Legal & compliance

Privacy, terms, and data rights

This page summarizes the core notices lastletter.love needs for users in the United States, United Kingdom, India, and European Union. It is product-ready starter text, not a substitute for legal review.

Effective date: May 4, 2026 Contact: support@lastletter.love

Privacy Policy

lastletter.love helps account holders create private text, audio, or video messages for selected recipients. We collect only the data needed to create accounts, operate the vault, process subscriptions, send check-ins, and deliver messages when the check-in protocol is triggered.

Personal data we collect

Account data: name, email address, password hash, preferences, subscription status, and authentication session data.
Recipient data: recipient name, relationship, email address, and selected message type.
Message data: text message content, media references or uploads when enabled, duration/file metadata, timestamps, and delivery status.
Check-in data: last acknowledgement time, next due date, missed check-in count, delivery status, and event logs.
Payment data: plan selected, provider order/payment IDs, amount, currency, and payment status. Full card details are handled by the payment provider and are not stored by lastletter.love.
Technical data: IP address, browser/device information, security logs, and basic server logs needed for fraud prevention, debugging, and service security.

How we use data

To create and secure your account.
To store recipients and messages you choose to save.
To send monthly check-ins, missed-check-in reminders, final alerts, and recipient delivery emails.
To process subscriptions and prevent abuse.
To comply with legal obligations and enforce our Terms.

Legal bases for EU and UK users

Contract: to provide the vault, recipient, message, check-in, and subscription services.
Consent: where required for optional communications, sensitive uploads, or non-essential cookies.
Legitimate interests: security, fraud prevention, service improvement, and audit logs.
Legal obligation: tax, accounting, and lawful request compliance.

Data sharing

We do not sell personal data. We may share limited data with service providers that help run the service, including hosting providers, email delivery providers, payment processors, analytics providers if enabled, legal advisors, and authorities when legally required.

Recipient information

Account holders are responsible for adding recipient contact details lawfully and thoughtfully. Recipients may contact us to ask about data held about them, request correction, or request deletion where legally applicable.

International transfers

Users may be located in the US, UK, India, or EU. Data may be processed in other countries by our hosting, email, and payment providers. For EU/UK users, production deployments should use appropriate transfer safeguards such as standard contractual clauses or an equivalent mechanism.

Retention

We keep account, recipient, message, payment, and check-in records while the account is active. After deletion, data should be removed or anonymized within a reasonable operational period unless retention is required for security, legal, dispute, tax, or audit purposes.

Data Rights

Depending on your location, you may have rights to access, correct, delete, export, restrict, object to processing, withdraw consent, or appeal a privacy decision.

EU and UK

You may request access, rectification, erasure, restriction, portability, objection, and withdrawal of consent where applicable. You may also complain to your local supervisory authority.

United States

Some US state privacy laws provide rights to know, access, delete, correct, obtain a portable copy, opt out of sale/share or targeted advertising, and limit certain sensitive data uses. lastletter.love does not sell personal data in this MVP.

India

Indian users may request information about processing, correction, completion, updating, erasure, grievance redressal, and nomination where applicable under the Digital Personal Data Protection Act framework.

How to request

Email support@lastletter.love with the subject "Data Rights Request". We may need to verify your identity before acting on the request.

Cookie Notice

The MVP uses essential browser storage for login sessions and basic preferences. Essential storage is required for the dashboard to work.

Current storage

Authentication token: keeps you signed in.
Local preferences: remembers basic client settings during local testing.

We do not currently use advertising cookies or sell/share data for cross-context behavioral advertising. If analytics, advertising, or non-essential tracking is added later, lastletter.love should add a consent banner and preference center before those tools run for EU/UK users and other regions where required.

Terms of Service

Eligibility

You must be at least 18 years old and able to enter a binding contract to use lastletter.love.

Your responsibilities

Use accurate account and recipient information.
Only upload or write content you have the right to store and send.
Do not use the service for harassment, threats, illegal content, impersonation, or abuse.
Keep your password and account access secure.

Check-in and delivery protocol

lastletter.love uses scheduled check-ins and missed-check-in thresholds to decide when delivery should be prepared. The service is not an emergency service, medical monitoring tool, legal executor, estate planning substitute, or guaranteed death verification system. Users should maintain separate legal, medical, and estate arrangements.

Subscriptions

Text messages are free for up to 3 recipients. Voice and video are optional yearly subscriptions that expand the limit to 5 recipients. Prices are shown in USD. Payment processing is handled by third-party providers.

Cancellation and refunds

Users should be able to cancel a paid subscription before renewal. Refund rules should be shown at checkout and may depend on the payment provider, local consumer law, and whether paid media features were used.

Availability and backups

We aim to keep the service available and secure, but no online service can be guaranteed uninterrupted or error-free. Users should keep their own copies of important messages.

Security

Security controls should include password hashing, TLS in production, access controls, audit logs, least-privilege provider access, secure payment processing, and encryption for sensitive stored content. The local demo stores data in JSON files and is not production-ready storage.

Report security concerns to support@lastletter.love.

Children and Minors

lastletter.love is intended for adults 18 and older. The service should not knowingly collect personal data from children. If you believe a child has provided personal data, contact us so we can review and delete it where appropriate.

Contact and Grievance

For privacy, data rights, support, or grievance requests, contact:

Email: support@lastletter.love

Business: lastletter.love

Before public launch, replace this section with the legal entity name, registered address, designated privacy contact, and India grievance officer/contact details if applicable.