Privacy Policy.

Cariadletters is operated as a sole trader from Wales, United Kingdom. The contact for any privacy enquiry is hello@cariadletters.com. We are the data controller for the personal data described here.

We collect three buckets of data:

• Account data — your email address, the display name you choose, and an account ID issued by Clerk (our authentication provider). If you sign in with Apple or Google, we also receive whatever profile information those providers return (typically name and email).
• Site content — the photographs you upload, captions you write, dates and places you record, and the generated site specification (palette, layout, copy). Photos are stored as files in our object storage; everything else is stored in our database.
• Operational data — your IP address and user-agent for security and abuse prevention, request logs for reliability, and Stripe customer / subscription identifiers if you have purchased.

We do not collect special-category data (health, biometrics, beliefs, sexuality) deliberately. If you choose to upload photos that contain such data, see Your rights for how to remove them.

Each piece of data has a single, named purpose tied to a lawful basis under UK GDPR / EU GDPR:

• Account data — to provide the service you asked for (Article 6(1)(b), contract).
• Site content — same: to render and host the site you asked us to make.
• Operational data — legitimate interest in keeping the service working and not being abused (Article 6(1)(f)).
• Marketing emails (only if you tick the box) — your consent (Article 6(1)(a)).

We do not sell your data. We do, however, use a small set of well-known service providers (sub-processors) to operate the product:

• Clerk (US) — authentication, session management. Receives your email and any social-login profile.
• Supabase (Postgres hosting, EU/Ireland) — stores account, couple, photo metadata, billing tier.
• Amazon Web Services S3 (EU/Ireland or US-East depending on bucket) — stores the actual photo files, encrypted at rest.
• Stripe (US/EU) — payments. We never see your full card number; Stripe stores it. We hold only a customer ID and a subscription ID.
• Resend (US) — transactional email (sign-in codes, receipts, invitations).
• Anthropic (US) — the AI service we use to describe your photos and design the site. See How we use AI.
• Vercel (US/EU) — hosting and content delivery.
• Cloudflare (US/EU) — DNS and security.

Each of these is bound by a data-processing agreement under UK GDPR / EU GDPR. We do not transfer data to any other party for marketing or analytics without your explicit consent.

To make the site, we send your photographs to Anthropic’s API. The model returns short captions and a site specification. The model is configured not to retain training data from API requests, per Anthropic’s commercial terms. We do not pass your name, email, or any other identifying field; only the photos themselves.

The captions and the site spec are generated drafts. You are the final voice — you can edit any caption, swap any photo, or regenerate the site at any time. We never publish your site without your active click.

• Active accounts — for as long as your account exists, or until you ask us to delete it.
• Forever-tier sites — indefinitely, that is the explicit promise of the tier.
• Subscription cancellations — content kept for 30 days in case you reactivate; deleted permanently after that window.
• Backups — automated nightly database backups are retained for 30 days, then rotated out.
• Account deletion requests — actioned within 72 hours; backups are purged on rotation.

Under UK GDPR and EU GDPR you have the right to:

• Access — receive a copy of the data we hold about you.
• Rectification — correct anything wrong.
• Erasure — ask us to delete your account and content. We honour this from inside the dashboard at /dashboard/settings or by emailing us.
• Portability — export your photos and the generated site spec as a .zip from inside the dashboard.
• Objection — to any processing based on legitimate interests.
• Withdraw consent — for any processing based on consent.
• Lodge a complaint— with the UK Information Commissioner’s Office (ico.org.uk) or your local supervisory authority in the EU.

To exercise any of these rights, email hello@cariadletters.com from the address on the account. We respond within one business day and complete the request within 30 days.

We use the minimum cookies needed to keep you signed in and to run the service:

• A Clerk session cookie (essential for authentication).
• A small first-party analytics cookie if you have not opted out (helps us count page views, never identifies you).

We do not run third-party advertising cookies, ever. We never will.

Some of our processors are based in the United States. Where UK or EU personal data is transferred, we rely on the UK International Data Transfer Addendum (IDTA) and the European Commission’s Standard Contractual Clauses (SCCs), as applicable, with each provider.

Photos are encrypted at rest in object storage. Database connections are TLS-only. Authentication is delegated to Clerk, which holds SOC 2 Type II. Payments are handled by Stripe (PCI DSS Level 1). We do not store passwords ourselves. We will inform you within 72 hours if a breach affecting your personal data ever occurs.

Cariadletters is for adults. The service is not directed at children under 18, and we do not knowingly collect data from them.

We will update this policy if our processors, retention periods, or practices change. The “Effective” date at the top will reflect the latest version. Material changes will be notified by email.

For any privacy question, write to hello@cariadletters.com. We answer within one business day. If you are not satisfied, you can complain to the UK ICO at ico.org.uk.