Albeit, most people never had any doubts about privacy as a right. Mr Edward Snowden’s revelation has made it clear as to why we should worry about privacy of our digital data in transit and at rest on the servers.
Email is still the most preferred mode of personal and professional communication. Like most protocols on Internet everything was designed to work without additional layer of security. Email by default was not meant to be a secure mode of communication. It was meant as postcards or mail that could be easily read or intercepted.
Letter is built with free and open server software solutions for protecting your email’s integrity, security and privacy. Our focus is not just on strongest transport security with robust cipher suites but also data encryption while it sits on our disks on physical servers in secure data centres in different parts of Europe.
Additional features like per mailbox data encryption with individual user keys, disposable unlimited alias email addresses are deployed to prevent unauthorised access to significant email data and promote privacy among our beloved users.
We stand for your right to privacy. Letter will never share your data with third parties, unless we are obligated to do so by law.
We use free and open-source software solutions exclusively to entertain/promote transparency and open audits. Our whole email stack (Mailcow) and webmail software (Roundcube and SOGo) are freely licensed server software solutions. We choose to use it not for price as it is secondary but for the benefit it offers to our community as a whole.
Lastly, Letter aims to have a lucid and human readable privacy policy.
– Sunit Kumar Nandi, CEO
Privacy Statement
1. Who is responsible for the processing of your personal data?
We are Techno FAQ Digital Media based at Quarter F-03, IIT Guwahati, Guwahati – 781039, Assam, India. We are registered in the North Guwahati Municipal Board, Assam, India under trade license number 528. You can reach us through support@letter.is.
2. Visiting our Website
When you visit Letter.is and sub-domains, the following data/identifiers are processed:
- Your IPv4 and/or IPv6 address, to allow access, troubleshooting and abuse control.
- Browser and operating system type and version, to display the Website in the right format for your browser and operating system.
- Browser language settings, to show you the Website in the right language.
- Origin of your visit (such as whether you directly typed the Website URL or accessed the Website through a search engine query or link from another website), in order to assess the success of our search engine optimization and information outreach efforts.
- Clicked links and visited (parts of) pages on our Website, to help us get an idea of which of our pages appear to be effective to inform our visitors.
In our web server logs we store the browser user agent, pages visited, IP address and timestamp for a maximum of 7 days after which they are deleted.
No self-hosted or external analytics tool has deployed in order to analyse usage trends, keeping privacy as paramount value.
3. Signing up for an Account
When signing up for the Letter Service you are asked to provide:
- A full name that you choose (may be an alias or pseudonym but required), to be able to address you when we communicate with you.
- An existing email Address, that is used to activate your Letter account and to communicate with you in case unfortunate events for instance recovery of Letter account’s access.
- A phone number (optional when you ‘Checkout with PayPal’ for USD or Euro payments), in order to give you an alternate mode of communication with us.
- A postal/mailing address including City, Postal code and Country are required for payment processing and billing purposes.
- A desired domain.tld from available domains or a custom/own domain is required to generate your Letter account.
4. Paying for an Account
Letter offers zero tracking and ad-free paid email service which can be paid for with multiple online payment methods. To facilitate payment and to manage the customers’ subscription, Letter works with three third-party payment providers viz. Cashfree, Razorpay and Paypal.
Unlike, other email providers, no third-party subscription management provider is used. We process all the subscriptions post-payment in-house. No payment information is stored by us, it is transmitted over secure TLS connection to respective payment providers.
PayPal for US Dollar and Euro payments
PayPal is only used for processing US Dollar and Euro payments with Letter. You can find their privacy policy here. To make payments as easy and user-friendly as possible, Letter sends your name and e-mail address to PayPal during a payment process while signing up our service. All this information would be requested by the provider anyway.
Payment processors for International Card and Indian local payments
We support Cashfree and Razorpay for credit and debit card payments in US Dollar and Euro, and local payment methods for users from India in Indian Rupee. Letter sends your name, phone, e-mail address and billing address to them during the payment process while signing up our service. All this information would be requested by the provider anyway. You can find their privacy policy here and here.
5. Location and Data Storage
All server software including email service back-end, web administration panel for users, webmail and databases (containing customer emails and subscription information which are stored in encrypted format) are located in leased physical servers in data centres by Hetzner, Germany.
Email relays advertised by Letter for efficient deliverability/sending of emails are setup in virtual servers that we rent in Luxembourg, Netherlands, Germany, Bulgaria, Norway, Russia, United States, India, United Kingdom, Canada, Brazil, South Africa, Singapore, Japan and Australia.
No third-party services or outsourcing is used for hosting any of the above-said services.
Backups
Additionally, to protect user data, Letter regularly processes encrypted backups of user data locally on our above-mentioned physical servers in Germany, which is securely transferred to a Swiss cloud storage service where these encrypted backup files will be safely stored on environmentally friendly servers in Luxembourg and Switzerland. Their privacy policy is available here.
Deleted means expunged!
You are in control of your own data. We will not store any email that you do not wish to keep yourself. When you delete an email from trash, it will be permanently expunged from our servers. There is no going back.
6. Using the Letter Service
User emails including content and attachments are stored on our servers in EncFS file system. All user information is encrypted and cannot be read even by us.
Everything you can see through the regular user interface i.e. our webmail server software (your inbox and folders, including spam folder, but excluding contacts) is stored in encrypted format.
When you use the Letter service to send an email, your public IPv4/v6 address is replaced with one of our IP addresses both while accessing our service over webmail or external/third-party email clients.
In our email server logs (primarily for the purpose of debugging) we retain minimal connection data including your IP address and timestamp for a maximum of 7 days after which they are securely deleted.
7. Support
We believe in doing things in-house to uphold your right to privacy unlike other popular so-called privacy email providers. Instead of using third-party solutions for support services, Letter uses a self-hosted open-source Intergram solution deployed on physical servers leased from Hetzner in Germany. Letter officially supports chat-over-email solution called DeltaChat for official support queries.
In order to avail support services, we use the information provided by you, such as your name, email address and your query or request. We need this information for basic verification of your account data and primarily for communications.
All the support queries are deleted from our self-hosted system once resolved in 7 days.
You are at liberty to make support queries over private email i.e. support@letter.is, telephone or cellphone and snail mail using details provided at support section of Letter website.
We also offer community support over Libera IRC and WhatsApp/Telegram Groups too. Please go through their respective privacy policies before using them for any form of support.
8. Our newsletter
We may offer an option to subscribe to our Newsletter. If you have subscribed, you may receive our newsletters until you have unsubscribed. You can unsubscribe at any time.
Unlike other providers, we do not use any third-party solution to avail this service. When you subscribe, your email address is stored by us on servers we control and never transmitted elsewhere or shared with any other party.
9. Alterations
This policy is drafted in third week of January 2021. If Letter decides to change how we process your data currently, the updates will be made in this privacy statement and you will be notified by email and all other modes of communication you have subscribed to.