LetterFlow
Trust & Safety

Privacy Policy

Last Updated: December 11, 2025

At LetterFlow, we believe privacy is a fundamental right, especially when it comes to your reading habits. This Privacy Policy explains how we collect, use, store, and protect your information when you use our newsletter reading application.

1. Information We Collect

We collect information to provide you with a focused reading experience. This section details exactly what data we access and store:

1.1 Account Information

  • Your email address (used for authentication and account identification)
  • Display name (optional, for personalization)
  • Account creation and last activity timestamps

1.2 Gmail Data (via Google API)

When you connect your Gmail account, we access the following data:

  • Email Headers: Sender name, sender email address, subject line, date received, and newsletter-related headers (List-Unsubscribe, List-Archive, etc.)
  • Email Body Content: The full text and HTML content of emails identified as newsletters, which we store to display in our reader interface
  • Gmail Message IDs: Unique identifiers to track which emails have been synced and prevent duplicates
  • Email Metadata: Snippet previews and timestamps provided by Gmail

1.3 OAuth Credentials

  • OAuth access tokens and refresh tokens (encrypted, used to maintain your Gmail connection)
  • Token expiration timestamps

1.4 App Usage Data

  • Your reading preferences (read/unread status, read later lists)
  • Newsletter organization (folders, custom feeds you create)
  • Sync history and status logs

2. How We Use Your Information

We use your data exclusively to provide and improve the LetterFlow service:

  • Newsletter Identification: We analyze email headers and content to automatically detect which emails are newsletters versus regular correspondence
  • Content Display: We store and render newsletter content in our clean, distraction-free reader interface
  • Organization Features: We enable you to organize newsletters into folders and custom feeds based on your preferences
  • Inbox Decluttering (Optional): If you enable this feature, we create a Gmail label and move detected newsletters out of your inbox, keeping them accessible in the labeled folder
  • Reading Progress: We track read/unread status and read-later bookmarks within our application

3. Google API Services User Data Policy Compliance

Google Compliance Disclosure:
LetterFlow's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

3.1 Limited Use Disclosure

LetterFlow only uses Google user data for the purposes described in this Privacy Policy. Specifically:

  • We only request access to the Gmail scopes necessary to provide newsletter reading functionality (gmail.modify for label management and inbox decluttering, gmail.labels for creating organization labels, and userinfo.email for account identification)
  • We do not use Google user data for purposes unrelated to providing or improving the newsletter reading features of LetterFlow
  • We do not transfer Google user data to third parties except as necessary to provide the service (e.g., our hosting infrastructure) or as required by law

3.2 Prohibited Uses - We Do NOT:

  • Serve Advertising: We do not use Google Workspace data to serve you advertisements, including retargeting, personalized, or interest-based advertising
  • Allow Human Review: No human at LetterFlow reads your emails. Automated systems process your data. Exceptions are only made with your explicit consent for support purposes, or if required by law
  • Train AI/ML Models: We do not use your personal email content to train generalized artificial intelligence or machine learning models
  • Sell Data: We never sell, rent, or trade your Google user data to third parties, data brokers, or information resellers
  • Credit Assessment: We do not use your data to determine creditworthiness or for lending purposes

4. Data Storage and Security

4.1 Where Your Data is Stored

Your data is stored on secure servers provided by:

  • Supabase: For authentication and database storage (PostgreSQL)
  • Render: For application hosting

4.2 Security Measures

We implement industry-standard security measures including:

  • Encryption in transit using TLS/SSL for all data transmissions
  • Encryption at rest for stored data
  • Row-level security (RLS) ensuring users can only access their own data
  • Secure OAuth 2.0 token storage with automatic refresh
  • Regular security assessments and updates

5. Data Sharing and Disclosure

We do not sell your personal data. We only share data with:

  • Service Providers: Third-party services strictly necessary to operate LetterFlow (hosting, database, authentication). These providers are bound by confidentiality agreements and only process data as instructed
  • Legal Requirements: We may disclose data if required by law, court order, or government request
  • With Your Consent: We will share data with other parties only if you explicitly authorize us to do so

6. Data Retention and Deletion

6.1 Retention Period

We retain your data only as long as your account is active or as needed to provide you with our services. Specifically:

  • Newsletter content and entries are retained while your account is active
  • Sync logs are retained for troubleshooting and may be periodically purged
  • OAuth tokens are retained while your Gmail connection is active

6.2 Account Deletion

You have the right to delete your account and all associated data at any time:

Upon deletion, we will permanently remove from our servers:

  • Your account information
  • All stored newsletter content and entries
  • Your folders and organization settings
  • Your Gmail OAuth tokens
  • Your sync history and preferences

6.3 Gmail Disconnection

You can disconnect your Gmail account at any time through the app settings. When disconnected:

  • We revoke our OAuth access tokens with Google
  • Syncing stops immediately
  • Previously synced content remains accessible until you delete your account

You can also revoke LetterFlow's access directly from your Google Account permissions page.

7. Your Rights

You have the following rights regarding your data:

  • Access: Request a copy of the data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data
  • Portability: Request your data in a portable format
  • Withdrawal: Disconnect your Gmail account or revoke access at any time

To exercise any of these rights, contact us at privacy@letterflow.app.

8. Children's Privacy

LetterFlow is not intended for use by children under the age of 13. We do not knowingly collect personal information from children. If we discover that a child under 13 has provided us with personal information, we will delete it immediately.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

10. Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification for significant changes

We encourage you to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have any questions about this Privacy Policy, our data practices, or would like to exercise your rights, please contact us at:

Email: privacy@letterflow.app