Right to Privacy is a universal human right. Letter as an email service affirms it.
Albeit, most people never had any doubts about privacy as a right. Mr Edward Snowden’s revelation has made it clear as to why we should worry about privacy of our digital data in transit and at rest on the servers.
Email is still the most preferred mode of personal and professional communication. Like most protocols on Internet everything was designed to work without additional layer of security. Email by default was not meant to be a secure mode of communication. It was meant as postcards or mail that could be easily read or intercepted.
Letter is built with free and open server software solutions for protecting your email’s integrity, security and privacy. Our focus is not just on strongest transport security with robust cipher suites but also data encryption while it sits on our disks on physical servers in secure data centres in different parts of Europe.
Additional features like per mailbox data encryption with individual user keys, disposable unlimited alias email addresses are deployed to prevent unauthorised access to significant email data and promote privacy among our beloved users.
We stand for your right to privacy. Letter will never share your data with third parties, unless we are obligated to do so by law.
We use free and open-source software solutions exclusively to entertain/promote transparency and open audits. Our whole email stack (Mailcow) and webmail software (Roundcube and SOGo) are freely licensed server software solutions. We choose to use it not for price as it is secondary but for the benefit it offers to our community as a whole.
Lastly, Letter aims to have a lucid and human readable privacy policy.
– Sunit Kumar Nandi, CEO
We are Techno FAQ Digital Media based at Quarter F-03, IIT Guwahati, Guwahati – 781039, Assam, India. We are registered in the North Guwahati Municipal Board, Assam, India under trade license number 528. You can reach us through support@letter.is.
When you visit Letter.is and sub-domains, the following data/identifiers are processed:
In our web server logs we store the browser user agent, pages visited, IP address and timestamp for a maximum of 7 days after which they are deleted.
No self-hosted or external analytics tool has deployed in order to analyse usage trends, keeping privacy as paramount value.
When signing up for the Letter Service you are asked to provide:
Letter offers zero tracking and ad-free paid email service which can be paid for with multiple online payment methods. To facilitate payment and to manage the customers’ subscription, Letter works with three third-party payment providers viz. Cashfree, Razorpay and Paypal.
Unlike, other email providers, no third-party subscription management provider is used. We process all the subscriptions post-payment in-house. No payment information is stored by us, it is transmitted over secure TLS connection to respective payment providers.
PayPal is only used for processing US Dollar and Euro payments with Letter. You can find their privacy policy here. To make payments as easy and user-friendly as possible, Letter sends your name and e-mail address to PayPal during a payment process while signing up our service. All this information would be requested by the provider anyway.
We support Cashfree and Razorpay for credit and debit card payments in US Dollar and Euro, and local payment methods for users from India in Indian Rupee. Letter sends your name, phone, e-mail address and billing address to them during the payment process while signing up our service. All this information would be requested by the provider anyway. You can find their privacy policy here and here.
All server software including email service back-end, web administration panel for users, webmail and databases (containing customer emails and subscription information which are stored in encrypted format) are located in leased physical servers in data centres by Hetzner, Germany.
Email relays advertised by Letter for efficient deliverability/sending of emails are setup in virtual servers that we rent in Luxembourg, Netherlands, Germany, Bulgaria, Norway, Russia, United States, India, United Kingdom, Canada, Brazil, South Africa, Singapore, Japan and Australia.
No third-party services or outsourcing is used for hosting any of the above-said services.
Additionally, to protect user data, Letter regularly processes encrypted backups of user data locally on our above-mentioned physical servers in Germany, which is securely transferred to a Swiss cloud storage service where these encrypted backup files will be safely stored on environmentally friendly servers in Luxembourg and Switzerland. Their privacy policy is available here.
You are in control of your own data. We will not store any email that you do not wish to keep yourself. When you delete an email from trash, it will be permanently expunged from our servers. There is no going back.
User emails including content and attachments are stored on our servers in EncFS file system. All user information is encrypted and cannot be read even by us.
Everything you can see through the regular user interface i.e. our webmail server software (your inbox and folders, including spam folder, but excluding contacts) is stored in encrypted format.
When you use the Letter service to send an email, your public IPv4/v6 address is replaced with one of our IP addresses both while accessing our service over webmail or external/third-party email clients.
In our email server logs (primarily for the purpose of debugging) we retain minimal connection data including your IP address and timestamp for a maximum of 7 days after which they are securely deleted.
We believe in doing things in-house to uphold your right to privacy unlike other popular so-called privacy email providers. Instead of using third-party solutions for support services, Letter uses a self-hosted open-source Intergram solution deployed on physical servers leased from Hetzner in Germany. Letter officially supports chat-over-email solution called DeltaChat for official support queries.
In order to avail support services, we use the information provided by you, such as your name, email address and your query or request. We need this information for basic verification of your account data and primarily for communications.
All the support queries are deleted from our self-hosted system once resolved in 7 days.
You are at liberty to make support queries over private email i.e. support@letter.is, telephone or cellphone and snail mail using details provided at support section of Letter website.
We also offer community support over Libera IRC and WhatsApp/Telegram Groups too. Please go through their respective privacy policies before using them for any form of support.
We may offer an option to subscribe to our Newsletter. If you have subscribed, you may receive our newsletters until you have unsubscribed. You can unsubscribe at any time.
Unlike other providers, we do not use any third-party solution to avail this service. When you subscribe, your email address is stored by us on servers we control and never transmitted elsewhere or shared with any other party.
This policy is drafted in third week of January 2021. If Letter decides to change how we process your data currently, the updates will be made in this privacy statement and you will be notified by email and all other modes of communication you have subscribed to.