Legal

Privacy Policy

Last updated: May 27, 2026

This policy explains what data Letterjudge collects, how it is used, and what it does not do. We have tried to keep it plain and specific rather than exhaustive. If you have questions, email us at [email protected].

What We Collect

We collect only what is needed to run the service:

• Account data — your email address and password credentials.
• Usage data — daily and monthly API call counts, tied to your account. This is used to enforce plan quotas and populate your dashboard.
• Billing data — handled entirely by Stripe. We store a Stripe customer ID and subscription status. We never see or store raw card numbers.
• Session data — a signed JWT stored in an httpOnly cookie (lj_jwt) that keeps you logged in. It contains only your account ID and expiry time.

What We Do Not Store

We keep no data outside of the account holder's own details described above. In particular:

• Email addresses you validate are never stored or logged. Each address passes through the validation pipeline in memory and is discarded immediately after the response is returned. The address is never written to server logs, databases, files, or any other persistent storage. We have no record of what addresses you submit to the API.
• No third-party data is retained. The people whose email addresses you validate are not tracked, profiled, or identified by us in any way. We do not log, index, or aggregate third-party addresses across requests.
• We do not sell or share your data with advertisers or data brokers.

How We Use Your Data

• Account data is used to authenticate you, manage your subscription, and send password reset emails if you request one.
• Usage data is used to enforce your plan's monthly quota and to display your usage history in the dashboard.
• We do not use your data for advertising or sell it to third parties.

Cookies

We set one functional cookie, lj_jwt, which is required for the dashboard to work. It is httpOnly (not accessible to JavaScript) and expires after 30 days. No tracking or advertising cookies are set.

We use Google Analytics for aggregate site usage statistics. Analytics storage is denied by default and only enabled if you grant consent through the cookie banner. Analytics data is anonymised and never linked to your account.

Third-Party Services

Stripe processes all payments. When you subscribe, you interact directly with Stripe's hosted checkout; we do not handle your card details. Stripe's privacy policy governs that data.

No other third parties receive your personal data.

Data Retention

Your account data is retained while your account is active. If you delete your account, your email address, hashed password, API keys, and usage records are permanently deleted within 30 days. Stripe retains billing records per their own policies and legal obligations.

Your Rights

You can update your email address or password from the dashboard at any time. To request a full export or deletion of your data, contact us at [email protected] and we will respond within 30 days.

Security

Sessions are served over HTTPS with httpOnly, Secure, and SameSite=Strict cookie flags.

Changes to This Policy

We will notify registered users by email of any material changes. The "last updated" date at the top of this page will always reflect the most recent revision.

Contact

If you have questions or concerns about this policy, email [email protected].