samples, OCR text, letterheads, generated letters, and usage logs from our servers. Signatures stored on your device must be deleted separately by uninstalling the app or removing them from the Signatures section.

For any privacy requests, contact us at support@letter-kraft.com.

Data Retention

We retain your data only as long as necessary:

- Account & profile data: Until you delete your account - Style profiles & OCR text: Until you delete them or your account - Uploaded images: Stored for reference; deleted when account is deleted - Letterheads: Until you delete them or your account - Signatures: Stored only on your device; not retained on our servers - Usage logs: Up to 90 days, then automatically purged

Upon account deletion, all your data is permanently removed from our servers, including storage buckets. No anonymized data is retained.

Children's Privacy

LetterKraft is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us data, please contact us and we will promptly delete it.

Data Breach Notification

In the unlikely event of a data breach affecting your personal data, we will:

- Notify affected users within 72 hours of becoming aware of the breach - Report the breach to the relevant Data Protection Board as required under DPDPA 2023 - Take immediate steps to contain and remediate the breach

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Significant changes will be communicated via an in-app notification. Continued use of the app after changes constitutes acceptance of the updated policy.

Contact Us

For privacy-related questions, data requests, or grievances:

Email: support@letter-kraft.com

We aim to respond to all inquiries within 72 hours.